With summer in Redmond just around the corner, I know a number of teachers that like to take trips or do odd jobs around the house while school is out. However the teachers in California’s Manteca Unified School District still have access to classroom applications at home (or anywhere they have internet access) because of Windows Server 2008. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
The school district is a prime example of success that can be had with the Terminal Services RemoteApp feature of WS08.
One of the initial goals of their WS08 deployment was to move away from establishing a dedicated virtual private network (VPN) for their 30 schools and 4,000 staff members to access information. With Terminal Services, teachers are now able to securely access the same information available in their classrooms, using their home PC. Due to its success, the district also plans to install Terminal Services on nine more servers before the 2008-2009 school year begins.
We continue to hear great feedback on the actual deployment time of WS08 as well. Manteca’s deployment of WS08 was pretty quick—IT staff was able to deploy all applications to one server, rather than 5,500 times to individual desktop computers.
If you are looking for more information on Terminal Services, check out the Terminal Services Team Blog.
-Michael
Microsoft published a Security Advisory today providing information for developers and Web administrators on ways in which they can mitigate and prevent SQL injection attacks. As you might have seen, there was a spate of such attacks in late April and it caused quite a few headaches for administrators. Remember that SQL injection attacks target Web application code, not Web server code, so they can only be avoided by making sure that any Web application that accepts user input, which is then used to query a database, follows best practices to ensure that the input does not contain malicious code or syntax that might compromise the database, Web site, or even the whole server.
So the advisory today is not a security bulletin - there are no patches for IIS or SQL Server or ASP.NET to download. However, we are making available some tools that can help mitigate these attacks while the underlying Web application code is being fixed to follow security best practices for protecting against SQL injection in ASP and ASP.NET. There is a tool from HP that tests sites to help identify pages that might be susceptible to SQL injection attacks, and also a Microsoft Source Code Analyzer from our SQL Server team that actually parses ASP code for data access commands that might be vulnerable to SQL injection.
But the one that I'm most excited about is UrlScan 3.0 Beta. As you may remember, UrlScan originally released with the IIS Lockdown Tool to help mitigate security vulnerabilities that affected IIS 5.0 in Windows 2000 Server. It's an ISAPI filter that examines HTTP requests to check that URLs and other headers are not being padded with overlong strings or unusual characters as a way to conduct a buffer overflow attack. We haven't updated this tool since we released UrlScan Version 2.5 alongside IIS 6.0, because most of the functionality is now available in IIS 7.0 as the Request Filtering module. But as of today, you can download 32-bit and 64-bit versions of UrlScan 3.0 Beta, which extends the functionality to also examine the querystring part of the URL (i.e. the part that comes after a "?" in a URL - typically name/value pairs or other parameters that are passed to a script or application). This can therefore help prevent SQL injection attacks while the underlying Web application code is fixed.
Over on the IIS.net site, you can find a full walkthrough of the tool, as well as some great articles by Wade Hilmo (the guy who wrote UrlScan) and Nazim Lala, another member of our IIS security team. They have full details on the tool and other security guidance you can follow to help protect your Web servers and applications.
David.
TechEd 2008 IT Professional was a blast! It was great to meet and talk with many of you IT Pros. An opportunity came my way to discuss some of the lesser known features of Windows Server 2008, especially with relation to Active Directory. Take a look, this is a 2 part video. RODC, Auditing, Password Policies, and Domain Controller location (this is the biggie) are all discussed. Hopefully this gives some insight into the little things. Enjoy!
Justin Graham
I remember being a kid and having a big secret that I couldn’t tell anyone. Stuff like Bobby has a crush on Susie or Jeffrey has a tail. Okay, I didn’t know anyone who had a tail but you can imagine how hard it would be for a 10 year old to keep a secret like that.
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
A few months ago we completed our runs for the Top500 list. For those of you not familiar with this bi-annual benchmark, the Top500 list represents the 500 most powerful computers in the world. It is the supercomputing supergeek superlist. We completed runs with the National Center for Supercomputing Application (NCSA) and with Umea University. The problem is that even though we did the runs months ago we weren’t allowed to discuss the results until this week, the week of the International Supercomputing Conference in Dresden, Germany. We had to keep it a secret. Ugh.
The NCSA cluster is amazing. 1200 nodes, each with 8 cores, creating a 9600 core cluster. NCSA installed Beta 1 of Windows HPC Server 2008 and ran the benchmark. The results were outstanding: 68.5 teraflops and 77.7% efficiency. Using our beta software NCSA beat their November score by over 10%. This is the fastest Windows cluster to date. Check out the customer video and case study.
The Umea University cluster, “Akka”, is located in northern Sweden. This system was also running Beta 1 and hit 46 teraflops on 5,376 cores with a VERY impressive 85.5% efficiency score. This is the BEST efficiency score for an x86 architecture cluster on the Top 500 list. Umea University will run the new supercomputer at its facility known as “HPC2N”. The university’s cluster employs 672 IBM blade servers, and also marks the first time that Windows HPC Server 2008 has been run publicly on IBM hardware.
So, the benchmarking numbers are looking pretty good, and those benchmarks were with our first beta. We shipped our second beta last month and we’re shipping our first release candidate at the end of this month.
How did we do so well on the benchmarks? We’ve made big improvements in the Microsoft MPI stack. MPI (Message Passing Interface) is used for tightly coupled communications between servers running in parallel. The biggest improvements were in what are called shared memory interfaces, that is, the interfaces used for communication between processor cores on the same system. Our MPI stack is based on Argonne National Lab’s MPI stack called MPICH2. We will contribute our changes back to Argonne for inclusion in the open source version of MPICH2. These are some of the largest contributions to the open source community by Microsoft. Yep, open source and Microsoft.
Network Direct, our new RDMA (Remote Direct Memory Access) networking stack was another area of improvement. We collaborated with partners like Mellanox, NetEffect, and Myricom to build a very efficient RDMA stack. Improvements in MPI and Network Direct contributed hugely to our great score.
Very impressive benchmark results for a product that’s not even released to manufacturing yet and the benchmark scores were a very hard secret to keep. The release candidate of Windows HPC Server 2008 will be available for customers to download the last week of June.
Ryan Waite,
Group Program Manager on the HPC Dev Team
Customers tell us that energy-efficient computing is a top priority for them as they look to control energy costs and reduce their impact on the environment. With Windows Server 2008 we feel we have some very compelling technologies such as Server Virtualization with Hyper-V and the native Power Management capabilities of the platform, that are on by default, which will allow organizations to realize true power savings benefits.
We have been working across multiple teams at Microsoft since last October, and are pleased to release today; a new whitepaper (download link) that outlines the key power savings benefits of Windows Server 2008, which has been designed with energy efficiency in mind. In this whitepaper we explore how Windows Server 2008 provides customers with a number of new power-saving features including:
· Support for Processor Performance States (P-states): Windows Server 2008 has the native ability, turned on by default, to throttle the amount of voltage to the CPU based on load. Ten times every second, Windows Server 2008 is evaluating the workload on the processor and adjusts the P-States accordingly. Our testing has shown up to a 10% power savings increase from Windows Server 2003 to Windows Server 2008 while maintaining a comparable level of throughput (performance).
· Server Virtualization with Hyper-V: The implications of these results are significant: if multiple virtual machines can run on a single physical machine without consuming significantly more power than a standalone server while keeping comparable throughput, that means you can add virtual machines at essentially no power cost, as dictated by your hardware and performance needs. The savings continue to scale with the number of servers you are able to virtualize. Running 4 virtual machines means saving the equivalent power output of three physical servers; running 10 virtual machines means saving the equivalent power output of 9 physical servers. Plus, Hyper-V can still throttle the amount of voltage to the CPU based on load – which is something VMware and Xen can NOT do today.
· Support for Advanced Configuration and Power Interface (ACPI) processor power management (PPM): We can fine-tune the power profiles of both Windows Server and Windows Vista through Group Policy allowing organizations to tailor the Power Profile of their systems. How do you tailor the power settings within Windows Server for the best Power/Performance settings in mind? The default settings are great in most situations, but you can check out the Windows Server Tuning Guides that have recently been updated for Power Management and Hyper-V settings.
In all, the whitepaper shows us that the inherent power management and virtualization capabilities of Windows Server 2008 can lead to cost and energy savings across the board.
Supporting the whitepaper, which is in .docx or .pdf format, we have 3 appendixes that contain the raw power management data derived from the tests: (Download Link)
With Windows Server 2008 we have come a long way with our Power Management capabilities....especially when contrasted to Windows 2000 and Windows Server 2003. As we look to future versions of the Server OS, Power Management will be a core tenet of our development efforts.
Ward Ralston & Eric Rezabek
Thought TechEd was as good a time as any to give you all some great news…I’VE BEEN UPGRADED! <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
Well, it’s been a crazy few months since the Windows Server 2008 RTM. I kept wondering why they were letting me hang around – what business does one Windows Server 2003 have in a farm of WS08s? It was just embarrassing. But there I was, clinging to the remote desktop port on the corporate firewall like Milton to his red swingline stapler. Then one day the engineers caught wind that I was shopping around for a new job and it all became clear. Wayne, one of the IT guys, pulled me aside and told me that is was in my best interest to cut the whole “woe is me” song and dance.
Wayne explained that as the last WS03 server I had an important role at Microsoft.com – I had to try my hardest to prove that WS03 performed as quickly as WS08. At first I was a little hopeless, but then Wayne then told me the best part – if I won, I get to bask in the glory of winning, but if I lost, there was a good chance that I’d be sent down upgrade row. I realized I couldn’t lose! For a minute I thought about throwing the race to expedite my upgrade, but I knew that there are still a lot of WS03s out there and I wouldn’t want my crew to get a bad rep. So I rolled up my sleeves, drank a couple cups of coffee, listened to that song, “Eye of the Tiger” and then I gave it all I had!
Long story short, I just couldn’t keep up with the WS08s. Wayne told me that it all came down to “efficiency” or “cost” of the number of requests per CPU cycle. Looks like WS08 is over 10% more efficient then I am in handling live web platform traffic for www.microsoft.com. Wayne explained that this improved efficiency helps enterprise customers reduce their server footprints in datacenters and ultimately reduces the overall cost of running their site/s. You can read more about the race results here.
So now I am upgraded! For all you ‘03s out there don’t worry…it didn’t hurt a bit! They said it would just be a Day Upgrade under local anesthetic, and they were right! Within hours after the procedure I was up and helping on Microsoft.com. I feel 5 years younger. The WS08 team even got me a card to welcome me aboard. Everyone signed it. Shucks. One person wrote “wishing you a speedy recovery”— I didn’t realize the irony of that slogan until I booted up again! I AM faster!
After extensive development and private evaluation, I’m pleased to announce that a public preview of Windows Small Business Server 2008 RC0 is now available.
Windows SBS 2008 is the next major release in the Windows Small Business Server product family, and it offers a wave of new features for technology consultants and small business owners. There are too many updates and changes to list in one post, but here are some highlights:
To learn more about the product and to enroll in the public preview program, please visit http://technet.microsoft.com/evalcenter/cc184870.aspx.
We look forward to your feedback.
Regards,
Dean Paron
Group Program Manager
Windows Small Business Server
Just a reminder - It has been a little over a year since we released Windows Server 2003 SP2. When we release a Service Pack at Microsoft, we want to make sure that IT professionals and system administrators have ample time to assess the service pack and choose when to deploy it.
As with other service packs, we offered support for Windows Server 2003 SP2 within the Windows Service Pack Blocker Toolkit. This allowed administrators to block the automatic deployment of Windows Server 2003 SP2 for a period of one year.
Now that time has expired, organizations should be aware that over the next month, support for Windows Server 2003 SP2 within the blocker tool will be phased out Windows Server 2003 SP2 will then be automatically offered, downloaded and/or installed (depending on user or administrator settings) through standard mechanisms including Windows Update and Automatic Update.
Ward Ralston
We've blogged about the use of Windows Server within branch offices several times here and here. Many of them kicked off with the introduction of Windows Server 2003 R2.
Today Citrix announced Branch Repeater, which they say is a new line of branch office appliances. Here's a description I received from Citrix:
Citrix Branch Repeater debuts with the ability to stage, cache, or pre-position content at the branch using technologies such as Microsoft Windows file services and Microsoft Distributed File System (DFS). These technologies allow Citrix Branch Repeater to pre-position XenApp “Portable Application” installation files for rapid update and delivery to branch employees. The Citrix Branch Repeater also uses Microsoft ISA Server 2006 Web caching to accelerate delivery of web content to the branch. But the repeater goes much further. It can accelerate all TCP-based network traffic to and from the branch using Citrix WANScaler technology. And through integration with Microsoft Windows Server 2003 R2, local branch services are consolidated and delivered locally for optimal performance and availability.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
In essence, Citrix Branch Repeater does three things that can help you provide better services to your remote or branch offices: (1) it stages streamed apps closer to the branch-based employees by using Citrix XenApp; it consolidates Windows-based branch services; and accelerates WAN app delivery.
There are three models to choose from:
Patrick
There are new demonstration videos of the upcoming Small Business Server 2008 and Essential Business Server 2008 on TechNet Edge.
Program manager Bjorn Levidow provides an overview of EBS management, including remote administration, add-in management and license tracking. Becky Ochs, program manager for SBS, shows setup of SBS 2008, including the new Answer File tool.
Joel
Whew! Friday at 2:18PM we signed off on Beta 2 of Windows HPC Server 2008. It’s a good thing too since the Redmond team is looking at the first sunny and hot Northwest weekend this year. Mother nature usually gives us these days on weekdays. It’s been a hard push since November when we shipped our last beta. Since then we’ve done test runs on a cluster with over 1000 nodes, fixed over 1000 bugs, coded a bunch of new features, and made a bunch of design changes based on customer feedback. For example, one beta customer was using our new WCF Broker for financial risk modeling but wanted a totally reliable messaging solution. We built a solution leveraging MSMQ that still provides high throughput while allowing for reliable messaging.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
Now that Beta 2 is finished our Technology Adoption Partners (TAP) will put this beta into production environments. We’ll carry pagers to help them out if they run into a crit-sit after hours. Actually, we have cell phones. Pagers have gone the way of sock punch cards, teletypes, and sock garters. I suspect there are teenagers wandering around that don’t know what a pager is.
Anyway, there’s a bunch of new stuff in Beta 2.
We checked in high availability for the head node and a new set of diagnostic tests to help people identify and troubleshoot their clusters. The new UI model is really coming together but for users more comfortable with command line interfaces we provide scripting support through COM and PowerShell. Finally, administrators can run administrative scripts in parallel across the cluster using our improved Clusrun feature.
A bunch of humbling (heh) usability testing pushed us to redesign the To Do List. It should be much easier for people to get through setting up a cluster, adding drivers to images, and configuring patching for the cluster (new feature!). The heat map is working so well we’ve thrown out our internal monitoring tools we use on Top500 runs.
After lots of, um, passionate debate we’ve finalized the APIs for job submission. It will continue to be easy for ISVs to integrate directly with our job scheduler while at the same time working with a cluster that may have thousands of jobs in the queue, each job with thousands of tasks.
A lot of people don’t know that we co-chair the HPC Basic Profile working group at the Open Grid Forum. With Beta 2, we ship our support for “HPC Basic Profile,” allowing us to interop with the LSF and PBSPro job schedulers.
We completed a few great Top500 runs in the last few weeks. We can’t talk about the numbers until the International Supercomputing Conference in June but it looks like Beta 2’s new MPI stack and new Network Direct RDMA interface are starting to hum.
Finally, our new programming model based on SOA is getting some nice usage from beta customers. Most of the feedback has come from folks in computational finance but there are also a couple folks in the life sciences industry that are kicking the tires. For example, what if you came up with a new theory about cancer and wanted to search through thousands of medical scans to see if your theory was correct. For Beta 2 we improved scalability, reduced latency and improved session initialization time. Beta 2 supports multiple WCF Brokers, allowing HPC Server 2008 to run really big SOA workloads.
So, we’re done with Beta 2. Lots of new features (whew) and lots of scalability improvements. We’ve posted build 1345, Beta 2, up at http://connect.microsoft.com
Thanks!
Ryan Waite
Group Program Manager - HPC
Since the launch of Windows Server 2008 on February 27th, I have had a phenomenal opportunity to hear a lot of positive feedback from IT Pros, developers and our partners. I truly have enjoyed talking with customers from around the globe to hear their experiences and implementations.
Since I am back in the office for the foreseeable future I thought I would take some time over the next couple of weeks to showcase some of the implementations of Windows Server 2008 that I have come across that have caught my attention.
One customer who has seen great results in the Web hosting area with WS08 is HostMySite.com. If you are not familiar with this company - they are a Web hosting company that owns and operates its own datacenters and networks and provides support for dedicated server environments. HostyMySite hosts more than 85,000 web sites on 3,100 Servers (and growing).
One of the initial goals of their WS08 deployment was to offer the highest levels of application stability to their customers. In addition HostMySite wanted to increase the site capacity on their web servers and minimize the amount of time spent troubleshooting.
Prior to Windows Server 2008 HostMySite was getting roughly 500 application pools on each of their servers. IIS 7.0 new application pool management features has allowed HMS to scale up to 3000 application pools per server. In addition to increased application pool capacity, HMS was also able to reduce the numbers of servers.....what normally took 10 servers now takes 4. (Although I wish WS08 was solely responsible for that metric - they moved to Dual Core Dell PowerEdge Servers) Both of these are very impressive to step back and take a look at: 6x the application capacity on 60% less servers.
HostMySite is just one of the many customers seeing strong results with Windows Server 2008 and you can read more about their deployment story here.....it is actually a good read and you will see they are doing a lot more with the remote management capabilities of IIS 7.0
If you want more info on IIS, be sure to visit IIS.net. There is also a great blog post here that talks more about the hosting features in IIS 7.0.
Stay tuned for more.....
-Ward Ralston
Good news. Today we opened up the Public Preview for Windows Essential Server Solutions - Small Business Server 2008 and Essential Business Server 2008. Visit here to find out how to download and evaluate the Release Candidate 0 versions of both. EBS is available now, SBS will be up within a few weeks - but you can sign up today and be notified when it is ready.
We also unveiled pricing for SBS 2008 and EBS 2008. Both products offer big savings versus buying the similar component products separately, not to mention the time and effort saved by the Solutions' integrated, SMB-oriented set up and management. We've made a lot of changes to SBS as a product, so the price has changed. In most 1-75 user cases, SBS 2008 Standard is actually less expensive than SBS 2003 Standard. SBS 2008 Premium is now a two box solution with an additional copy of Windows Server and SQL Server running on a second box, in order to provide a great application platform - a big request from partners and customers. There are a number of changes to make SBS CALs more flexible and cost-effective, too - see here for details.
Joel Sider
We announced the new Microsoft Operations Framework 4.0, and the MOF 4.0 online community. Check out Jeff's blog post over on the System Center team blog. Here's an excerpt:
So what’s new? First, where the old MOF talked mainly about operations, the new MOF 4.0 describes the entire IT life cycle, including business planning, project organization can use a common language and a consistent framework for planning and coordinating their activities.
The second improvement is to the design of the content. If you’re looking for a way to overhaul your organizations service management practices, then MOF 4.0 provides that comprehensive view that will help you choose where to start. However, if you’re just looking for a best practice around one particular area then MOF 4.0 can help as well, with short (25-page) “service management functions” that can give you ideas on improving a particular function in 20 minutes.
Patrick
Helping businesses address the growing complexity of managing their IT environments, today at Microsoft Management Summit 2008 we announced the public beta release of System Center Virtual <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
Machine Manager 2008 (formerly referred to as code name “Virtual Machine Manager vNext”).
System Center Virtual Machine Manager 2008 enables customers to configure and deploy new virtual machines and to centrally manage their virtualized infrastructure, whether running on Windows Server 2008 Hyper-V, Microsoft Virtual Server 2005 R2 or VMware ESX Server. When used in conjunction with the broad System Center management suite, customers can use SCVMM 2008 to effectively manage both their virtualized and physical servers and applications.
For more information about this news and other activities taking place at MMS, check out the Virtual Press Room.
-Tina
Lots happening in Orlando at Convergence 2008 - the Microsoft Dynamics users' conference. Steve Ballmer and vice president Kirill Tatarinov are speaking and the Dynamics team is making a number of announcements, including a partnership with EDS to extend Microsoft Dynamics CRM deployments, a preview of Dynamics AX 2009 (part of the ERP product portfolio), and more developments in hosted, online services. Also announced - and one of the things Kirill is speaking about in his keynote - is how Windows Essential Business Server and Microsoft Dynamics are an ideal combination for midsized companies.
Essential Business Server provides that reliable platform for line of business applications that is all too often a challenge for midsized businesses to set up. All of the core infrastructure needed - Windows Server, Active Directory, SQL Server, secure remote access, etc. - is ready to go, configured to best practices. And Dynamics solutions will be manageable as "Add In" apps within the Essential Business Server unified administration console, giving IT pros a more efficient way to manage everything in one place.
Software partners such as Citrix, CA, FullArmor, Mimosa Systems, Quest Software, ScriptLogic, Symantec and Trend Micro also plan to provide Add-In software solutions for Windows Essential Business Server. And HP, IBM and Intel will make hardware management Add-Ins.
Microsoft and HP are demonstrating Essential Business Server with Dynamics Add Ins at Convergence, and the EBS team is doing a number of sessions at the show.
Joel Sider
The team behind Windows Essential Business Server 2008 for midsized companies (part of the newly announced Windows Essential Server Solutions family and formerly known as "Centro") has launched a team blog here. Group Program Manager Eric Watson provides the introduction:
In this Blog, key people that design and develop the product will discuss all of those features, the software, tips and tricks, and yes, even shortfalls that we hear from customers. As engineers, we love details, and with 5 products and 15 workloads plus all the ‘can’t get it anywhere else’ software we added, there are plenty of details to talk about.
The Essential Business Server web site is here. A Q&A about the product is here.
Joel Sider
If you are a Volume Licensing customer, you have probably downloaded Windows Server 2008 already or you will be receiving it soon as part of your monthly DVD shipments. As you start testing and getting ready for deployment, one thing you’ll need to plan for is Volume Activation. Since we launched the Windows Server 2008 a couple of weeks ago, we have updated a few resources to help you understand activation better and make it easier to use in your existing environment.
Windows Server 2008 uses the same volume activation technology as Windows Vista, so if you are familiar in how it works for Vista, the same principles apply with some minor changes. For more details, see Volume Activation 2.0 Changes for Windows Server 2008 and Windows Vista SP1. On the other hand, if you are new to volume activation and need to ramp up quickly, there is a new Silverlight overview that goes over the basics and a KMS Setup Demo that you can download. As well, we have updated most of the documents in the Volume Activation 2.0 Technical Guidance Center.
In addition to the new and updated content, we’ve updated the Key Management Service (KMS) for Windows Server 2003 so that you can run a single KMS host which supports volume license editions of both Windows Vista RTM & SP1 and Windows Server 2008. The new KMS will also allow you to run it in a Windows Server 2003 virtual machine -- a big change from the original KMS. If you plan to keep your KMS on WS2003, you’ll need this update right away.
KMS v1.1 for Windows Server 2003 is now available on the Microsoft Download Center at:
X86 (EN-US) - http://go.microsoft.com/fwlink/?LinkId=82964
X64 (EN-US) - http://go.microsoft.com/fwlink/?LinkId=83041
More details about the update are outlined on Michael Greene’s blog and on the download site.
Julius Sinkevicius
In the course of talking to many Microsoft partners and customers, the Windows Small Business Server team has learned that there are sometimes misperceptions about the product, in many cases based on experiences with the earlier versions of SBS. In hopes of dispelling some of these "myths," the team has created a video log by an "SBS guru" named Tom. Take a look at some of the first videos, maybe have a few laughs, and play a game of "punch a wizard." Look for new posts, too.
This site discusses some of the SBS myths in a more, shall we say, staightforward way - such as:
I can't add additional servers to a Windows SBS domain
I can't run Terminal Services in the SBS domain.
SBS doesn't scale.
I can't upgrade my current server.
I'm going to outrgrow SBS.
The Exchange mail store limit is too small.
SBS has scaled-down versions of the included applications.
I can't use tools from Windows Server in Windows SBS.
SBS isn't secure.