Wednesday, 14 November 2007
Can be done!
Vista Upgrade - Can it be done...
To succeed and return to this blog will indicate that Microsoft is excellent and that I have a fine level of IT Skills. To fail will mark me as a fool and render my remaining full day here a much less rich experience....
Here goes!
Groove on - baby
However, I was a bit fed up of my laptop and also had low battery, so I'll just summarise the Q&A that might be asked of me.
Q. What is groove anyway?
A. It's an online or hosted environment for collaboration which can be used by anyone.
Q. But we've got sharepoint so we can just use that...
A. No we can't becuase we would have to issue everyone with IDs and also it's not as good for colaborating on things in the same way that groove is (authors opinion disclaimer)
Q. So give us an example of how we could use it at Lancaster...
A. An academic rings the helpdesk and says he wants to collaborate with lots of people inside and out and he can't find a way of doing it. We suggest groove, which is part of office. He goes away and does it and it's all good.
Q. Ah ha, but we might want to enforce our own ways of working and do clever things, and stop students using it for MP3 and video, and link it to the rest of our world, oh and I've got another 20 ideas and it's all getting complicated.
A. Ok, you twisted my arm... lets get some locally hosted servers and start rocking out with it in a more structured way.
So there you have it. Why don't you start using it now. Go on....... Then when it gets a following we can put some more investment in it.
(disclaimer... my own opinion again) It's better than sharepoint....
Internet Safety for Kids
This breakout was a hard hitting look at the way the peiderfiles and predators target kids online and how to protect against them. I found this very hard and emotive and will have to review this again later to see what effects it has.
Some of the stories were horrendous, rape, abduction of very young children (as young as 3)
It could be argued that the presenter was extreme, using key loggers etc. Although she was telling them about this. Also masquerading as a 12 year old boy with similar interests in order to see what information could be obtained. She was able to obtain school / room / when PE was. Is this not going to cause problems when eventually it all comes out...
Details of the presentation including the video can be downloaded from the website..
Stats:
- Average of 3 minutes from entering a chat room (passive) until sexual content is advanced.
- 71% teens have online profile
Perfect victim
- 11-14
- No parental involvement
- No definite bedtime
- Can be away from home without anyone noticing
- Exclusive use of computer in private area (most common threat)
www.htcia.org has archived webcasts on how to do data mining training courses… However, some of this is US based only. In the UK you cannot do things like link a mobile number to a street address etc.
MySpace, Xanga and Live Journal are all sites that are available. No such thing as "private" myspace page. That's just a ruse to keep mom and dad off. The list of friends can pile up quick. Private means nothing.
How can the parent get the kids myspace page. Ask them. Use key loggers (blaster (software), www.keyghost.com) and replaced key logger on laptop.
"Technophilia" Persons using the computer to engage in sexual deviance.
It's not just girls. 5-7 year old boys (US) are under target and allowed to operate in an organisation with membership in the US.
Then, only at the end of the session were there tips on how to actually secure access online. They are all in the presentation..
I might blog about this again…after a think.
Perhaps ISS has a responsibility to publicise this to the uni. Community.
VOIP Technologies for idiots (paraphrased)
Michael Krele and Rajatish Mukherjee attempted to give people like me a complete overview of how telephony systems worked from. Starting with a primer on terminology… how many do you know? I knew quite a few (although I did used to work with PBXs on teletype machines)
Telephone System
- PBX Private Branch Exchange
- POTS Plain Old Telephone System
- IP-PBX IP based PBX
- Hybrid PBX IP enabled PBX
- Switch PBX
- Node Specific PBX in a network
- Trunk Access to PSTN
Telephony
- PSTN Public switched telephone network
- ISDN Integrated services digital network
- TDM Time Division Multiplexing
- PRI Primary rate interface
- E1 30 voice channels (Europe)
- T1 23+1 voice channels (USA)
- BRI Basic rate interface (2 voice channels)
Computer Telephone Integration
- CTI Computer Telephone Integration
- CSTA Computer Supported Telephone Application
- GETS Genesys Enterprise Telephony Server
- CUPS Cisco Unified Presence Server
Protocols and Codec
- QSig ISDN based signaling protocol to connect different PBXs
- SIP IETF Standard, signaling protocol (Session Initiation Protocol)
- H.323 ITU Standard, signaling protocol
- G.711 Standard voice codec (ISDN quality)
- RTAudio Microsoft's dynamic voice codec (superior voice quality)
Others
- QoS Quality of Service
- QoE Quality of Experience
- CDR Call Detail Record
- QSig ISDN based signaling protocol to connect different PBXs
PBX are massive racks of kit with built in inelegance. Then you add cards for subscribers. e.g analog / digital cards (16 or 24 lines, add another card after 24 lines) once the whole lot is full then you need to add another system. It's actually more complicated than that as sometimes dependent on what type of cards you have you may need to leave some slots empty for power / CPU reasons. Other cards you can add would be Mgmt cards / Networking (Qsig) and a card for connection to the network (PRI / BRI).
They you can play with all the cards such as putting in all networking cards to create an IP PBX or a hybrid.
Now then, you can then do a corporate GSM Mobile approach, this involves giving everyone a GSM mobile phone. This means that when back at base you can get free calls and they still work outside the workplace. Thus you can have 4-5 digit numbers inside the branch and full mobile numbers outside. This means that you can replace the PBX (aside from a few bits and pieces) .
So then, how can we make everything better? How can we blaze our way into the future? Well… no prizes for guessing that it's called VOIP and it's got a Microsoft flavour… It's a three step process.
- Build a foundation with a single identity in AD, install IM and presence with OCS2007
- Add VOIP software to OCS2007
- Finally OCS Standalone
Sounds great, however…. problems still exist such as lack of emergency call (including information as to where people are), receptionist, teams and hunt group, hold music etc...
So.. How about keep your existing phone and link in to Office Communicator, then you can have the best of both worlds (as long as your PBX supports call forking). There also seems to be a need for a SIP mediation server to link the PBX to OCS2007, however I was a bit confused about that.
Implications for Lancaster?
I guess the big question for me is how does our Cisco VOIP system interop with LCS? If this can be tightly linked then this might be very good news, we should be able to do things like:
- Ring people on your VOIP phone from link on your PC, or global address list, or from SharePoint / outlook.
- Conference call across the VOIP network from communicator.
Ah ha… good news. You can do this now with a CSTA interface, but it's very expensive and not many people do it so DRAT!
Tuesday, 13 November 2007
MOmmy
Dhananjay Mahajan provided a very interesting start to his presentation by showing a "crash" screen and suggesting that if you've never seen a windows application crash in the last few months then you should go and do some gambling!
He then presented on how you can use Microsoft Operations Manager (MOM) to use this data to improve your infrastructure.
e.g When a desktop or app crashes, 90%+ of users reboot, or call the helpdesk and are told to reboot! <5% of crashes will get escalated to desktop administrator.
How do you solve this, whilst keeping costs down? Well, not surprisingly the answer is MOM. Well, there are a few caveats to this, best use Vista for example (seems to be a theme of the week here). It's all easy and supports:
- Agentless monitoring
- No agent deployment required, as it uses the windows error reporting service (build into windows)
- You can add your own solutions, so linking to hotfixes / knowledge articles etc.
- You can aggregate all the error reporting data together.
- No agent deployment required, as it uses the windows error reporting service (build into windows)
- Collective client monitoring (you can monitor them from one place)
So it's all good. And indeed in the demo, it all looked good. A little over my head and of course we don't currently do any of this.
Anyway… I switched off at that point, but I've downloaded the slides, so ask if you really, really want to know.
Hey ho...
Identity recources..
http://technet.microsoft.com/en-us/library/bb687784.aspx
Tuesday - Identity @ Microsoft and the new lifecycle manager.
Do Microsoft eat their own dog food? We'll kinda, but only a bit of the tin turns out to be the answer. It's more "do as I say" rather than "do as I do". For example they have no limits on the number of machines that can be joined to the domain by staff, no naming standards and a whole bunch of PCs / user combinations. (e.g 1 developer = 8 PCs, 1 receptionist = 0.33333PCs!). they also have a multi forest / domain architecture which isn't how it's supposed to work in any books i've read.
They do however use their identity integration server product which I guess is a bit of dog food. They have some guiding principles / tips, which seem to go a little something like this:
- AD should not be authoritative for anything (almost, aside for DNS / Computer account… stuff that’s only in AD (that's like what we think)
- User account live in account provisioning system (like groupman!)
- There is a Self service drive (user / Group management) - not like us
- They deal with deleted accounts by moving them to a locked OU in AD for a bit - not like us
- They run multiple MIIS instances to deal with policy problems… who can re-activate your account to access information / HR / legal etc.
3 MIIS instances are running. 1 x MIIS for user (provis / deprovis) . 1 x Security Group etc. 1 x Topoligy
The key challenges seem to be the same as we've already identified, questions such as:
- How do you enforce business logic?
- How do you define which data is authorititive?
- How do you deal with exceptions?
- What about single IDs?
- Reuse of accounts?
This is not an exhaustive list, so I asked a few questions...
Q. What exactly is your account management system?
A. It's an in-house writen app in .net with SQL Server 2005 back end (sound familier?)
Q. How do you deal with workflow, scheduling
A. You can do a lot of things in MIIS but for really complicated things then you need to fall back on the code. Things like outlook notifications and approval work as standard, but more than that there is work to do in MIIS. In the next generation of the product a lot more of this is covered.
Q. What other systems do you provision from / to
A. Not much. SAP holds all the empoloyee data (including non Microsoft staff) and provisions to AD / Exchange. Anything else is handled elseware.
Q. What role based provisioning are you doing?
A. None. We tried to get role based provisioning working for security groups, but because of the 1000 security group limit, it was too difficult.
So What does this all mean for ISS and our UIM project. Well, I would say that the product they will bring out in Q4 2008 will be a lot better and will address things like strong interop with the .net framework and MS Workflow engines. But in my opinion they are still running behind other players in this market. We should include MS in our thinking, but not worry too much if they dont make it for now.
Monday, 12 November 2007
Identity Management - Part 1
The most interesting thing wasw a framework for assessing and implementing UIM type things. It goes from Basic > Standard > Rationalised > Dynamic....
Where do you think ISS fits in according to the measures? I'll let you know tomorrow!
Day 1 Fun
Let me appologise for the non photographic contect of my blog. I know that many other ISS folk have cameras so will take exciting pictures, but I dont (well it's at home) so you will have to rely on my descriptions! Also, dont mail be about poor spelling / grammer I KNOW!!!!£%£"$"!
Q. Why does spanish TV have versions of Strictly Come Dancing / Who wants to be a millionaire / X Factor etc. etc. How are we getting away with exporting this rubbish?
Registered this morning at about 9am and had cakes and coffee in the conference venue. Then went to the Sagrada Familia. I've been before but it always astonishes me at the complexity and beauty of the place. Last time you were able to climb up the stairs, but now this seems to have been closed off for building work so you had to queue a long time for the lift. Anyway, it's an inspiring place. I particually like the origional face of the building. Somehow the carvings are more human. You can look for a long time and still descover new biblical scenes and points of interest. It's a fantastic place.
It also offered a trip on the metro system which I am a fan of. It somehow seems simpler to use than it's English cousin and a lot of the trains and infrastructure are more modern.
Anyway, better get onto some IT talk, or you'll all be thinking that I'm wasting ISS resources and swanning around doing nothing. So... after lunch it was time for the keynote.
The keynote speech was given by a guy called Bob Kelly who was a vice presendent, so I was very worried about bordom setting in. However I need not have worried. Before the session we were treated to some very fine african drumming and then a chance to join it. There were tuned pipes for everyone in the audience and we played them to great effect. See here for the bits of plastic used.. Anyway, after a general overview of where Microsoft were going, we got onto some good (and mostly successful) demos of the latest products.
Windows Server 2008
Some new bits of note here were:
- Quarantine of VPN / Wired / Wireless machines - does this not cut across the work of the ISS management agent, which I still fail to understand the need for.
- PHP native supported (Fast CGI)
- IIS 7, more secure, better... etc. etc. (we will see if this is the case as we go on)
- Shared configuration. Settings stored central. 1 config for all web farm
- Terminal Services Remote aPps (this is a bit like SGD allowing you to deploy apps across wide range of devices almost seemlesly (I say almost, the demo was a bit clunky)
- Virtualisation, this seemed to be a good growth area, with things like:
Support for LINUX (fast), 64Gb memory per VM
Support of snapshots without reboot of VM (e.g Service packs etc.)
Systems Centre / Ops manager with logical / physical management
Drill down to VMs and services / Databases etc. running actions such as SQL database mgr etc.
Physical / Virtual management in Ops manager
Migration from one physical host to another (and geographical using stretched clustering)
Application deployment / thin & rich and virtual machines.
Softgrid with multi version etc.
Isolated virtualisation environments
Streams application and user preferences….
Systems Centre - Config manager
Support for driver catalogue and thus only deploy in the image that which you need.
Integration with Dell and others for firmware / etc.
Enforce configuration rules / policies
Sorry that this is a bit of a random list, but I copied it from my notes! I'm getting used to using one-note now, which makes things useful.
SQL Server 2008
Again some new looking bits and pieces in here including:
- Policy with integration with Systems Centre across 1 or multiple servers
- Performance monitors linked to workloads using Resource govener. e.g critical apps can keep performance.
- Intellisence within the tools (long overdue!!!£"$)
- New reporting tools (office like) report designer looks like Office 07 (ribbon) - better visualisation
Windows Home Server (is this just an excuse to make money?)
This was an interesting one. I'm still not convinved that this produce is actually needed... How many people actually want a cut down server for use at home... I guess the main server products are becoming more complicated and large, but I'm still not sure you can't do it all with Vista.. Hmmmm. Anyway, it offers a number of bits:
- Partnerships with systems people to deliver hot swap drives / eSATA etc.
- File organisation / sharing
- Simple setup
- Link on every desktop to server folders.
- Taskbar entry on each client to monitor network health.
- Daily backups of client PC, nightly including Wake on LAN for patching backup etc. (Diffs etc.) Single instance store for backup intelligently backs up same data at bit level. (Explorer style recovery or full system restore.
- Media sharing (Xbox etc.) can see home server and play content.
- 3rd party apps (home automation / security etc.)
- Remote access to outside world (using domain name! and public cert me.homeserver.com)
All in all it was all quite exciting, and if you're still reading then you may be crying, whats the implication for ISS?
Well.... thats an interesting question. It strikes me that a lot of this requires a lot of integration and also a lot of control of infrastructure. I think one of the things that is missing is a systems roadmap. We still take everything down for patching during business hours. What about application vitrulisation, softGrid does look sexy? There is a lot of stuff in the party.
I guess that the IT Strategy will address this, so I guess I kinda feel that exciting times are ahead.. .hopefully... although some people may need to be drowned in the sea of change.
Sunday, 11 November 2007
Arrived..
Most worrying today seems to be eveyones keenness to craft a new Christmas song, some lyrics have already been created... watch out.