The final session of today was a security based one with Jesper Johansson. If you ever get a chance to attend on of his sessions, it's well worth your time.
The main points of the talk was that the nature of security threats has changed in a number of ways. There is a vast reduction of the "hobbiest" or "vanity" hacker, replaced with hackers that are motivated by soley by money. This means that attacks are become more closely targeted, and less likely to draw attention.
The other effect of this is that attackers, spammers, etc. are business people - and they are prepared to go on the attack if their business model is threatened. This is what happened with Blue Security, a service which tracked spammers back to their source to see who authorised the spam and/or sold the product. The spammers not only performed a denial of service attack against Blue Security, but by using their own message tracking, they were able to determine which companies were using Blue's services, and attacked them in retribution, diving Blue out of business.
In addition, attacks are increasingly targeting the human element rather than technological attacks, encouraging the user to download software (Java apps, ActiveX, Flash, etc.) rather than directly breaking the operating system to implant malware.
The only solution to this is to educate users better (not more, but better) about how they can take responsibility for their own security, rather than relying on "someone else" to do it for them.
That's it for blogging today. I'm off to the Microsoft UK cocktail party, followed by the 1E drinks at a bar down the road. (As I'm representing Mat to them, I'll be sure to drink wine)
But, if I don't blog anything until about midday tomorrow, you'll know that it was a good night.
Wednesday, November 5, 2008
Microsoft TechEd 2008, Day 3, 16:45
Just stepped out of a session on integrating OCS 2007 with IP PABX systems. The demo was fairly limited (people build entire careers out of this stuff - how much can you do in 90 minutes?) but was demonstrating linking Cisco Call Manager to an OCS Mediation server.
Nice stuff, and given that OCS 2007 Release 2 supports dial-in conferencing too, deploying OCS could potentially provide all the services Mars conferencing, video conferencing and voicemail too.
One of the suggestions floated was that for companies which already have a heavy investment in a PABX, you can replicate the environment and have a secondary dial plan with a prefix. So, for example:
I have extension 1151. If someone from a "standard desk phone" (or an external caller) were to call that number, it would ring on my desk. If they were to call 1151 from an OCS client, it would ring on OCS.
But... if they rang "91151" from a desk phone, it would bridge to the OCS client. When I go home at night, or travel OCB, I can forward my desk phone to "91151" and have the calls follow me.
Also note that, now Windows Server 2008 R2 supports microphones/inbound audio over a terminal services link, it would be possible to publish OCS as a server based application and have voice capability.
Nice stuff, and given that OCS 2007 Release 2 supports dial-in conferencing too, deploying OCS could potentially provide all the services Mars conferencing, video conferencing and voicemail too.
One of the suggestions floated was that for companies which already have a heavy investment in a PABX, you can replicate the environment and have a secondary dial plan with a prefix. So, for example:
I have extension 1151. If someone from a "standard desk phone" (or an external caller) were to call that number, it would ring on my desk. If they were to call 1151 from an OCS client, it would ring on OCS.
But... if they rang "91151" from a desk phone, it would bridge to the OCS client. When I go home at night, or travel OCB, I can forward my desk phone to "91151" and have the calls follow me.
Also note that, now Windows Server 2008 R2 supports microphones/inbound audio over a terminal services link, it would be possible to publish OCS as a server based application and have voice capability.
Microsoft TechEd 2008, Day 3, 14:45
Just come out of a session on Desktop Virtualisation Scenarios. Quite interesting, and a lot of it relates to the work that Stan is interested in regarding SDS roaming and things like that.
A few key points were:
A few key points were:
- They discussed again about drive encryption, both for laptops AND desktops - for desktops mainly because it mitigates the risk of harware being stolen or improperly disposed at end of life.
- Application virtualisation (via Microsoft's App-V - foremerly Softgrid) got a big push - particularly because it makes provisioning and re-imaging machines much faster. Only the thin OS needs to be pushed out, and the user can pull down just the applications they need as they use it.
- Offline folders has been revamped a bit in Vista, to imporve the speed (I'd presume it might need SMB v2 as well). The key thing was using Offline folders in conjuction with App-V can help in two scenarios:
a) Laptop users, can work offline or online transparently, but the data files are automatically sync'd to the server where they can be backed up. Using BitLocker to encrypt the drive mitigates the damage if the laptop is lost or stolen, but the data is backed up properly too with no end user action required, and is pushed down automatically to the replacement machine when they log in. (In this respect, offline folders might be a better solution than Sharepoint for H: drives)
b) A user can roam between a desktop, laptop and Terminal Services session / VDI desktop freely, and have all their applicationms and data files follow them transparently. - Microsoft have a product called "Windows Fundementals for Legacy PCs", which is a scaled down version of XP Embedded which provides a basic UI, Internet Explorer and TS Client - just enough to get to a terminal services session or VDI desktop. They demonstrated it using a 9 year old laptop with 128Mb providing a full Vista desktop.
Microsoft TechEd 2008, Day 3, 12:15
My brain is officially full. Lots of information from the Q&A session on Migrating Domino and Groupwise to Exchange. Not much on Groupwise, so fortunately most of the discussions were about Domino.
Firstly, the Microsoft Application Analysis tool is now depreciated, because the results were not always accurate and didn't provide good information. So, it's been dropped from the Transport Suite and there's no plans to re-release it. MS recommends partnering with BinaryTree or Quest, whom have better tool sets.
The Transport Suite 2007 is apparently more reliable that Exchange Connector 2003. The way they got that improvement was by dropping API based mail transport and using SMTP to transport the mail! :-)
There are still a lot of issues for long term co-existence. One specific one which causes problems is by having a recurring appointment with attendees from both sides of the connectors. Both sides will receive and process the message OK, but if the meeting owner updates the meeting, those changes won't flow across properly. (Apparently, the BinaryTree toolset has a fix for this issue too - MS doesn't)
There's a lot of other issues which are in the presentation slides. Most of them are noted, but not fixed. Because of the problems, the trend nowdays is to migrate as quickly as possible - usually by moving the user across with an empty, or only one week's historical mail, then migrating the rest of the data soon after.
There are a lot of gotchas as far as migration goes and consolidation. Too many to mention here, but don't forget to ask me about them when I get back.
Firstly, the Microsoft Application Analysis tool is now depreciated, because the results were not always accurate and didn't provide good information. So, it's been dropped from the Transport Suite and there's no plans to re-release it. MS recommends partnering with BinaryTree or Quest, whom have better tool sets.
The Transport Suite 2007 is apparently more reliable that Exchange Connector 2003. The way they got that improvement was by dropping API based mail transport and using SMTP to transport the mail! :-)
There are still a lot of issues for long term co-existence. One specific one which causes problems is by having a recurring appointment with attendees from both sides of the connectors. Both sides will receive and process the message OK, but if the meeting owner updates the meeting, those changes won't flow across properly. (Apparently, the BinaryTree toolset has a fix for this issue too - MS doesn't)
There's a lot of other issues which are in the presentation slides. Most of them are noted, but not fixed. Because of the problems, the trend nowdays is to migrate as quickly as possible - usually by moving the user across with an empty, or only one week's historical mail, then migrating the rest of the data soon after.
There are a lot of gotchas as far as migration goes and consolidation. Too many to mention here, but don't forget to ask me about them when I get back.
Microsoft TechEd 2008, Day 3, 10:00
The first session of the day was Deploying and Migrating OCS Server 2007 Release 2.
There's a few feature changes between 2007 and Release 2 - which is in Release Candidate at the moment but due out in February - such as dial-in audio conferencing to an OCS voice chat, better Windows Mobile and Blackberry integration and such. More details here: http://www.microsoft.com/Presspass/press/2008/oct08/10-14OCSR2PR.mspx
However, the architecture changes to support this mean that, like Exchange 2007, it requires 64 bit Windows under the hood. It also requires AD schema changes.
There's a few feature changes between 2007 and Release 2 - which is in Release Candidate at the moment but due out in February - such as dial-in audio conferencing to an OCS voice chat, better Windows Mobile and Blackberry integration and such. More details here: http://www.microsoft.com/Presspass/press/2008/oct08/10-14OCSR2PR.mspx
However, the architecture changes to support this mean that, like Exchange 2007, it requires 64 bit Windows under the hood. It also requires AD schema changes.
Subscribe to:
Comments (Atom)
Posts
