If you’re an Exchange admin, use the “Require encryption on the device” policy, and you’ve got users out there who are using first and second generation iPhones to get their mail over Exchange ActiveSync, then be prepared for a whole rush of support calls as users update to the latest version of the iPhone OS.

Why?

Because iPhones have stopped lying to Exchange servers.

The hardware on earlier iPhone models doesn’t have the power needed to support whole device encryption -you need the 3GS for that - and  that means that if your business needs to secure its mail, then most of the iPhones out there can’t be trusted. Apple’s earlier versions of the iPhone email software just ignored that policy setting, and reported back that all policies had been applied.

That meant that devices that should have been encrypted (either for corporate or regulatory reasons)  weren’t - and all the mail on them was available for anyone with a USB connection and the appropriate software.

As I’m sure you can guess, that drove a coach and horses through your  security policies, and opened your business up to all sorts of regulatory problems.

Now at least those phones will stop getting mail.

But it’s a bit of a worrying thought that one of the most popular phones in the world was skating past security policies. Of course that leaves us with two more worrying thoughts:

First, how many other phones out there are doing just that without you knowing?

And secondly, just how are you going to tell your bosses that they can’t use their phones for email any more?

If you find a bug in a competitor’s product do you… A: Tell them about it? B: Tell a journalist about it? C: Tell your customers about it? D: put an anonymous video of it on YouTube, then tweet the video as if you had nothing to do with it?

For some reason, the marketing team at VMware decided that D was the way to go when they got their hands on some VMware-internal video of Hyper-V ‘crashing’, adding in a post hoc ergo propter hoc argument blaming Hyper-V for the MSDN site not keeping up with the Windows 7 RC downloads on the morning of April 30th (rather than Microsoft’s explanation of the site traffic increasing not by 100% as had expected, but by 500% - and isn’t being that much in demand is a pretty good problem for Microsoft to have?). Shame that they declined to include the necessary technical details about the test or even to put their name behind it until Microsoft dug out that the YouTube poster was actually Scott Drummonds of VMware.

When the Hyper-V team asked for some details about the test, VMware’s Bruce Herndon popped up to explain the video, express regret that the discussion is in a public forum (presumably that one is actually aimed at Drummonds) and ask why there was so much “kerfuffle” over it.  Probably because posting videos on YouTube defaming the competition isn’t a good idea for anyone (Microsoft included). Probably because VMware came across like a group of pranking teenagers confronted by their parents. And probably because the copy of Hyper-V that you see blue-screening is apparently running on pre-release Intel hardware that you get under the kind of agreement that says you won’t do benchmarking on it, certainly not for public consumption.

It’s obvious from the tenor of the Microsoft blog posts that the virtualisation team is hopping mad; I don’t blame them. Unfortunately, arguing in public can come across more as a spat than a serious debate and benchmarks and stability tests are too important to anyone using virtualisation in anger to be left to YouTube videos and obviously partial arguments. In saner moments, VMware knows this: the EULA for ESX explicitly states “You may use the Software to conduct internal performance testing and benchmarking studies, the results of which you (and not unauthorized third parties) may publish or publicly disseminate; provided that VMware has reviewed and approved of the methodology, assumptions and other parameters of the study.”

I’ll be as surprised as the Hyper-V team if VMware has found a bug rather than proving that anyone can crash any system if they approach it with that intention. And I don’t know whether it raises issues of third-party certification. When I asked Jeff Woolsey at TechEd why RIM had just certified BES 5 for virtualisation under VMware and not Hyper-V, he pointed out that you don’t need to certify apps to work with Hyper-V because for virtualisation to be useful, it has to be the same as working with Windows Server (or the server OS of your choice) - it should be the hypervisor that’s tested, not the apps. As with Windows 7, Microsoft has spent a lot of time testing thousands of applications with Hyper-V. If we do need third-party tests, it’s going to have to actually be a third party conducting them - not an interested party.

Even if the video had shown a legitimate problem in a well-constructed test, releasing it anonymously on YouTube would be reprehensible. As an enterprise customer, wouldn’t you like VMware to act like a mature and responsible software company that you could count on to work with other vendors to deal with problems in a constructive way? As it is, I’ll be taking any benchmark claims from VMware with a pinch of salt from now on, and I expect many enterprise IT shops will feel the same.
-Mary

We live in an industry driven by the Darwinian evolution of buzzwords. Many start down the memestream to mainstream acceptance, but most die along the way. Some are weeded out early, others struggle to survive in the fringes of the blogosphere. It’s interesting to watch evolution in process.

One of the terms that’s making its way through that great filter is Infrastructure 2.0. It’s still struggling to drive the agenda, but it managed to make its way onto the schedule for last week’s Future In Review conference in San Diego. The question was still “Just what is it?”, and there were interesting definitions from all parts of the industry.

Mark Hurd, HP’s CEO, was quite clear in his thinking, noting that POCs, servers, storage and network hardware were all converging on the same basic set of components. The only thing that would differentiate them was the software, saving money and making it easier to maintain an infrastructure. That’s certainly an important piece of the Infrastructure 2.0 jigsaw, but it’s still only a small part of the picture.

Amazon’s AWS, VMware’s VSphere and Microsoft’s Azure are another piece. They’re attempts to build a univeral operating system for cloud and virtualised workloads, where workload migrates to and from on premise datacenters - making them what Amazon CTO Werner Vogel calls “more elastic”. The mix of in-cloud and on-premise is key to the flexibility that businesses need, but it’s also a new complexity that needs a lot of management, and deeper consideration of just where your data is at all times.
Here’s a scary thought: Infrastructure 2.0: it’s 12 am. Do you know where your data is?

Data protection regulations aren’t ready for data that flows to where the workload is - and those workloads need to be geolocked, able to keep information inside the appropriate data protection regime.

Then there’s the thorny question of user interface.

Is a PC screen what the next generation of applications and services need? There’s a lot to be said for the traditional application, mixing rich data and rich display. Tom Malloy’s research group at Adobe is looking at next generation run times that can speed up cross platform rich internet applications. Tools like Adobe’s AIR and Microsoft Silverlight simplify user interface development, and bring Web 2.0 user experiences to the desktop.

Perhaps the most telling piece of the puzzle was one simple phrase: “We need to stop treating IT pros like Victorian file clerks”. It’s a statement that hit home - we do treat our IT pros as glorified clerks, waiting for them to do things by rote. What we really need is an automated infrastructure that flexibly configures itself to deal with the tools, applications and workloads we need to use every day.

Pull apart all the different definitions from all the vendors out there and that’s what Infrastructure 2.0 boils down to. It’s a world we really need to build - if only to show the world just what value IT really brings to business.

–Simon

Getting virtualisation deployed just got a lot faster.

We’ve spent the morning with Microsoft’s Jeff Wooley, one of the team leads that helped put together Hyper-V, talking about live migration. However, one final thing he said was a bit of a scoop…

It turns out that Hyper-V Server R2, the next release of Microsoft’s standalone virtualisation platform, will boot from flash disk. That’s a big new feature that will help speed virtualisation deployments - all you’ll need to do is duplicate a set of flash drives for all your servers. All your hard disk space is working space for your VMs, and storage for your VHDs.

Oh, and it’ll be free.

That’s not bad.

While you’re thinking that way, flash drives are a good way of installing the latest generation of operating systems. It’s easy enough to make a bootable flash drive in Windows with just a few commands:

1. diskpart

2. list disk

3. select disk 1

4. clean

5. create partition primary

6. select partition 1

7. active

8. format fs=fat32

9. assign

10. exit

Then all you need to do is copy Windows Vista’s (or Windows 7, or Windows Server 2008) DVD ROM content to the drive. Simply issue the following command to start copying all the content from the DVD to your newly formatted high speed flash drive: xcopy d:\*.* /s/

Just plug in the drive, and you’re ready to install - very quickly. If you’ve just got an ISO of an installer, this is a good alternative to burning a DVD…

User experience is a complex thing, with the smallest elements affecting everyone differently. Big changes in an OS UI can have significant impacts of applications that were designed to work with another version. Take Office 2007 for example. It’s a productivity tool that ends up running your online world. I spend most of my time in just three Office applications (and a web browser) - running Outlook, OneNote and Word.

It’s Outlook where the problems appear. If you’re using XP or Vista the option to hide minimised windowx from the task bar, you’ll end up using Outlook’s status bar icons to show if new mail has arrived and to open and close your inbox. It’s a simple way of working, and one that completely falls apart once you upgrade to Windows 7.

It’s purely down to the new task bar. Icons in the task bar are large and compelling. They show when an application is running, and when it’s closed. Unfortunately they don’t show an application as running when it’s hidden - so using the old “hide Outlook” approach fails. The task bar icon becomes the place to click for new windows, and suddenly your PC is running multiple Outlook instances, chewing CPU and memory, and slowing shutdown times.

There is a simple answer - turn off the hide when minimised option, and move the Outlook status bar icon to Windows 7’s new status bar overflow bubble. Suddenly you’re back to doing everything with the task bar icon (albeit without all the information you used to have). One Outlook, one window - and a task bar preview to help you find the things you need to run your day. It’s just a pity that you had to throw away all the useful information you got from the status bar.

One thing occured to me a while back: the icons on the Windows 7 task bar are large and clear - so why shouldn’t they be a tool for displaying information about running applications. After all, my iPhone uses dynamic icons to show me how many messages are unread, and even just what day it is… The keynote at Microsoft’s TechEd here in Los Angeles showed that Microsoft has been thinking the same way, and is adding subtle status icons to the task bar in Office 2010.

The most obvious was in Outlook 2010. There’s no need to keep looking at the status bar for new message indicators - they’re now an overly on the task bar. New mail shows as the familiar envelope image - but as part of the Outlook task bar icon. Read the message, and the envelope vanishes.

It’ll be interesting to see how many other software vendors start using dynamic icons in the Windows 7 task bar. It’s a technique that makes a lot of sense, turning placeholders into a means of delivering quick hits of contextual information, simplifying interactions and giving developers a new way of delivering content to users. You can imagine workflow applications that display current tasks, or to do lists that alert you out of the corner of your eye. The Windows 7 task bar will become what it really needs to be - a dashboard for your PC.

 –Simon

What’s the difference between me walking down the hall, head down and totally absorbed in reading email on my BlackBerry because I didn’t stop to do it before I left the hotel room (well, the coffee is downstairs), and Jim Balsillie co-CEO of RIM walking down the hall so absorbed in reading email on his BlackBerry that he doesn’t hear me say good morning? Mainly that he has the good manners to have a member of staff walk with him so he doesn’t walk into anyone; I’ve never noticed anyone leaping out of my way to avoid getting trampled because you simply don’t notice when you’re that absorbed but I have taken some sudden swerves in railway stations to get out of the path of an oncoming commuter with their eyes fixed on their device so I assume it works both ways.

If your users carry BlackBerrys you can give them a little more to get absorbed in by rolling out the new BES 5. you’re going to want to; if the automatic failover for redundancy, manual failover for maintenance and 64-bit support don’t grab you, you’ll like the full Web-based remote admin (although it does need ActiveX in the browser). They’ll like email flags, being able to file messages and manage folders and - if you enable it - better access to fileshares behind your company firewall.

That’s all instant gratification of a sort, which appeals to the lizard brain. After the other CEO of RIM, Mike Laziridis, introduced BES 5 and celebrated ten years of BlackBerry (and 25 years of RIM) and Bob IBM of RIM showed off some very IBM-centric predictions about the evolution of enterprise collaboration based on smartphones and contextual information (which would have been visionary a year ago and now are just documenting established trends), ex-Disney Imagineer and US intelligence service CTO Eric Haseltine talked a lot about the lizard brain and how to take advantage of it to move your company in the right direction, because it isn’t going away any time soon.
Concept cars matter to the car industry because they show you a physical object you can imagine using rather than describing a service you can’t. The concrete, visual, tactile, tangible prototype appeals to the other big part of the brain, the visual and processing area. And given that in every enterprise the urgent trumps the important and most decisions are the emotional lizard brain arguing with the rational brain, you can do with getting more of the brain on your side.

At Disney Haseltine worked on the Park PDA; back in the 90s this was a handheld device that did everything from video conferencing to games. Of course the killer app wasn’t any of the big concept ideas; it was the text message that told you where in the park Mickey Mouse was so you could go get a photo of your kids with the rodent. Your smartphone can do a lot of that today, but Disney still does great business selling the Pal Mickey; a gadget that knows when you’re standing in line for a ride and likely to be bored, buzzes to offer your kids a secret message and uses a proximity sensor so that when they hold it up to their ear it can whisper at them about the ride they’re queuing for.

Haseltine’s point isn’t so much that your big idea is never go to match what users actually want but that the sooner you can give them something to try out, the sooner you’ll find out what they do want - and then you can use that to move a little further in your long-term direction, supported by users who are getting what they want as well. The people who will be most likely to take the time to try your prototype and give you useful reactions are not just the early adopters but the ones who are actually suffering in some way because they can’t do what they need; there’s always more incentive to get out of the discomfort zone.

And for support, don’t turn to executives or the formal development process; he suggested looking to the counterculture, the “underground informal rebel alliance who think the bureaucracy doesn’t get it”. Every company has them, and if you’re in IT you’ll probably have quite a few working with or for you. They’re going to be doing some unapproved skunkworks projects, so they might as well be something that suits your agenda.

His favourite recent example is the billions of dollars that the various US intelligence agencies spent on knowledge management and collaboration tools which had the same success as any other KM project; utter failure. (When we first watched Criminal Minds we assumed the show didn’t want to reveal the sophisticated IT the FBI must be using; I shouldn’t have been surprised to discover that a technical analyst who could retrieve information from a variety of sources is something most FBI teams only dream of). Over at the CIA, a handful of agents got together and set up a completely unapproved and doubtless career-limiting copy of MediaWiki. Helped by the fact that a third of CIA officers are now what Haseltine calls “the Facebook and MySpace generation” (no figures on how many CIA agents are actually on Facebook), Intellipedia became something of a  sleeper hit, delivering the knowledge sharing all the formal systems never managed.

Smartphones came into business the way that PDAs and PCs did; because users who thought they would be useful just started using them and demanding that IT support them; social networking and IM arrived the same way. The best way of getting some control over whatever comes next is to be involved in bringing it into business; your counterculture revolutionaries will be in the thick of that and if you can give them enough rope to drag your agenda along you could kill two birds with one stone.
-Mary

Microsoft’s Management Summit isn’t your usual IT conference. It’s a gathering of the unsung heroes of the IT pro world, the system administrators and the system managers who run the networks that keep businesses of all sizes running. They’re here in Las Vegas to understand Microsoft’s server management roadmap, and get training with the latest tools.

It’s a long road from SMS to System Center, but it’s one that Microsoft has been diligently treading for a decade now. What started as a tool for managing updates and software installs is now a complete suite of system management tools, covering everything from data protection to virtualisation to service level agreements to Linux (yes, Linux). It’s now a set of tools that will help run all aspects of a heterogeneous business network, with hardware and software from many different vendors.

One of the underlying themes of this years event is The Cloud. Not just the public cloud of Azure, but the scale-up scale-out elastic business networks that are starting to appear in private data centres. Even though they’re private, the automated, virtualised workloads they host share in many of the features of public cloud services - and they will even migrate from one to the next.

Tools like System Center Virtual Machine Manager and System Center Operations Manager help define just where virtual servers can be placed, and rules and policy can manage live migrations from server to server (if you’re using the next version of Microsoft’s Hyper-V hypervisor) - along with application and storage virtualisation tools.

Bob Kelly, Microsoft VP Server and Tools, drilled down into this in his MMS 2009 keynote, calling the private cloud “Reliable, Predictable, Automated”, which he described as a long term investment for Microsoft as part of its Dynamic IT programme. Clouds are platform as a service, designed to scale up and out, and for reuse. They’re reliable highly available systems built for redundancy - which you need to deliver IT as a service.

One example of this is Hotmail, where server failures are replaced on a monthly schedule (the engineers go round the racks swapping out the boxes with the red lights). There’s no rush to make fixes, the load just moves transparently as soon as a problem occurs - what Kelly calls a “self healing system”, where the network has been automated for cost and reliability, reducing the number of people per server and removing the risk of errors. By building this type of infrastructure you do the work up front, so the network is knowledge-based, model oriented, and you can provide remediation in minutes, not days or hours.

It’s all part of the evolution of IT, from mainframe to client server to web to cloud. There are two models:

• A public cloud - very few companies delivering the data centres for this, so there will only be two or three or four public clouds.
• A private cloud - business enterprises will want the same features as the public cloud for their own data centers.

So how do we get there? Kelly talked about the path to cloud computing, which he said was “Virtualise, automate, deliver.” The most important part of the path is virtualisation, as you can’t do any of the rest without it. Once you’ve virtualised, automate what you can and move to service level management with policy control - and finally make sure the business understands what you’re doing and howto take advantage of it.

Private clouds are here to stay - they’re the new mainframe, only this time built on commodity hardware, general purpose operating systems, and open management standards.

I hate VPNs. I’m not alone; the VPN that Microsoft – who ought to be able to get IT right - runs for internal staff is so slow (it takes four or five minutes to get connected) that many staff refuse to use it whenever possible, which makes it hard to patch their systems. And the less they connect, the longer the connection takes, because it’s busy forcing security updates on them and slowing down the connection even more. DirectAccess, a new feature in Windows 7,  could make that a thing of the past, creating a secure connection that’s more efficient than a VPN and much easier to use, so you can tell end users you’re making their life easier and get access to their machines for maintenance at the same time.

But the way DirectAccess makes the secure tunnel between the remote PC and your network to give them access to file shares and applications and everything else, is by using IPSec and IPv6. You need IPv6 on your internal network and on the network they’re connecting from – and that’s still rare. Luckily, there are ways around it.

One way is use the Forefront Unified Access Gateway; this does a lot more than DirectAccess, including enforcing application whitelisting on remotely connected systems, but it simplifies setting up DirectAccess. “We’re the plumbing,” says Scott Roberts of the Windows team; “sometimes what we give you is the 16-step guide to do something – and UAG is the friendly face on top. They have some really nice wizards.” UAG also helps you configure DirectAccess without needing an end-to-end IPv6 connection.

The roadmap for Forefront includes a version of UAG to run on the mid-market two-server system (codenamed Centro – it’s the step up from SBS), which will also support DirectAccess  DirectAccess isn’t going to be available on SBS, at least in the Windows 7 timescale, because it needs two servers, one of them with two network cards – so you can’t run it in a VM or behind a NAT firewall - and because Microsoft feels that the complexities of setting up DirectAccess are too much for small companies.

The other solutions involve encapsulating IPv6 packets inside IPv4. You can do it using the 6to4 and Teredo protocols, but not all networks support those; if you’re visiting a business that does outbound proxying for security, they won’t work. You can put in a protocol translation adapter on your network, or use a Windows Server 2008 R2 system running ISATAP to convert IPv6 into IPv4 to move the packets across your network. Or you can just use the new IP-HTTPS protocol which takes IPv6 into IPv4, just like an SSL VPN.

If you don’t want to put IPSec on your network, you can send the packets across your internal network in clear text; if you do have IPSec you can choose between integrity assurance and full encryption, but that does limit you to using DirectAccess to access resources on servers that support both IPSec and IPv6. That’s fine for Windows Server 2008 and for many Linux systems, but not Windows Server 2003. The DirectAccess server itself needs to be running Windows Server 2008 R2. All that means that DirectAccess while will make life a lot easier for your users, and give you a way of reaching out to touch PCs as soon as they go online rather than only when they’re forced to use a VPN – but it’s going to take a fair amount of setting up, and that may seem like too much work when it doesn’t work with any other versions of Windows than Windows 7.

-Mary

Last week saw the 6th birthday of AMD’s Opteron CPU, the core of its server product line. We were among a small group of journalists and analysts at AMD’s Sunnyvale campus for the event - which also included the launch of a new generation of silicon, and the unveiling of AMD’s Opteron roadmap for the next few years.

Pointing out that “the server market is very different”, AMD’s Nigel Dessau opened the even with a look at the way the server market has been changing over the last few years - with a move to throughput rather than clock speed with multicore systems, to virtualisation, and to designing for energy efficiency, all with the aim of changing the economics of the data centre. The result has been increaded server density and utilisation - more bang for your buck in less space!

So what happens next? Dessau suggests that “The way you assemble architectures is what makes the difference.” That’s why AMD puts so much into its CPUs, with much of what we’d normally consider to be the supporting chipset - including memory controllers - on the same silicon. It’s not quite a system on a chip, but it’s getting very close these days.

Pat Patla, the GM and VP of AMD’s Server Business Unit unveiled the new hardware. This was the roll out of the Istanbul product range, a six-core processor for existing two, four and eight socket systems with what he said was “30% more performance than the previous generation at the same power”. Istanbul also brings all of AMD’s power management technologies into one place as AMD-P.

Istanbul isn’t the end of the story - the next chapter is already being written in. AMD is already sampling its next generation processor, the 12-core “Magny-Cours”, which despite being a terrible pun, is a rather zippy piece of silicon - we watched a 48 core demo system much its way through several benchmarks. It’s not that far away, either, and should ship in 2010.

Virtualisation is a target market for the next generation of silicon, and it will add support for virtualised I/O. With I/O devices virtualised there’s a lot of scope for new application and new ways of working (as well as a chance to virtualise applications and servers that previously were locked into existing hardware). It’s all part of the Infrastructure 2.0 model, where management tools take advantage of hardware to deliver flexible self-managed virtualised data centres.

The other part of the AMD story is how it’s working on power management, with products available in different thermal bands - including a low power range intended for single and dual socket high density applications, ideal for cloud data centres. There’s a lot to be said for this approach, especially as all the features of the high end, high power CPUs are in the energy efficient versions. Dense deployments need greater efficiencies, as data centre costs are a huge proportion of the costs incurred in running a cloud service. With an average power of 40W, the EE series processors will help keep those cooling and power costs down.

Magny-Cours is only part of the AMD roadmap, and the company’s current architecture is a long term play (which is good for virtualisation, as it will allow asymmetric migrations, letting businesses use older hardware for disaster recovery purposes). The next generation will be 32nm devices in 2011, a 12 to 16 core device codenamed Interlagos and a 6 to 8 core device codenamed Valencia.

–Simon

“Anti-patterns” is a developer term that refers to solutions that look good but lead to inefficient or ineffective results. It’s a concept that’s worth sharing with the wider world, as there are many many anti-patterns in the ways we work that we need to identify, and throw out. At last week’s Web 2.0 Expo in San Francisco, IBM’s Aaron Kim ran through some of the anti-patterns that are affecting the uptake of the latest web technologies inside business, and which threaten to derail current Enterprise 2.0 currents.

The first was one he labled “Fear 2.0″. It’s not so much fear itself, as what you do to repond to it. Leaping into a project out of fear can be as bad as being afraid to get started, and one of Kim’s points was that fear is not a bad thing but action paralysis is. Corporate fear is always a risk, but so is indvidual fear, as people are afraid to act decisively - as failure comes with a name tag. Yes, innovating is risky, but not innovataing may be riskier, and the latest technologies take full control is out of your hands. In the end, says Kim, you need to “Fail often, fail quickly, fail gracefully, and learn from it.”

Fear may be the obvious anti-pattern, but it has its collolary - Hype. Enthusiastic leaps into an unknown future can be as a disasterous as sticking with old and decaying processes. Just wanting somehting because it is cool, or because someone told you it was cool, isn’t enough to justify a new project. As Kim points out, “The lack of a business case will come back to haunt you.”

It may be a new world, but people still have old habits. A lot of Enterprise 2.0 services are collaborative - and people don’t share. There’s too much of an advantage in keeping information to yourself, and you need to educate your users, as they’re your competitive advantage. Collaborative applicaitons need connections, and opening them up lets you access what Kim calls “the invisible majority”. What we have is a collection of technologies wrapped up in a new management philosophy, and to get success you’ll need to transform the culture around you, not just deploy new tools.

You can’t just have a Field Of Dreams approach, you may build it, but they won’t come. People need to be brought on board, and you need to meet their actual needs, not what you think they are. It can’t take up a lot of their time, either. People have limited bandwidth and are often overloaded to start with. They’re also not all geeks, and we often assume too much of our users. Why not take a leaf out of the book of school nutritionists, who found the route to a healthier diet wasn’t just education - it also meant putting healthier foods where they were easier to access. People are lazy, and making it easier to try something new than to go the old way can have a significant impact on a project’s success.

One other thing came out of Kim’s talk: Intangible doesn’t mean unmeasurable. You need to consider how a project adds and captures value in a business. Projects need easy to understand business cases, and ROI must be easy to calculate. Even so, there are no magic metrics, and returns need to be broadly defined.

–Simon