In The Know - Charles Van Heusen's Weblog

Announcing Windows Essentials Server Solutions

Discover a new family of integrated server solutions--including Windows Small Business Server 2008 and Windows Essential Business Server 2008--that are based on Windows Server 2008 technology. These solutions enable you to serve the needs of a wider range of small- and midsize-business customers more effectively while driving new revenue for your business.    

Click the Server Logo for more details on the Microsoft Partner Portal, or register for the Partner Track at an upcoming US Launch Event get a first hand look at the products. 

Infrastructure Planning and Design Guides for Windows Server 2008 Windows Deployment Services, Terminal Services, and Active Directory Domain Services

Are you or your customers evaluating server technologies in your quest toward a dynamic IT infrastructure? Use the Infrastructure Planning and Design Series guides to make the right decisions about planning infrastructure architecture.

Planning the next generation of technical infrastructure for corporations is a complex and daunting task. The success of any infrastructure is measured in how well the design choices match business objectives. Although plenty of product documentation is available, historically it has been difficult to find guidance on how to appropriately plan the core infrastructure for an organization. The Infrastructure Planning and Design series is designed to present the reader with the most concise planning guidance for Microsoft technologies. It also provides a means to validate design decisions to ensure that the solution meets the requirements of both business and IT stakeholders.

The IPD documents are designed to be used by the following IT personnel:

· Infrastructure planners and architects who have a firm operational grasp of the technology.

· Partners and consultants who design infrastructure solutions.

· Business managers who want to understand how the technology decisions being made support and affect the business.

The Infrastructure Planning and Design series is the next version of Windows Server System™ Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies; each guide addresses a unique infrastructure technology or scenario. All guides share a common structure including:

· Definition of the technical decision flow through the planning process.

· Listing of decisions to be made and the commonly available options and considerations.

· Relating the decisions and options to the business in terms of cost, complexity, and other characteristics.

· Framing decisions in terms of additional questions to the business to ensure a comprehensive alignment with the appropriate business landscape.

These guides complement product documentation by exposing and focusing on infrastructure design options.

Guides Available in this Release

Windows Server 2008 Services:  Active Directory Domain Services, Terminal Services, Windows Deployment Services

The IPD guides for Windows Server® 2008 Active Directory® Domain Services, Terminal Services, and Windows® Deployment Services present the infrastructure planning process by providing a clear and concise workflow and tasks required to plan for each service. Each guide leads the reader through critical infrastructure design decisions, in the appropriate order, and evaluates the available options for each decision against its impact on critical characteristics of the infrastructure. The IPD series highlights when service and infrastructure goals should be validated with the organization and provides additional questions that should be asked of service stakeholders and decision makers.

  Guides Currently Available

Infrastructure Planning and Design guides are currently available to support architectural planning for Microsoft’s virtualization technologies. The guides are: Selecting the Right Virtualization Technology, Microsoft SoftGrid Application Virtualization, Windows Server Virtualization, Windows Server 2008 Active Directory Domain Services, Windows Server 2008 Terminal Services, and Windows Deployment Services.

The IPD series is ongoing and will showcase multiple release waves to support Windows Server 2008 technologies in the coming months. Future plans will extend the architectural guidance to additional Microsoft software technologies and scenarios.

  Where to Find the IPD Series

You can find the Infrastructure Planning and Design series at http://www.microsoft.com/ipd 

Windows Server 2008 System Builder Readiness Center

With Launch events kicking off across the US this week, I thought it was pertinent to post the latest and greatest updates on the tools that are out there to help with the deployment and readiness for everyone.  Check out these updates..

Tech Tools: 

Expand Your Expertise: Learn to Deploy Windows Server 2008
You can preinstall Windows Server 2008 with the same Windows Vista OEM Preinstallation Kit (OPK) used to customize and deploy Windows Vista. The Windows Vista OPK provides specific information, including OEM licensing requirements and policy guidelines.

New Tools Extend Capabilities of Windows OPK
The updated Windows OEM Preinstallation Kit (OPK) is designed to help system builders deploy Windows Vista or Windows Server 2008 onto new PCs. It includes two new tools to ensure that images can be deployed to various hardware configurations and archived RTM files can be removed in order to reclaim disk space.

Choose the Best Way to Preinstall Windows Vista SP1
Learn how to update an existing Windows Vista RTM image to Windows Vista with SP1. This method may seem time-consuming, but compared with the effort required to create a new image it may be the appropriate method to use.

Sales & Marketing Resources:

Discover the "Better Together" Solution around Windows Vista with Service Pack 1 and Windows Live Services!
Watch this On-Demand web seminar and learn how to provide your customers with the complete PC solution featuring Windows Vista SP1, Live Services, OneCare, and the 2007 Microsoft Office system. PLUS, all attendees will receive a FREE* 2.0 GB SD Multimedia Card reader!

Get Ready to Drive Sales with the Recent Release of Buy Local 4.5
Did you know that 123,000 visitors came to localpcbuilder.com in December alone? The Buy Local program is being extended with great NEW Hardware Offers, a complete site redesign, and new features for small business customers to help drive sales. Discover how to integrate this great program into your sales and marketing efforts.

Have you taken the Licensing Quiz yet?
Test your licensing knowledge with a quick 10 question quiz. A few minutes will help you answer your customer's questions and maybe win you a cool PC!

Complete Windows Server 2008 Training for a Chance to win Windows Home Server!

Windows Server 2008 Now Available
Windows Server 2008 is now available from your authorized Microsoft Distributor. For Sales & Technical training on the latest generation of Windows Server visit the Server 2008 Accelerator. Complete the training and get up to $50 in e-codes from OEM SalesCenter and a chance to win a Home Server.

SMB Conferences - Not sure what to attend? Check out this webcast on SMBSummit to see if its right for you..

Mike Iem is hosting a webcast this Wednesday to talk about the upcoming SMB Summit Conference in Dallas in April.      If you are an SBSC partner, or Certified / Gold Certified Partner working in the Core Mid Market Space, this is a great conference for you to attend.  It will provide you with access to the Microsoft staff that is working on Windows Essential Server 2008, if you are not sure, you should dial into this call to learn about everything going on and the sponsors that will be providing additional training and solutions at the conference.

Action Item : Attend the webcast and decide if its right for you...

Title: 5W/50 Series - Windows Small Business Server 2008 and Essential Business Server 2008 Readiness Training Event

Date: 2/27/2008

Pre-Conference Start Time: 8:30 AM

Live event start time: 9:00 AM

Duration: 60 min

URL: https://www.livemeeting.com/cc/partners1/join?id=Q8DWSD&role=present&pw=2adac2

Conference Call: US/Canada: (800) 231-5712

Presenter PIN: 2330

Honey, you can start my Christmas Wish List today...

IT'S OFFICIAL! At the 2008 Game Developers Conference, Epic Games' lead designer Cliff Bleszinski made the announcement fans have been waiting for: Gears of War® 2 is coming this November.

 Reserve Your Copy Today - http://www.xbox.com/en-US/games/g/gearsofwar2/buyNow.htm

Remote Web Workplace has a new face in Small Business Server 2008

Once you see the screenshot below..  you will be amazed at the improvements... Keying in on the visualization improvements of Windows Vista, its a dramatic improvement for the end users as well as those of you managing your customer's networks. 

User's will now have the ability to use Remote Web Workplace (RWW) to connect directly to their workstations that are internal to the network.  To take it a step further, we will be able to preconfigure the RWW profiles for the user to connect directly to their system without have to know the workstations name or IP address, and they do not have to see the drop down list, only access to their site.

Additionally, access to internal web sites, file shares, and more importantly, your SharePoint sites, ie. company web can be accessed via RWW.

You will also have a  listing for Administrators to access to the remote console as well as access to the help desk requests which is a great component passing information from the Windows SharePoint Services site.

The Favorites links are configurable based upon the users accessing the site allowing users to access corporate tools and links to key solutions that are specific to their organization.

Cougar Name Announced..... Surprise surprise, it's Windows Small Business Server 2008

OK, today is the official PR announcement about Windows Small Business Server 2008,- Codename Cougar -   See the press release at (here)

I know I didn't provide a lot of detail last month on my post about "Cougar" so I am opening up the gates for any and all questions today.  Here's a great slide from a presentation that was delivered internally last week in our TechReady training that provides more details on the product breakdowns.   I had the opportunity to spend several hours with the Technical Product Manager and I am EXTREMLY impressed with the improvements in the product from a user perspective as well as from a partner perspective to improve the deployment and management processes.

Over the next 2-3 weeks I will provide new posts on SBS2008 and EBS2008 (Windows Essentials Business Server 2008) with screenshots, screencasts, and details on what you will be able to learn about at the Windows Server 2008 Launch events that the TS2 team will be delivering starting march 4th.  We will have an hour session dedicated to the Windows Essentials Server Solutions family and what to look forward to as we move closer to the launch and availability of both of these product in 2008. 

To find out more about the launch events, check the main website for registration at (here)

As you can see in the details of the slide, SBS2008 will support Hyper-V in both Standard and Premium editions.  The biggest thing to point is on the Premium edition is that is can be either an X64 or X86 installation which is a huge Customer Satisfaction saving grace especially for those customers who purchased SBS2003 on none dual core hardware in the past two years.  They can bring in their new x64 hardware, install the Core Infrastructure server with SBS2008, then use the SBS2003 hardware for the secondary server in to run their line of business applications.

Managed Services Webcast Today - Hosted by Karl Palachuk & Matt Makowicz

Last minute reminder!

Karl Palachuk & Matt Makowicz are teaming up to discuss Sales & Business Coaching for the SMB IT provider today.  If you can squeeze it in your schedule, it should be worth the time investment to help  you with your Managed Services Practice.

To join the conference call:

TODAY at 9:00 AM Pacific Time Zone

• Dial (319) 279-1000 (U.S. phone number)
• Your participant passcode is 1024518.
• This call is limited to the first 100 attendees.  

Microsoft Dynamics CRM Live Early-Access Programs

The Microsoft Dynamics CRM Live team initiated an early-access program for Microsoft customers, partners and independent software vendors (ISVs) on September 18, 2007. The intent of this program was to drive early adoption and validation for this new service offering, to train and educate Microsoft Dynamics CRM partners in adding Microsoft Dynamics CRM Live to their service offerings, and to solicit customer references to be used in market launch activities. Program feedback provided by organizations selected to participate in this limited-release program has been extremely positive; the following quotes and testimonials have been provided describing the initial impressions and experiences deploying Microsoft Dynamics CRM Live:

• “We selected Microsoft Dynamics CRM Live because it’s easy to use and we could deploy it without using our IT resources.” - Annie Suarez, Marketing Coordinator, Doosan Heavy Industries America Corp., an enterprise customer
• “The hosted solution fit our needs perfectly. We also liked that it is very easy to use, integrates seamlessly with Outlook and includes user-configurable workflows.” - Becca Bushong, Business Intelligence Lead, Stanley, Inc, an enterprise Customer
• “Given the complexity and detail of our business, it would not be possible to meet our growth objectives without a tool like Microsoft Dynamics CRM [Live].” - Michael Chansler, Vice President of Business Development, Accium BioSciences, a small business customer and a former Salesforce.com account.

While program feedback to date has been positive from those selected to participate in the Early Access I program, initial capacity constraints limited our ability to serve the entire demand for Microsoft Dynamics CRM Live. With the launch of our Early Access II program, we have increased capacity for new applicants and participation for Microsoft Dynamics CRM customers, partners and ISVs. The objective for this program is to initiate our demand generation processes, optimize our demand fulfillment practices and to run the Microsoft Dynamics CRM Live at production service levels in preparation for our market launch.

Description of the Early Access II Program

The Early Access II program is based on a feature-complete version of Microsoft Dynamics CRM Live and offers increased stability, customization and performance from previous versions. While this program has not been designed with initial capacity constraints in mind, we do reserve the right to limit participation – or cap the physical number of organizations accepted into this program at any time.

The Early Access II program will be limited to organizations located in the United States or Canada or organizations that have a valid United States or Canadian credit card. While there is no subscription fee charged for use of Microsoft Dynamics CRM Live while in the early access phase, this credit card is used to ensure that this organization is valid and that we are not opening security risks to online Agents, BOTS and/or Denial of Service (DOS) attacks.

In addition, providing a credit card at sign-up will facilitate conversion to the paid service offering should the organization intend to begin a paid subscription contract with Microsoft for Microsoft Dynamics CRM Live.

Initially, this program will offer only one online subscription offering – Microsoft Dynamics CRM Live Professional - for use by organizations. There will be a minimum of 1 user license provisioned with each subscription and a maximum number of 250 users allowed during the Early Access II program. It is important to note that our current plans are to place a minimum requirement of 5 users for new customer sign-ups once we have released the final version of our software.

Customers that are interested in the Microsoft Dynamics CRM Live Professional Plus subscription offering, or that are looking for greater than 250 users should contact the Microsoft Dynamics Live CRM Live Sales Team for additional details. See the FAQ immediately following for additional details.

How to become an Early Access II Program Customer or Partner

For customers:

Our strategic intent is to drive all Early Access programs through our partner network. This requirement is in-place both to minimize customer risk and to maximize their opportunity for success in deploying a pre-release version of our service.

• If a customer is already working with a Microsoft partner, the fastest way of getting access to CRM Live will be to apply via our website – located at http://crm.dynamics.com, and provide their partner of record (POR) during the sign-up experience.
• If a customer is not working with a Microsoft partner, they can still apply for participation at the same online experience, but will be followed-up with by member of the Microsoft Dynamics CRM Live Sales Team to align them with an appropriate Early Access partner.

Once the application process is complete, a Microsoft Dynamics CRM Live sales associate will contact the customer organization by e-mail with an invitation URL and product key for completing the sign-up process – provided that space is available for their participation.

For partners:

Microsoft partners who are interested in becoming Early Access partners for Microsoft Dynamics CRM Live can find additional information on the Microsoft Partner Portal where they can begin a separate nomination process, can directly contact Charlie Wood – Channel Development Manager for Microsoft Dynamics CRM Live or can contact the Microsoft Partner Resource Desk at 1-888-477-7989 or at prd@microsoft.com.

Partner Informational Webcasts (January & February 2008): The Microsoft Dynamics CRM Live Sales team will be hosting two webcasts to help inform partners about Microsoft Dynamics CRM Live. These sessions will provide an overview of Microsoft Dynamics CRM Live and will instruct partners as to how their business can benefit from getting involved with Microsoft Dynamics CRM Live.

• Partnering with Microsoft Dynamics CRM Live     Web Seminars (Live)      2/28/2008    
• Partnering with Microsoft Dynamics CRM Live     Web Seminars (On Demand)     Available Now!     

On-going activities: The Microsoft Dynamics CRM Live marketing and sales teams will also hold ongoing webcasts and demonstrations for Microsoft partners, customers and prospects beginning April – June of this fiscal year.

SMB Partner Events - So Many Choices, So little time and money to attend them all

On January 11th I posted details on the SMB Summit Conference that is taking place in Dallas in April.  Since then I've received a couple comments about deciding which conference to attend since there are so many choices this year and budgets for attending them are tight.

Being the true blue Microsoftieee  that I am, I told them that attending the Small Business Partner Pre-day events at WPC was my first choice, then I mentioned some of the other events that were out there, but I didn't do it justice compared to the post that Matt Makowicz from Ambition Mission put together yesterday.

Here's a link to his article 

AmbitionMission.com Blog » Blog Archive » Which “SMB” conference is right for YOUR business?

Microsoft Central Region VAR Open Challenge!

Prizes based on Open License sales during contest period of Jan 1, 2008 – April 30, 2008

Open to VARs in the Central Region

Qualified Microsoft Resellers can enter to win the following:

First Place Prize: A trip for two to Park City, Utah

Second Place Prize: A Toshiba Flat-Panel LCD HDTV and Toshiba HD DVD Player.

Third Place Prize: A HP Laptop Computer

Monthly Microsoft Zune 4GB Offer

Why Should You Sell Microsoft Open License?

Resellers of Microsoft software licenses can realize many benefits, including identifying new business opportunities, developing additional revenue streams, strengthening customer relationships, and more.

This new contest from the Microsoft Central Region SMS&P Team is designed to help you and your team get better acquainted with the tools and resources available to help support your Open License selling efforts and capitalize on the tremendous opportunity in the small and midsize organization market!

Participating is easy! If you are a qualified VAR reseller, follow the steps below to enroll in the contest and sell as much Open License as you can during the contest period of January 1, 2008 – April 30, 2008. Qualified VAR resellers are those located in the Central Region of the United States as defined in the Challenge Terms and Conditions.

Don’t think you’ll sell enough to win? You won’t know unless you sign up and try!

Easy to enter at:

www.ms-gearup.com/central

Questions?

crpmoi@microsoft.com

Windows Server 2008 - Bitlocker Drive Encryption

While delivering a TS2 event in El Paso, Texas this week, questions came up regarding the ability to extend Bitlocker Drive Encryption onto a RAID Array.  The Whitewater I have goes over a lot of the changes to Bitlocker in Windows Server 2008 over what was previously available in Windows Server 2003 SP1, but it doesn't mention anything regarding encrypting data on RAID Arrays so I will keep digging.  I thought the information I did find was worth sharing so check it out below...

I pulled the following information on Windows Bitlocker from the "Windows Server 2008 Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008", Whitepaper that was put together in September 2007 by Simon Farr and Carolyn Eller.

BitLocker Drive Encryption

Windows BitLocker™ Drive Encryption (BitLocker) is a security feature in the Windows Vista® and Windows Server® 2008 operating systems that can provide protection for the operating system on your computer and data stored on the operating system volume. In Windows Server 2008, BitLocker protection can be extended to volumes used for data storage as well.

What does Windows BitLocker Drive Encryption do?

BitLocker performs two functions:

· BitLocker encrypts all data stored on the Windows operating system volume (and configured data volumes). This includes the Windows operating system, hibernation and paging files, applications, and data used by applications.

· BitLocker is configured by default to use a Trusted Platform Module (TPM) to help ensure the integrity of early startup components (components used in the earlier stages of the startup process), and "locks" any BitLocker-protected volumes so that they remain protected even if the computer is tampered with when the operating system is not running.

In Windows Server 2008, BitLocker is an optional component that must be installed before it can be used. To install BitLocker, select it in Server Manager or type the following at a command prompt:

ServerManagerCmd -install BitLocker -restart

Who will be interested in this feature?

The following groups might be interested in BitLocker:

· Administrators, IT security professionals, and compliance officers who are tasked with ensuring that confidential data is not disclosed without authorization

· Administrators responsible for securing computers in remote or branch offices

· Administrators responsible for servers or Windows Vista client computers that are mobile

· Administrators responsible for the decommissioning of servers that have stored confidential data

Are there any special considerations?

To make use of its full functionality, BitLocker requires a system that has a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM. A compatible BIOS must support the TPM and the Static Root of Trust Measurement as defined by the Trusted Computing Group. For more information about TPM specifications, visit the TPM Specifications section of the Trusted Computing Group's Web site (http://go.microsoft.com/fwlink/?LinkId=72757).

BitLocker requires that the active partition (sometimes called the system partition) be a non-encrypted partition. The Windows operating system is installed to a second partition that is encrypted by BitLocker.

Whenever dealing with the encryption of data, especially in an enterprise environment, you must consider how that data can be recovered in the event of hardware failure, changes in personnel, or other situations in which encryption keys are lost. BitLocker supports a robust recovery scenario, which is described later in this article.

What new functionality does this feature provide?

The major features of BitLocker include full-volume encryption, verification of the integrity of early startup components, a robust recovery mechanism, and support for a secure decommissioning process.

Full-volume encryption

Everything written to a BitLocker-protected volume is encrypted. This includes the operating system itself, and all applications and data.

Why is this functionality important?

This helps protect data from unauthorized access. While the physical security of servers remains important, BitLocker can help protect data whenever a computer is stolen, shipped from one location to another, or otherwise out of your physical control.

Encrypting the disk helps prevent offline attacks such as the removal of a disk drive from one computer and its installation in another in an attempt to bypass Windows security provisions, such as permissions enforced by NTFS access control lists (ACLs).

What works differently?

BitLocker is implemented in code in the early startup components ((master boot record (MBR), boot sector, boot manager, Windows Loader)), and as a filter driver that is an integral part of the operating system.

When BitLocker is first enabled, existing data on the volume must be encrypted. You can continue to use the computer during this process, but you might notice reduced performance during this initial encryption.

After the initial encryption is complete, using the encrypted volume causes a slight performance penalty on disk access. While highly dependent on particular hardware and usage patterns, an estimate of 3 to 5 percent is reasonable. On client systems, this is not usually noticeable to users. On heavily-loaded servers, you should evaluate the performance of the disk subsystem.

Using a BitLocker-enabled disk is transparent to the operating system and all applications.

For more information about the specifics of the BitLocker encryption algorithm, see AES-CBC + Elephant diffuser (http://go.microsoft.com/fwlink/?LinkId=82824).

How should I prepare for this change?

For information about planning, see How should I prepare to deploy this feature?.

Integrity checking

In conjunction with the TPM, BitLocker verifies the integrity of early startup components, which helps prevent additional offline attacks, such as attempts to insert malicious code into those components.

Why is this functionality important?

Because the components in the earliest part of the startup process must be available unencrypted so that the computer can start, an attacker could change the code in those early startup components, and then gain access to the computer, even though the data on the disk was encrypted. Then, if the attacker gains access to confidential information such as the BitLocker keys or user passwords, BitLocker and other Windows security protections could be circumvented.

What works differently?

On computers equipped with a TPM, each time the computer starts, each of the early startup components (such as the BIOS, the MBR, the boot sector, and the boot manager code) examines the code about to be run, calculates a hash value, and stores the value in the TPM. Once stored in the TPM, that value cannot be replaced until the system is restarted. A combination of these values is recorded.

These recorded values can also be used to protect data, by using the TPM to create a key that is tied to these values. When this type of key is created, the TPM encrypts it, and only that specific TPM can decrypt it. Each time the computer starts, the TPM compares the values generated during the current startup with the values that existed when the key was created. It decrypts the key only if those values match. This process is called "sealing" and "unsealing" the key.

By default, BitLocker examines and seals keys to the measurements of the Core Root of Trust (CRTM), the BIOS and any platform extensions, option read-only memory (ROM) code, MBR code, the NTFS boot sector, and the boot manager. This means that if any of these items are changed unexpectedly, BitLocker will lock the drive and prevent it from being accessed or decrypted.

By default, BitLocker is configured to look for and use a TPM. You can use Group Policy to allow BitLocker to work without a TPM, and store keys on an external USB flash drive; however, BitLocker cannot then verify the early startup components.

How do I resolve these issues?

You should consider the availability of a TPM as part of your hardware purchasing decision. In the absence of a TPM, the physical security of the server becomes even more important.

BitLocker should be disabled during planned maintenance that will change any of the measured early startup components. BitLocker can be re-enabled after the maintenance is complete, and new platform measurements will be used for the keys. Disabling and re-enabling does not require the decryption and re-encryption of the disk.

How should I prepare for this change?

For information about planning, see How should I prepare to deploy this feature?.

Recovery options

BitLocker supports a robust series of recovery options to ensure that data is available to legitimate users.

Why is this functionality important?

It is essential that an organization's data can be decrypted, even if the most commonly used decryption keys become unavailable. Recoverability is designed into BitLocker, without any "back doors," but enterprises can easily ensure that their data is both protected and available.

What works differently?

When BitLocker is enabled, the user is prompted to store a "recovery password" that can be used to unlock a locked BitLocker volume. The BitLocker setup wizard requires that at least one copy of the recovery password is saved.

In many environments, however, you might not be able to rely on users keeping and protecting recovery passwords; therefore, you can configure BitLocker to save recovery information to Active Directory or Active Directory Domain Services (AD DS).

We recommend that recovery passwords be saved to Active Directory in enterprise environments.

How do I resolve these issues?

Group Policy settings can be used to configure BitLocker to require or prevent different types of recovery password storage, or to make them optional.

Group Policy settings can also be used to prevent BitLocker from being enabled if the keys cannot be backed up to Active Directory.

For more information about how to configure Active Directory to support recovery options, see Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information (http://go.microsoft.com/fwlink/?LinkId=82827).