The small business technology consultant is hyper-sensitive to being sold to or duped by vendors or sponsors.
Harry Brelsford, founder and CEO of SMB Nation.
Read: http://www.echannelline.com/canada/story.cfm?item=DLY082508-4
Showing posts with label smb. Show all posts
Showing posts with label smb. Show all posts
Monday, August 25, 2008
Sunday, August 24, 2008
Webinars: SBS 2008 security, merger and acquisitions with your SBS consultancy, more
hey gang - got a couple Webinar coming you way over the next few weeks....see ya there!
August 28, 2008 2PM PDT (UTC-7) Last Call for SMB Nation 2008 Fall Conference
September 9, 2008 9:00AM PDT: Security and SBS 2008 Webinar with Untangle
September 10, 2008 8:00AM PDT: Time To Sell Your SMB or SBS Consulting Practice?
cheers....harrybbbb
Harry Brelsford, CEO at SMB Nation, www.smbnation.com
Microsoft Small Business Specialist and SBS 2003 author!
ps - did u know I am holgin a SBS 2008 and EBS 2008 launch party on October 4th in Seattle?!?!?
August 28, 2008 2PM PDT (UTC-7) Last Call for SMB Nation 2008 Fall Conference
September 9, 2008 9:00AM PDT: Security and SBS 2008 Webinar with Untangle
September 10, 2008 8:00AM PDT: Time To Sell Your SMB or SBS Consulting Practice?
cheers....harrybbbb
Harry Brelsford, CEO at SMB Nation, www.smbnation.com
Microsoft Small Business Specialist and SBS 2003 author!
ps - did u know I am holgin a SBS 2008 and EBS 2008 launch party on October 4th in Seattle?!?!?
SBS 2003 and Terminal Servcies [book excerpt]
g’day folks - I am harrybbbb, the author of Windows Small Business Server 2003 Best Practices and I am delighted to give away my book - I am posting up a few pages per day until SBS 2008 ships!
Today we take a quick peek at Terminal Services in SBS 2003.
enjoy…harrybbbb
Harry Brelsford
CEO at SMB Nation www.smbnation.com, Microsoft Small Business Specialist, SBSC, MBA, CNE, MCSE, MCT, CLSE, CNP, MCP….whew!
ps - I am holding a raging SBS 2008 and Essential Business Server 2008 launch party in Seattle on October 4th…be there!
###
Terminal Services
An oldie but a goodie in the world of mobility and remote connectivity is Terminal Services. Funny how times change. My Small Business Server 2000 Best Practices book had an entire chapter dedicated to Terminal Services. This book has a mere section of discussion, as Terminal Services has become a well-established remote management tool that doesn’t warrant extensive discussion in the SBS 2003 time frame.
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
By default, Terminal Services is implemented in remote administration mode. This allows two users to connect remotely for administrative and management purposes without special licensing. Terminal Services has another mode called “application sharing mode” that is most commonly associated with a server machine (acting as a member server) dedicated to serving Terminal Services sessions to many remote mobile workers simultaneously.
BEST PRACTICE: I mentioned it early in the book and I’ll do so again. Never ever place Terminal Services in application sharing mode on the SBS 2003 server machine. Microsoft doesn’t give you the option to do this with SBS 2003 and please don’t delve deep under the hood to try and figure out how to do it!
With Terminal Services, you enjoy a remote computing session with the server, with only screen activity passed to the remote client computer. This results in a very “fast” remote computing experience, but it’s not as a network node. It’s kinda like PCAnywhere just pushing screens! But remember that in its native form (remote administration mode) in SBS 2003, Terminal Services is designed to manage the server machine (again, an additional member server would be the way for everyone to enjoy Terminal Services).
BEST PRACTICE: I’d be remiss if I didn’t honor the fact that Terminal Services has some funky licensing issues. Read the latest at www.microsoft.com/terminalservices.
You will work with Terminal Services again in Chapter 11 to manage the SBS 2003 network for SPRINGERS.
Today we take a quick peek at Terminal Services in SBS 2003.
enjoy…harrybbbb
Harry Brelsford
CEO at SMB Nation www.smbnation.com, Microsoft Small Business Specialist, SBSC, MBA, CNE, MCSE, MCT, CLSE, CNP, MCP….whew!
ps - I am holding a raging SBS 2008 and Essential Business Server 2008 launch party in Seattle on October 4th…be there!
###
Terminal Services
An oldie but a goodie in the world of mobility and remote connectivity is Terminal Services. Funny how times change. My Small Business Server 2000 Best Practices book had an entire chapter dedicated to Terminal Services. This book has a mere section of discussion, as Terminal Services has become a well-established remote management tool that doesn’t warrant extensive discussion in the SBS 2003 time frame.
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
By default, Terminal Services is implemented in remote administration mode. This allows two users to connect remotely for administrative and management purposes without special licensing. Terminal Services has another mode called “application sharing mode” that is most commonly associated with a server machine (acting as a member server) dedicated to serving Terminal Services sessions to many remote mobile workers simultaneously.
BEST PRACTICE: I mentioned it early in the book and I’ll do so again. Never ever place Terminal Services in application sharing mode on the SBS 2003 server machine. Microsoft doesn’t give you the option to do this with SBS 2003 and please don’t delve deep under the hood to try and figure out how to do it!
With Terminal Services, you enjoy a remote computing session with the server, with only screen activity passed to the remote client computer. This results in a very “fast” remote computing experience, but it’s not as a network node. It’s kinda like PCAnywhere just pushing screens! But remember that in its native form (remote administration mode) in SBS 2003, Terminal Services is designed to manage the server machine (again, an additional member server would be the way for everyone to enjoy Terminal Services).
BEST PRACTICE: I’d be remiss if I didn’t honor the fact that Terminal Services has some funky licensing issues. Read the latest at www.microsoft.com/terminalservices.
You will work with Terminal Services again in Chapter 11 to manage the SBS 2003 network for SPRINGERS.
Tuesday, August 19, 2008
Outlook Mobile Access (OMA) in SBS 2003
Hello-hello! I am Harry Brelsford, author of the Windows Small Business Server 2003 Best Practices book and each day I am posting up several pages from this purple book. I am delighted to report that we start the subject of Outlook Mobile Access (OMA) from Chapter 8 with today's post. Good stuff!
enjoy....harrybbb
Harry Brelsford | ceo at smb nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT, MCP, CNE, yadda yadda yadda
PS - did u know we are hosting a SBS conference in early october in Seattle?
###
Outlook Mobile Access
Back in Chapter 6, I wrote about forwarding e-mails to your cell phone. The forwarding works, but an even better solution is to use the newly included feature of Exchange 2003 and SBS 2003 called Outlook Mobile Access (OMA). OMA is simply OWA for web-enabled phones and PocketPC browsers. The basic features of OMA were formerly offered in Mobile Information Server 2002 and also in third party devices - now they are free!
During the SBS 2003 launch events, I met Kim Walker in Columbus, Ohio. Everyone has a gadget that they can’t live without and Kim’s addiction is e-mail on her cell phone. She has been using and managing third-party add-ins for several years and is promoting the feature to her clients. Kim has offered up some OMA info and best practices. She’s the OMA Momma and what follows in this section are her words! Go Kim!
Defining OMA
OMA offers a live text interface to your e-mail messages, calendars, tasks, and contacts. It replaces third-party add-ins at client computers or on additional servers. Therefore, it helps lower the total cost of ownership by reducing the need to deploy additional mobile server products in the corporate environment and by utilizing one mobile user device instead of multiple devices.
OMA supports Wireless Application Protocol (WAP) 2.x as well as XHTML browser-based devices, full HTML browsers and i-Mode devices such as mobile phones and personal digital assistants (PDAs).
OMA Server-Side
From the server-side, OMA setup is very simple. OMA is easier to manage than third party or desktop applications - everything is configured through Exchange System Manager. One important note is that in Standard Exchange Server 2003, OMA is disabled by default, but within SBS 2003 the default is OMA enabled (Figure 8-21).
Figure 8-21
The default Mobile Services Properties for Exchange has everything enabled.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Notice the section titled Enable unsupported devices. Many devices have not been fully tested by Microsoft and are not on the supported device list. By default this box is checked, allowing a user to access Exchange on theses untested devices. The user gets an error that says: The device type you are using is not supported. Press OK to continue. This is shown in Figure 8-22. Once you press OK on the device, the service is generally available.
Figure 8-22
This is a screenshot from a mobile phone showing a failed connection.
BEST PRACTICE: Keep the Enabled unsupported devices checkbox
selected.
You can grant OMA access on an individual case-by-case basis. Say Norm Hasborn, owner of SPRINGERS, gets a new cell phone and doesn’t tell you. If Outlook Mobile Access is disabled for him (see Figure 8-23), he might test out OMA and get an error. He won’t have OMA access until he calls you, the SBSer, for support.
Figure 8-23
You can disable Mobile Services for individual user.
BEST PRACTICE: If you decide to manually add a user e-mail alias rather than run a custom recipient policy, your user will get an error accessing OMA: Item no longer exists. The item you are attempting to access may have been deleted or moved.
OMA Client-Side
From the client-side OMA is also fairly simple. It does not have all of the bells and whistles some third-party software has had, but it is definitely functional. OMA is customized for low-bandwidth high-latency type environments, but it still has the same feature set. Reply still means reply. Decline a meeting still means decline a meeting.
Time to use the SPRINGERS methodology where you will send an e-mail, enter contact records, and perform other such tasks from OMA. OMA can be
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
accessed from a desktop computer as well - you don’t have to have a mobile device. In fact, if you are using your laptop in a location with a very slow connection, OMA will get you to your e-mail without any OWA overhead.
Sending an E-mail
Time for some step-by-step to have NormH check his e-mail.
1 From the mobile device, point your browser to the following address: http://springers1.springersltd.com/oma.
2 At the Authentication required screen, type NormH in the User field and click OK.
3 On the Password screen, enter Purple3300 and click OK.
4 If you get the device type not supported error (wording may vary), click OK.
5 You are taken to the Exchange Mailbox for the user (Figure 8-24). You can scroll (down arrow on cell phone) to see all of the Mailbox options (such as Calendar, Contacts, Tasks, etc.).
Figure 8-24
The OMA-based Mailbox on the mobile phone.
6. To read Norm’s inbox, press the 1 or the Go menu button.. This will bring you to his Inbox listing (Figure 8-25).
Figure 8-25
This is an Inbox on a mobile phone.
The asterisk on the first message in Figure 8-24 means that this is unread. Also notice the second message is the Standard SBS 2003 Server Performance report
-it might take a little while to read through on the small screen, but in a pinch it’s great. To read any message just select Go while highlighted or hit the corresponding number (there will not be numbers in standard Internet Explorer form a desktop). OMA provides full-featured e-mail functionality, including compose new, read, reply, reply all, forward, delete, flag, and mark as unread. From the details view of messages, you can browse to previous message or next message, close, or go home.
In the OMA calendar view, you can view today, next/previous day, or go to the day of your choice. For any OMA calendar item, you can accept, tentative, decline, reply, reply all, forward, delete, and view details.
Comparing OMA to Other Approaches
So how does OMA compare to cellular-provided desktop assistant programs? Functionality is similar, but the major advantage is that the phone now connects directly to the server. In order for one of the Desktop Assistant programs to
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
function, the desktop must remain turned on with the forwarding program running. This places the failure point at the desktop and also uses both LAN and Internet bandwidth.
How does OMA on a standard cell phone compare to a SmartPhone or blackberry device? Generally cell telephones have smaller screens, but as you can see from the screen shots, if the phone is set to a small text, it is still readable. It is not as easy to type a reply, but it is possible and you can still check messages anywhere.
One important difference between OMA browser access and synchronization devices is that the information is only accessible when the user is in cellular coverage. The data does not get stored on the phone, but can be viewed only in the browser while the user is authenticated to the server.
As of this writing, I dearly miss some of the tricks that third party software offered. One of these tricks is a text message/page notification of mail - a rule that tells the user to check the mailbox rather than forward the message. For now, you can use the forward message from Chapter 6 for specific messages. In the past I have used notifications to page me when I received a message of high importance or a server message (based on words in the subject) or by sender. I check my e-mail frequently, but if I was in a meeting it would alert me to an issue that might be critical.
Daily OMA Use
I use OMA all of the time. Personally, I have a separate folding keyboard that attaches to my cell phone - I can send and receive e-mails without pulling up my laptop, but when I don’t need it I still have a small form factor phone. Without a keyboard, you don’t want to type long e-mails or replies, but you could send a short message saying “YES” (literal telephone pad keystroke sequence is: yes - Y - 999, E - 33, S - 7777 - it’s the new Morse code). OMA is also great for checking calendar updates. While running from one meeting to another, you can quickly check to see if the upcoming meeting time or location has been moved.
Thanks, Kim, for the OMA expertise. Won’t you consider speaking on this at the SMB Nation conference in Fall 2004? I can’t resist sharing a photo from the Fall 2003 SBS hands-on lab tour where a student in San Francisco implemented OMA right in the class room (Figure 8-26).
Figure 8-26
Live from San Francisco! It’s OMA and SBS 2003.
enjoy....harrybbb
Harry Brelsford | ceo at smb nation | www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT, MCP, CNE, yadda yadda yadda
PS - did u know we are hosting a SBS conference in early october in Seattle?
###
Outlook Mobile Access
Back in Chapter 6, I wrote about forwarding e-mails to your cell phone. The forwarding works, but an even better solution is to use the newly included feature of Exchange 2003 and SBS 2003 called Outlook Mobile Access (OMA). OMA is simply OWA for web-enabled phones and PocketPC browsers. The basic features of OMA were formerly offered in Mobile Information Server 2002 and also in third party devices - now they are free!
During the SBS 2003 launch events, I met Kim Walker in Columbus, Ohio. Everyone has a gadget that they can’t live without and Kim’s addiction is e-mail on her cell phone. She has been using and managing third-party add-ins for several years and is promoting the feature to her clients. Kim has offered up some OMA info and best practices. She’s the OMA Momma and what follows in this section are her words! Go Kim!
Defining OMA
OMA offers a live text interface to your e-mail messages, calendars, tasks, and contacts. It replaces third-party add-ins at client computers or on additional servers. Therefore, it helps lower the total cost of ownership by reducing the need to deploy additional mobile server products in the corporate environment and by utilizing one mobile user device instead of multiple devices.
OMA supports Wireless Application Protocol (WAP) 2.x as well as XHTML browser-based devices, full HTML browsers and i-Mode devices such as mobile phones and personal digital assistants (PDAs).
OMA Server-Side
From the server-side, OMA setup is very simple. OMA is easier to manage than third party or desktop applications - everything is configured through Exchange System Manager. One important note is that in Standard Exchange Server 2003, OMA is disabled by default, but within SBS 2003 the default is OMA enabled (Figure 8-21).
Figure 8-21
The default Mobile Services Properties for Exchange has everything enabled.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Notice the section titled Enable unsupported devices. Many devices have not been fully tested by Microsoft and are not on the supported device list. By default this box is checked, allowing a user to access Exchange on theses untested devices. The user gets an error that says: The device type you are using is not supported. Press OK to continue. This is shown in Figure 8-22. Once you press OK on the device, the service is generally available.
Figure 8-22
This is a screenshot from a mobile phone showing a failed connection.
BEST PRACTICE: Keep the Enabled unsupported devices checkbox
selected.
You can grant OMA access on an individual case-by-case basis. Say Norm Hasborn, owner of SPRINGERS, gets a new cell phone and doesn’t tell you. If Outlook Mobile Access is disabled for him (see Figure 8-23), he might test out OMA and get an error. He won’t have OMA access until he calls you, the SBSer, for support.
Figure 8-23
You can disable Mobile Services for individual user.
BEST PRACTICE: If you decide to manually add a user e-mail alias rather than run a custom recipient policy, your user will get an error accessing OMA: Item no longer exists. The item you are attempting to access may have been deleted or moved.
OMA Client-Side
From the client-side OMA is also fairly simple. It does not have all of the bells and whistles some third-party software has had, but it is definitely functional. OMA is customized for low-bandwidth high-latency type environments, but it still has the same feature set. Reply still means reply. Decline a meeting still means decline a meeting.
Time to use the SPRINGERS methodology where you will send an e-mail, enter contact records, and perform other such tasks from OMA. OMA can be
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
accessed from a desktop computer as well - you don’t have to have a mobile device. In fact, if you are using your laptop in a location with a very slow connection, OMA will get you to your e-mail without any OWA overhead.
Sending an E-mail
Time for some step-by-step to have NormH check his e-mail.
1 From the mobile device, point your browser to the following address: http://springers1.springersltd.com/oma.
2 At the Authentication required screen, type NormH in the User field and click OK.
3 On the Password screen, enter Purple3300 and click OK.
4 If you get the device type not supported error (wording may vary), click OK.
5 You are taken to the Exchange Mailbox for the user (Figure 8-24). You can scroll (down arrow on cell phone) to see all of the Mailbox options (such as Calendar, Contacts, Tasks, etc.).
Figure 8-24
The OMA-based Mailbox on the mobile phone.
6. To read Norm’s inbox, press the 1 or the Go menu button.. This will bring you to his Inbox listing (Figure 8-25).
Figure 8-25
This is an Inbox on a mobile phone.
The asterisk on the first message in Figure 8-24 means that this is unread. Also notice the second message is the Standard SBS 2003 Server Performance report
-it might take a little while to read through on the small screen, but in a pinch it’s great. To read any message just select Go while highlighted or hit the corresponding number (there will not be numbers in standard Internet Explorer form a desktop). OMA provides full-featured e-mail functionality, including compose new, read, reply, reply all, forward, delete, flag, and mark as unread. From the details view of messages, you can browse to previous message or next message, close, or go home.
In the OMA calendar view, you can view today, next/previous day, or go to the day of your choice. For any OMA calendar item, you can accept, tentative, decline, reply, reply all, forward, delete, and view details.
Comparing OMA to Other Approaches
So how does OMA compare to cellular-provided desktop assistant programs? Functionality is similar, but the major advantage is that the phone now connects directly to the server. In order for one of the Desktop Assistant programs to
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
function, the desktop must remain turned on with the forwarding program running. This places the failure point at the desktop and also uses both LAN and Internet bandwidth.
How does OMA on a standard cell phone compare to a SmartPhone or blackberry device? Generally cell telephones have smaller screens, but as you can see from the screen shots, if the phone is set to a small text, it is still readable. It is not as easy to type a reply, but it is possible and you can still check messages anywhere.
One important difference between OMA browser access and synchronization devices is that the information is only accessible when the user is in cellular coverage. The data does not get stored on the phone, but can be viewed only in the browser while the user is authenticated to the server.
As of this writing, I dearly miss some of the tricks that third party software offered. One of these tricks is a text message/page notification of mail - a rule that tells the user to check the mailbox rather than forward the message. For now, you can use the forward message from Chapter 6 for specific messages. In the past I have used notifications to page me when I received a message of high importance or a server message (based on words in the subject) or by sender. I check my e-mail frequently, but if I was in a meeting it would alert me to an issue that might be critical.
Daily OMA Use
I use OMA all of the time. Personally, I have a separate folding keyboard that attaches to my cell phone - I can send and receive e-mails without pulling up my laptop, but when I don’t need it I still have a small form factor phone. Without a keyboard, you don’t want to type long e-mails or replies, but you could send a short message saying “YES” (literal telephone pad keystroke sequence is: yes - Y - 999, E - 33, S - 7777 - it’s the new Morse code). OMA is also great for checking calendar updates. While running from one meeting to another, you can quickly check to see if the upcoming meeting time or location has been moved.
Thanks, Kim, for the OMA expertise. Won’t you consider speaking on this at the SMB Nation conference in Fall 2004? I can’t resist sharing a photo from the Fall 2003 SBS hands-on lab tour where a student in San Francisco implemented OMA right in the class room (Figure 8-26).
Figure 8-26
Live from San Francisco! It’s OMA and SBS 2003.
Monday, August 11, 2008
Remote Web Workplace (RWW) in SBS
Good Monday to u. I am posting up several pages per day of my Windows Small Business Server 2003 Best Practices (SBS) book and today we getting further into the mobility chapter. Specifically - I introduce Remote Web Workplace aka RWW (tomorrow we will delve into some procedures on it).
cheers...harrybbb
Harry Brelsford, Author, Consultant and CEO at SMB Nation www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT and other non-sense!
PS - did u know I hold a fall conference for SBSers in Seattle? :)
###
Remote Web Workplace
Not only does travel, which is “remote” by its very nature, allow you to learn firsthand the mobility solutions in SBS 2003, it affords the opportunity to meet SBSers worldwide who have different viewpoints to contribute. Across this book, such diverse insights have been interjected in a technical realm. Every day, SBSers worldwide are thinking of ways to work with SBS 2003 not imagined by the SBS development team in Redmond, Washington, or yours truly on Bainbridge Island. In this case, the insight is humorous, wherein some SBSer known only to the SBSers above, started pronouncing RWW as “arrr-wuuuwuuu,” an admittedly silly saying that seems to have found traction.
BEST PRACTICE: Rumor has it that, in Redmond, this area is called RUP (rhymes with pup, like puppy). If you call Microsoft Product Support Services (PSS), you could say RUP and arrr-wuuu-wuuu, but your coworkers who overhear the telephone call might look at you kinda funny.
BEST PRACTICE: Two initial thoughts on RWW are important to carry forward. First, when you access the external Web page that is exposed on the external interface of your SBS server machine, it is a Welcome Web site that greets you. This assume you opened Port
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
80 by selecting Business Web on the Web Services Configuration page in the EICW (not recommended). This is NOT RWW at this point. Rather, you select RWW from the Remote Web Workplace link from the Welcome Web site. Better yet, you can access RWW by addressing it via the FQDN/remote (discussed more later). Second, a point of confusion amongst SBS 2003 hands-on lab attendees in the Fall of 2003 was that RWW offers only the ability to take remote control of your desktop at work. That’s only part of RWW. This will be revealed herein, but it’s good to have this little chat first. Forward!
cheers...harrybbb
Harry Brelsford, Author, Consultant and CEO at SMB Nation www.smbnation.com
Microsoft Small Business Specialist (SBSC), MBA, MCSE, MCT and other non-sense!
PS - did u know I hold a fall conference for SBSers in Seattle? :)
###
Remote Web Workplace
Not only does travel, which is “remote” by its very nature, allow you to learn firsthand the mobility solutions in SBS 2003, it affords the opportunity to meet SBSers worldwide who have different viewpoints to contribute. Across this book, such diverse insights have been interjected in a technical realm. Every day, SBSers worldwide are thinking of ways to work with SBS 2003 not imagined by the SBS development team in Redmond, Washington, or yours truly on Bainbridge Island. In this case, the insight is humorous, wherein some SBSer known only to the SBSers above, started pronouncing RWW as “arrr-wuuuwuuu,” an admittedly silly saying that seems to have found traction.
BEST PRACTICE: Rumor has it that, in Redmond, this area is called RUP (rhymes with pup, like puppy). If you call Microsoft Product Support Services (PSS), you could say RUP and arrr-wuuu-wuuu, but your coworkers who overhear the telephone call might look at you kinda funny.
BEST PRACTICE: Two initial thoughts on RWW are important to carry forward. First, when you access the external Web page that is exposed on the external interface of your SBS server machine, it is a Welcome Web site that greets you. This assume you opened Port
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
80 by selecting Business Web on the Web Services Configuration page in the EICW (not recommended). This is NOT RWW at this point. Rather, you select RWW from the Remote Web Workplace link from the Welcome Web site. Better yet, you can access RWW by addressing it via the FQDN/remote (discussed more later). Second, a point of confusion amongst SBS 2003 hands-on lab attendees in the Fall of 2003 was that RWW offers only the ability to take remote control of your desktop at work. That’s only part of RWW. This will be revealed herein, but it’s good to have this little chat first. Forward!
Monday, August 4, 2008
SharePointables in SBS 2003 (WSS in SBS)
Happy Monday Mornging To YOU!
I am posting up more SharePointables today from Chapter 7 of Windows Small Business Server 2003 Best Practices. As you may know - I am the author of the "purple book" and I am posting up several pages a day until SBS 2008 ships. I consider this my way of giving to the SBS COMMUNITY!
Enjoy learn more about SharePointables in Windows SharePoint Services and remember this BLAST FORM THE PAST: Wasn't it a SharePoint date bug in late November 2003 (Thanksgiving Weekend) that caused fits for theearly part of the SBS 2003 product lauch cycle? YEP! It was folks like Wayne Small and Jeff Middleton holding a workshop in Australia that discovered it along with Microsoft aussie MArk o'Shea!
Enjoy the read...harrybbbb
Harry Brelsford, CEO at SMB Nation, www.smbnation.com
Microsoft Small Business Specialist (SBSC),MBA, MCSE,MCT, CNE and other madness!
###
BEST PRACTICE: Another SBS client I have who is starting to greatly benefit from WSS is a real estate company with a HUGE photo library of commercial real estate properties. Keeping the photos organized was historically a major problem and one that WSS has solved in a single stroke of the proverbial pen. And we didn’t have to deploy Adobe’s new Photoshop Album 2.0.
Lists
Business people are slaves to lists! So the inclusion of built-in common lists, such as announcements, will sit well with the business folks using the SBS network. You can create your own lists to meet your specific needs, which is the beauty of the list paradigm in WSS.
BEST PRACTICE: That is a key point I don’t want you to miss: creating custom lists. Whereas Microsoft masters on the SBS development team have made sound decisions about the common lists required in a business, they can’t hope to know the unique requirements you face. Ergo, you can to add massive business value in WSS by creating lists that meet your specific needs. These could be needs that were never even anticipated by Microsoft (or even me!).
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Pay particular attention to the Help Desk list. This is unique to SBS 2003 and is a really cool technology management feature. It is shown in Figure 7-19 with a user request that I’ve added (Elvis can’t print...). Please create a similar request now. I’ll relate this to the Administrator’s view of Remote Web Workplace in the next chapter.
Figure 7-19
A user needs help!
I highly recommend you also horse around with the Vacation Calendar (also unique to SBS 2003), as seen in Figure 7-20. This provides a centralized calendar for employees to make entries for out-of-office experiences, including vacation. My concern here is that you might be creating an “island of information” outside of Microsoft Exchange Server 2003 (Chapter 6). You do have the ability to link it back to Outlook by clicking Link to Outlook (you’ll then reply Yes to a request to add a folder to Outlook 2003). By doing so a SharePoint Folders object is added to the Exchange Server 2003 organization and a calendar object titled Springer Spaniels Limited - Vacation Calendar is created (Figure 7-21).
BEST PRACTICE: So said vacation calendar concerns so noted, how about some perspective on why the SBS development team added this to WSS in SBS 2003. What the SBS development team members found with numerous customer site visits is that most small companies maintained a manual vacation calendar on the wall of the kitchen. The vacation calendar in WSS is intend to replace the manual calendar. It’s not meant to compete with Public Folders.
While you and I are this topic of what was presented to you (vacation calendar), let me share with you what wasn’t presented in SBS 2003. The SBS development team decided not to present WSS contacts and tasks (which you’d see in the full WSS on a non-SBS 2003 implementation) in order to prevent small business confusion. You should use the Springer Spaniels Limited Contacts in Public Folders for your contact sharing needs. Shared tasks could also be a Public Folder object.
Figure 7-20
NormH is getting away for a few days of skiing, according to the vacation calendar at SPRINGERS!
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-21
The ability to populate a calendar object in Exchange/Outlook assists in overcoming an “island of information” fear about using the vacation calendar in WSS.
Discussions
The newsgroup meets SBS 2003! This is your chance to internally deploy a threaded newsgroup discussion in the organization running SBS 2003. This can be a more effective way to communicate business matters versus e-mails, because it’s easier to preserve the discussion over time. That way, a new employee who “didn’t get the e-mail” is able to follow the important business discussion. Just promise me that you will actively manage the newsgroup to minimize DRAMA!
Surveys
Why not? Why not create a survey to find out what folks think about business, technology, or event politics at the small business? There are entire management texts dedicated to business communication, facilitation, feedback, and sampling, so I’ll just plant the seed here and make you aware that a very simple survey vehicle exists for your use. USE IT!
BEST PRACTICE: Much of the SBS-specific cool stuff in WSS I’ve highlighted so far is the result of the insight, wisdom, and fortitude of a Microsoft SBS program manager named “Dean” (we’ll use AA rules here to protect his full identity). Dean “owned” WSS in the SBS 2003 time frame, and he had the vision to see both the business and technical dimensions to this tool kit. Please point your positive vibes towards Dean! And Dean, take a bow!
I am posting up more SharePointables today from Chapter 7 of Windows Small Business Server 2003 Best Practices. As you may know - I am the author of the "purple book" and I am posting up several pages a day until SBS 2008 ships. I consider this my way of giving to the SBS COMMUNITY!
Enjoy learn more about SharePointables in Windows SharePoint Services and remember this BLAST FORM THE PAST: Wasn't it a SharePoint date bug in late November 2003 (Thanksgiving Weekend) that caused fits for theearly part of the SBS 2003 product lauch cycle? YEP! It was folks like Wayne Small and Jeff Middleton holding a workshop in Australia that discovered it along with Microsoft aussie MArk o'Shea!
Enjoy the read...harrybbbb
Harry Brelsford, CEO at SMB Nation, www.smbnation.com
Microsoft Small Business Specialist (SBSC),MBA, MCSE,MCT, CNE and other madness!
###
BEST PRACTICE: Another SBS client I have who is starting to greatly benefit from WSS is a real estate company with a HUGE photo library of commercial real estate properties. Keeping the photos organized was historically a major problem and one that WSS has solved in a single stroke of the proverbial pen. And we didn’t have to deploy Adobe’s new Photoshop Album 2.0.
Lists
Business people are slaves to lists! So the inclusion of built-in common lists, such as announcements, will sit well with the business folks using the SBS network. You can create your own lists to meet your specific needs, which is the beauty of the list paradigm in WSS.
BEST PRACTICE: That is a key point I don’t want you to miss: creating custom lists. Whereas Microsoft masters on the SBS development team have made sound decisions about the common lists required in a business, they can’t hope to know the unique requirements you face. Ergo, you can to add massive business value in WSS by creating lists that meet your specific needs. These could be needs that were never even anticipated by Microsoft (or even me!).
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Pay particular attention to the Help Desk list. This is unique to SBS 2003 and is a really cool technology management feature. It is shown in Figure 7-19 with a user request that I’ve added (Elvis can’t print...). Please create a similar request now. I’ll relate this to the Administrator’s view of Remote Web Workplace in the next chapter.
Figure 7-19
A user needs help!
I highly recommend you also horse around with the Vacation Calendar (also unique to SBS 2003), as seen in Figure 7-20. This provides a centralized calendar for employees to make entries for out-of-office experiences, including vacation. My concern here is that you might be creating an “island of information” outside of Microsoft Exchange Server 2003 (Chapter 6). You do have the ability to link it back to Outlook by clicking Link to Outlook (you’ll then reply Yes to a request to add a folder to Outlook 2003). By doing so a SharePoint Folders object is added to the Exchange Server 2003 organization and a calendar object titled Springer Spaniels Limited - Vacation Calendar is created (Figure 7-21).
BEST PRACTICE: So said vacation calendar concerns so noted, how about some perspective on why the SBS development team added this to WSS in SBS 2003. What the SBS development team members found with numerous customer site visits is that most small companies maintained a manual vacation calendar on the wall of the kitchen. The vacation calendar in WSS is intend to replace the manual calendar. It’s not meant to compete with Public Folders.
While you and I are this topic of what was presented to you (vacation calendar), let me share with you what wasn’t presented in SBS 2003. The SBS development team decided not to present WSS contacts and tasks (which you’d see in the full WSS on a non-SBS 2003 implementation) in order to prevent small business confusion. You should use the Springer Spaniels Limited Contacts in Public Folders for your contact sharing needs. Shared tasks could also be a Public Folder object.
Figure 7-20
NormH is getting away for a few days of skiing, according to the vacation calendar at SPRINGERS!
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-21
The ability to populate a calendar object in Exchange/Outlook assists in overcoming an “island of information” fear about using the vacation calendar in WSS.
Discussions
The newsgroup meets SBS 2003! This is your chance to internally deploy a threaded newsgroup discussion in the organization running SBS 2003. This can be a more effective way to communicate business matters versus e-mails, because it’s easier to preserve the discussion over time. That way, a new employee who “didn’t get the e-mail” is able to follow the important business discussion. Just promise me that you will actively manage the newsgroup to minimize DRAMA!
Surveys
Why not? Why not create a survey to find out what folks think about business, technology, or event politics at the small business? There are entire management texts dedicated to business communication, facilitation, feedback, and sampling, so I’ll just plant the seed here and make you aware that a very simple survey vehicle exists for your use. USE IT!
BEST PRACTICE: Much of the SBS-specific cool stuff in WSS I’ve highlighted so far is the result of the insight, wisdom, and fortitude of a Microsoft SBS program manager named “Dean” (we’ll use AA rules here to protect his full identity). Dean “owned” WSS in the SBS 2003 time frame, and he had the vision to see both the business and technical dimensions to this tool kit. Please point your positive vibes towards Dean! And Dean, take a bow!
Thursday, July 31, 2008
More WSS stuff: alerts, workspaces, etc. in SBS 2003
Hiho- I continue my journey ofposting up pages from Window Small Buiness Server 2003 Best Practices - we are in chapter seven and this is more document management talk about Windows SharePoint Services in SBS 2003.
enjoy...harrybbbb
Harry Brelsford
ceo at smb nation, www.smbnation.com
micosoft small business specialist (SBSC)
More Document Management
Had enough in the document management realm? No? Good. Let’s do more. In this section, you’ll explore alerts, adding a discussion item and creating a document workspace plus more! It all starts with a deftly placed click on the Breeder1.doc drop-down context menu (remember Figure 7-5) under Jones Family.
• Alert Me. Select this menu option. View the suggested settings on the New Alert: Clients: Breeder1.doc that appears (Figure 7-10). Click OK to implement this cool functionality.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-10
Implementing alerts should be considered a powerful component of the basic document management capability of WSS.
• Discuss. This is similar to the “yellow stickies” you might have used with Adobe Acrobat. It’s actually based on the discussion object in Internet Explorer. Click on the Discuss option and then click Open on the File Download dialog box that appears. The document opens. Observe the Discussion tool bar that appears at the bottom. With the icons on this toolbar, you only have the option to have a discussion about a document (and not make the discussion part of the document). The ability to insert a discussion item into the actual document is disabled. Complete the Discussion subject and Discussion text fields and click OK. Your screen should look similar to Figure 7-11. Select the Home icon in Internet Explorer to return to the WSS home page for SPRINGERS.
Figure 7-11
Having a document discussion is another great way to use WSS for document management.
• Create Document Workspace. Navigate back to Jones Family and select Create Document Workspace from the drop-down context menu for Breeder1.doc. Click OK on the Create Document Workspace page. The result will appear similar to Figure 7-12. So why would you want a document workspace? The idea is that you’re creating a new site where you can create a collaboration area separate from the main site (say for managing a project). You can also apply unique permissions to the Document Workspace.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-12
Using the document workspace capability in WSS.
• New Document Creation. Click on Up to Springer Spaniels Limited. Return to the Jones Family folder and select New Document. Click OK. Type in some text and close the document. You will be promoted to save it and be presented with a Save As dialog box that will place the document in WSS, as seen in Figure 7-13. Click Save to save the document. This new document will appear in the same list as Breeder1.doc.
Notes:
Figure 7-13
Creating a new document the WSS way!
enjoy...harrybbbb
Harry Brelsford
ceo at smb nation, www.smbnation.com
micosoft small business specialist (SBSC)
More Document Management
Had enough in the document management realm? No? Good. Let’s do more. In this section, you’ll explore alerts, adding a discussion item and creating a document workspace plus more! It all starts with a deftly placed click on the Breeder1.doc drop-down context menu (remember Figure 7-5) under Jones Family.
• Alert Me. Select this menu option. View the suggested settings on the New Alert: Clients: Breeder1.doc that appears (Figure 7-10). Click OK to implement this cool functionality.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-10
Implementing alerts should be considered a powerful component of the basic document management capability of WSS.
• Discuss. This is similar to the “yellow stickies” you might have used with Adobe Acrobat. It’s actually based on the discussion object in Internet Explorer. Click on the Discuss option and then click Open on the File Download dialog box that appears. The document opens. Observe the Discussion tool bar that appears at the bottom. With the icons on this toolbar, you only have the option to have a discussion about a document (and not make the discussion part of the document). The ability to insert a discussion item into the actual document is disabled. Complete the Discussion subject and Discussion text fields and click OK. Your screen should look similar to Figure 7-11. Select the Home icon in Internet Explorer to return to the WSS home page for SPRINGERS.
Figure 7-11
Having a document discussion is another great way to use WSS for document management.
• Create Document Workspace. Navigate back to Jones Family and select Create Document Workspace from the drop-down context menu for Breeder1.doc. Click OK on the Create Document Workspace page. The result will appear similar to Figure 7-12. So why would you want a document workspace? The idea is that you’re creating a new site where you can create a collaboration area separate from the main site (say for managing a project). You can also apply unique permissions to the Document Workspace.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 7-12
Using the document workspace capability in WSS.
• New Document Creation. Click on Up to Springer Spaniels Limited. Return to the Jones Family folder and select New Document. Click OK. Type in some text and close the document. You will be promoted to save it and be presented with a Save As dialog box that will place the document in WSS, as seen in Figure 7-13. Click Save to save the document. This new document will appear in the same list as Breeder1.doc.
Notes:
Figure 7-13
Creating a new document the WSS way!
Saturday, July 26, 2008
Webinar this Tuesday: Webinar: The Automation Revelation: A Webcast Designed for IT Service Providers
July, 29, 2008 10am PST-11am PST
You have done your research on the benefits of managed services, and are well on your way to becoming a managed service provider (MSP) – but what is missing? It’s time to take a closer look what it takes to be a successful MSP – what services to deliver, how to price them and how to migrate customers to SLAs.
In this Webcast, IT service providers will discover the deeper benefits of moving into the MSP arena – benefits like becoming a part of your customers’ problem-solving team rather than just being an option for a quick remedy, plus the ultimate goal of ‘recurring revenue’. You will learn about market trends, including the tremendous ground swell within the channel of establishing MSP initiatives. Join SMB Nation, Jim Alves, EVP of Product Marketing for Kaseya, and Jay Tipton, CEO for Technology Specialists as they take your questions in real time
Sign up at www.smbnation.com - Events - Webinars.....
You have done your research on the benefits of managed services, and are well on your way to becoming a managed service provider (MSP) – but what is missing? It’s time to take a closer look what it takes to be a successful MSP – what services to deliver, how to price them and how to migrate customers to SLAs.
In this Webcast, IT service providers will discover the deeper benefits of moving into the MSP arena – benefits like becoming a part of your customers’ problem-solving team rather than just being an option for a quick remedy, plus the ultimate goal of ‘recurring revenue’. You will learn about market trends, including the tremendous ground swell within the channel of establishing MSP initiatives. Join SMB Nation, Jim Alves, EVP of Product Marketing for Kaseya, and Jay Tipton, CEO for Technology Specialists as they take your questions in real time
Sign up at www.smbnation.com - Events - Webinars.....
Thursday, July 24, 2008
Exchange MX records, migrations, IM in SBS 2003
Today's book excerpt (Windows Small Business Server 2003 Best Practices) has a messaging buffet:
Multiple MX records
Instant Message
Exchange Migrations
Extending Exchange
Whew -enjoy the read....there is a lot here!
cheers...harrybbbb (your fellow Microsoft Small Business Specialist - SBSC)
Harry Brelsford, CEO of SMB Nation, www.smbnation.com
###
Mail Bagging and Multiple MX Records
No, this isn’t a paragraph that will replay a tale of sassy Samantha (a lead character on HBO’s popular program Sex in the City) having a racy encounter with a postal worker. Rather, this is about having a backup location for your e-mail to flow to when your SBS 2003 server machine (properly running Exchange for SMTP e-mail) is offline. Instead of the senders in the “offline SBS 2003 server machine” situation receiving an NDR or bounced e-mail
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
message, these incoming e-mails can temporarily reside on another mail server. Later on, you would retrieve and properly distribute these e-mails using a tool such as the POP3 Connector in SBS 2003 that was discussed above.
BEST PRACTICE: If you think you might like to have this form of messaging redundancy, consult with your ISP to arrange it. Your ISP, who I assume is holding your DNS records, will need to enter a second MX record with a lower priority that points to a backup mail server (typically maintained by the ISP).
I’ll cover this topic more, including more procedural steps, in my
forthcoming advanced SBS 2003 book due in mid-2004.
Exchange Migrations
This topic, another one way outside the SPRINGERS story line, merits mention nonetheless. You might find yourself in a situation where you need to move Exchange data because of an upgrade or migration. While I discuss upgrades and migrations more in Appendix B, the point is that you’ll possibly encounter such a scenario and you need at least some basic guidance.
The tools that you’ll use to migrate Exchange data is the ExMerge tool. For the latest discussion on the use of ExMerge, visit www.microsoft.com/technet and search on the “exmerge” term. You’ll see the page in Figure 6-13 that advises you to download the Exchange 2003: Mailbox Merge Wizard (ExMerge) tool.
BEST PRACTICE: Yes - you read correctly. The ExMerge tool is now downloaded. In the SBS 2000 time frame, it was found on the SBS setup disc that contained the Exchange application. Such is not the case in the SBS 2003 time frame.
Notes:
Figure 6-13
Go here for the ExMerge tool to migrate your all-important Exchange data.
So a few pointers to send you forward with respect to Exchange’s ExMerge tool:
• This version of ExMerge requires an “ExMerge” user account with administrator-level permissions to function correctly. This wasn’t the case in the SBS 2000 timeframe.
• ExMerge can be run against older versions of Exchange (5.5, 2000) and thus serves as an effective migration tool.
• ExMerge interacts with mailboxes, not public folders or Internet favorites. This interaction is basically import and export capabilities. You will need to manually import and export the content of public folders using the Import and Export option on the File menu in Outlook. Internet favorites, accessible from Outlook and considered by some to be part of the messaging migration mix, can be either manually migrated or migrated by using the profile migration capabilities of the Add User Wizard that was explored in Chapter 4.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
BEST PRACTICE: There is a key, public folders point to make about that bullet above. As you’ll learn later, the SBS development team has dramatically increased the visibility of public folder usage by creating company-related objects in SBS 2003. So it’s a reasonable assumption that you will put important data in the company-related public folder objects (such as maintaining a company-wide customer contacts). Given that, you will need to manually migrate such data.
• If ExMerge fails with a mailbox (this can happen when a PST file you’re working with has been flagged to read-only and would occur if you moved a PST file by writing it to a CD disc), then you can always revert back to the manual import/export capability in Outlook as described in the bullet above.
BEST PRACTICE: Microsoft has posted additional migration guidance at www.microsoft.com/exchange. As of this writing, there is a scenario for migrating from Exchange 5.5 to Exchange 2003.
Instant Messaging - NOT!
It’s unfortunate but true in SBS 2003 that the Exchange Server 2003 component has removed the instant messaging capability that many of us enjoyed in the SBS 2000 time frame. Many readers will recall that my prior book, Small Business Server 2000 Best Practices, provided the procedures for configuring this wonderful cool tool.
In the SBS 2003 time frame, you will now need to supply Instant Messaging functionality differently. You can purchase Microsoft’s new Live Communications Server, starting at $1,059 with five CALs (your rich SBS CALs do not cover this server application). Live Communication Server information is shown in Figure 6-14.
BEST PRACTICE: A member of the SBS development team has confirmed that Live Communications Server does install and function for internal messaging in SBS 2003. However, users will need to logon to the instant messaging client with their internal name (e.g. Normh@springersltd.local). There will be a white paper out that
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
will teach you how to intregrate SBS 2003 and Live Communications Server (no publication date available at my press deadline).
Figure 6-14
Those SBS legacy sites that utilize Instant Messaging will need to strongly consider Live Communications Server to deliver the same functionality in the SBS2003 time frame.
BEST PRACTICE: There is a poor man’s way to deliver instant messaging on an SBS 2003 network: Use MSN. That’s right! The Internet-based MSN instant messaging capability, described in Figure 6-15, may be just the cheapo ticket you’re looking for. Visit www.msn.com/people, but be advised one drawback of this approach is that your chat traffic will result in increased Internet traffic, and there is a huge assumption that you have Internet connectivity!
Note that some readers have reported that they prefer the instant messaging solution from Yahoo! at www.yahoo.com.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 6-15
Consider MSN to restore basic instant messaging (called IM by some folks) to SBS 2003.
Extending Exchange
Some topics fit better under a heading about extending Exchange, rather than peeking under the hood as the last section did. In this section, I’ll share some thoughts about implementing Exchange in SBS 2003 on a storage area network (SAN), support for multiple Exchange servers, and use of Exchange Conferencing Server.
Storage Area Networks
The consultants and trainers in the readership of this book will appreciate the following sentiment. Because of your numerous customers, you see and hear a lot of things you might not otherwise think of yourself. Such was the case recently in Phoenix (the city, not the bird) where a keen student attending the SBS 2003 hands-on labs asked about redirecting the Exchange Store database to a SAN during the setup of SBS 2003. The answer is that this is supported. On
the SBS 2003 Setup page that speaks towards data folder redirection (see Figure 3-21), you would redirect the Exchange Store to a SAN via a Uniform Naming Convention (UNC) path such as \\server2\storage\exchange.
Multiple Exchange Servers
This is the type of paragraph I like to insert in a book such as this for the SBS gurus out there who aren’t happy with a text until the find something they don’t know. Then these same gurus are your friends for life. So here is such an opportunity. You CAN have multiple Exchange servers on the same SBS 2003 network. You might want do this to shoehorn SBS 2003 into a multiple office scenario or to gain some form of messaging database redundancy. This would be accomplished by purchasing a second copy of Exchange Server 2003 (standard edition) and installing it on a second server running Windows Server 2003 (which you would also need to purchase). You would then link the Exchange servers together as part of the Exchange Server site.
The bottom line for introducing another Exchange server machine into your SBS 2003 network? You’d be out the following “hard costs”:
• Exchange Server 2003 standard edition: $699 USD
• Exchange 2003 User CAL: $67 USD/each user
• Windows Server 2003: $999 USD
• HP ML 350 Server Machine (adequately equipped): $1,500
If you total the above figures, you’ll see that you’ll pay a handsome price to introduce a second Exchange server machine in the small business. But it can be done.
BEST PRACTICE: Having a need to discuss the use of multiple Exchange servers might really be a customer’s cry for more information about whether SBS with its Exchange Server 2003 SKU is really the best fit. Consider visiting the comparison chart of all Exchange Server 2003 SKUs (including SBS 2003) at www.microsoft.com/exchange/evaluation/Mail_compare.asp as
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
seen in Figure 6-16 below to answer your own Exchange right
sizing questions.
Figure 6-16
Use this page to, at a glance, line up Exchange features and better understand what the capabilities and limitations are in SBS 2003.
Multiple MX records
Instant Message
Exchange Migrations
Extending Exchange
Whew -enjoy the read....there is a lot here!
cheers...harrybbbb (your fellow Microsoft Small Business Specialist - SBSC)
Harry Brelsford, CEO of SMB Nation, www.smbnation.com
###
Mail Bagging and Multiple MX Records
No, this isn’t a paragraph that will replay a tale of sassy Samantha (a lead character on HBO’s popular program Sex in the City) having a racy encounter with a postal worker. Rather, this is about having a backup location for your e-mail to flow to when your SBS 2003 server machine (properly running Exchange for SMTP e-mail) is offline. Instead of the senders in the “offline SBS 2003 server machine” situation receiving an NDR or bounced e-mail
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
message, these incoming e-mails can temporarily reside on another mail server. Later on, you would retrieve and properly distribute these e-mails using a tool such as the POP3 Connector in SBS 2003 that was discussed above.
BEST PRACTICE: If you think you might like to have this form of messaging redundancy, consult with your ISP to arrange it. Your ISP, who I assume is holding your DNS records, will need to enter a second MX record with a lower priority that points to a backup mail server (typically maintained by the ISP).
I’ll cover this topic more, including more procedural steps, in my
forthcoming advanced SBS 2003 book due in mid-2004.
Exchange Migrations
This topic, another one way outside the SPRINGERS story line, merits mention nonetheless. You might find yourself in a situation where you need to move Exchange data because of an upgrade or migration. While I discuss upgrades and migrations more in Appendix B, the point is that you’ll possibly encounter such a scenario and you need at least some basic guidance.
The tools that you’ll use to migrate Exchange data is the ExMerge tool. For the latest discussion on the use of ExMerge, visit www.microsoft.com/technet and search on the “exmerge” term. You’ll see the page in Figure 6-13 that advises you to download the Exchange 2003: Mailbox Merge Wizard (ExMerge) tool.
BEST PRACTICE: Yes - you read correctly. The ExMerge tool is now downloaded. In the SBS 2000 time frame, it was found on the SBS setup disc that contained the Exchange application. Such is not the case in the SBS 2003 time frame.
Notes:
Figure 6-13
Go here for the ExMerge tool to migrate your all-important Exchange data.
So a few pointers to send you forward with respect to Exchange’s ExMerge tool:
• This version of ExMerge requires an “ExMerge” user account with administrator-level permissions to function correctly. This wasn’t the case in the SBS 2000 timeframe.
• ExMerge can be run against older versions of Exchange (5.5, 2000) and thus serves as an effective migration tool.
• ExMerge interacts with mailboxes, not public folders or Internet favorites. This interaction is basically import and export capabilities. You will need to manually import and export the content of public folders using the Import and Export option on the File menu in Outlook. Internet favorites, accessible from Outlook and considered by some to be part of the messaging migration mix, can be either manually migrated or migrated by using the profile migration capabilities of the Add User Wizard that was explored in Chapter 4.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
BEST PRACTICE: There is a key, public folders point to make about that bullet above. As you’ll learn later, the SBS development team has dramatically increased the visibility of public folder usage by creating company-related objects in SBS 2003. So it’s a reasonable assumption that you will put important data in the company-related public folder objects (such as maintaining a company-wide customer contacts). Given that, you will need to manually migrate such data.
• If ExMerge fails with a mailbox (this can happen when a PST file you’re working with has been flagged to read-only and would occur if you moved a PST file by writing it to a CD disc), then you can always revert back to the manual import/export capability in Outlook as described in the bullet above.
BEST PRACTICE: Microsoft has posted additional migration guidance at www.microsoft.com/exchange. As of this writing, there is a scenario for migrating from Exchange 5.5 to Exchange 2003.
Instant Messaging - NOT!
It’s unfortunate but true in SBS 2003 that the Exchange Server 2003 component has removed the instant messaging capability that many of us enjoyed in the SBS 2000 time frame. Many readers will recall that my prior book, Small Business Server 2000 Best Practices, provided the procedures for configuring this wonderful cool tool.
In the SBS 2003 time frame, you will now need to supply Instant Messaging functionality differently. You can purchase Microsoft’s new Live Communications Server, starting at $1,059 with five CALs (your rich SBS CALs do not cover this server application). Live Communication Server information is shown in Figure 6-14.
BEST PRACTICE: A member of the SBS development team has confirmed that Live Communications Server does install and function for internal messaging in SBS 2003. However, users will need to logon to the instant messaging client with their internal name (e.g. Normh@springersltd.local). There will be a white paper out that
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
will teach you how to intregrate SBS 2003 and Live Communications Server (no publication date available at my press deadline).
Figure 6-14
Those SBS legacy sites that utilize Instant Messaging will need to strongly consider Live Communications Server to deliver the same functionality in the SBS2003 time frame.
BEST PRACTICE: There is a poor man’s way to deliver instant messaging on an SBS 2003 network: Use MSN. That’s right! The Internet-based MSN instant messaging capability, described in Figure 6-15, may be just the cheapo ticket you’re looking for. Visit www.msn.com/people, but be advised one drawback of this approach is that your chat traffic will result in increased Internet traffic, and there is a huge assumption that you have Internet connectivity!
Note that some readers have reported that they prefer the instant messaging solution from Yahoo! at www.yahoo.com.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 6-15
Consider MSN to restore basic instant messaging (called IM by some folks) to SBS 2003.
Extending Exchange
Some topics fit better under a heading about extending Exchange, rather than peeking under the hood as the last section did. In this section, I’ll share some thoughts about implementing Exchange in SBS 2003 on a storage area network (SAN), support for multiple Exchange servers, and use of Exchange Conferencing Server.
Storage Area Networks
The consultants and trainers in the readership of this book will appreciate the following sentiment. Because of your numerous customers, you see and hear a lot of things you might not otherwise think of yourself. Such was the case recently in Phoenix (the city, not the bird) where a keen student attending the SBS 2003 hands-on labs asked about redirecting the Exchange Store database to a SAN during the setup of SBS 2003. The answer is that this is supported. On
the SBS 2003 Setup page that speaks towards data folder redirection (see Figure 3-21), you would redirect the Exchange Store to a SAN via a Uniform Naming Convention (UNC) path such as \\server2\storage\exchange.
Multiple Exchange Servers
This is the type of paragraph I like to insert in a book such as this for the SBS gurus out there who aren’t happy with a text until the find something they don’t know. Then these same gurus are your friends for life. So here is such an opportunity. You CAN have multiple Exchange servers on the same SBS 2003 network. You might want do this to shoehorn SBS 2003 into a multiple office scenario or to gain some form of messaging database redundancy. This would be accomplished by purchasing a second copy of Exchange Server 2003 (standard edition) and installing it on a second server running Windows Server 2003 (which you would also need to purchase). You would then link the Exchange servers together as part of the Exchange Server site.
The bottom line for introducing another Exchange server machine into your SBS 2003 network? You’d be out the following “hard costs”:
• Exchange Server 2003 standard edition: $699 USD
• Exchange 2003 User CAL: $67 USD/each user
• Windows Server 2003: $999 USD
• HP ML 350 Server Machine (adequately equipped): $1,500
If you total the above figures, you’ll see that you’ll pay a handsome price to introduce a second Exchange server machine in the small business. But it can be done.
BEST PRACTICE: Having a need to discuss the use of multiple Exchange servers might really be a customer’s cry for more information about whether SBS with its Exchange Server 2003 SKU is really the best fit. Consider visiting the comparison chart of all Exchange Server 2003 SKUs (including SBS 2003) at www.microsoft.com/exchange/evaluation/Mail_compare.asp as
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
seen in Figure 6-16 below to answer your own Exchange right
sizing questions.
Figure 6-16
Use this page to, at a glance, line up Exchange features and better understand what the capabilities and limitations are in SBS 2003.
Monday, July 21, 2008
Exchange e-mail attachment blocking in SBS 2003 (book excerpt, chapter 5)
Good Monday to you!
Each day, I am posting up a few pages from my Windows Small Buisness Server 2003 Best PRactices book until SBS 2008 ships. Today we look at the native e-mail attachment blocking in Microsoft Exchange Server 2003 in SBS 2003 and also discuss content filtering....this is actually one ofthe really cool features in SBS 2003 (the atachement blocking capability).
Anyways - enjoy the read and the ride....harrybbbb
Harry Brelsford, ceo at SMB Nation, www.smbnation.com
###
Blocking Attachments, E-mails, and Content
There are some interesting capabilities that you might not know about in Exchange in SBS 2003 relating to attachment and domain blocking. Content filtering is another matter I’ll close this section with.
BEST PRACTICE: CRN reported in “Rivals Face Challenge As Microsoft Extends Its Antispam Technology” (http://crn.channelsupersearch.com/news/crn/46130.asp) that Microsoft will offer stronger anti-spam technology in Exchange Server 2003 in the first half of 2004. No other details available at press time but monitor Microsoft’s Exchange and TechNet sites for updated information. CRN at www.crn.com should be monitored as well.
Attachment Blocking
You likely recall the Remove E-mail Attachments page (Figure 4-14) in the EICW from Chapter 4. The function it performs is relatively straightforward: remove e-mail attachments of a certain type. But a question that continually arose during the fall 2003 hands-on labs for SBS 2003 concerned where this setting was being made in the background. Students asked if they could see where the EICW was setting this.
So I researched this by consulting with the Microsoft SBS program manager who owns this functionality and found that:
• An SMTP “sink” is trapping the attachments and handling them according to the rule you set on the Remove E-Mail Attachments page.
• There is no user interface (UI) to “see” where these settings are made or where this activity is occurring (other than the outcome, such as the attachment being removed or saved to a folder).
And don’t forget that we have Outlook 2003 as a backstop to also block common attachments in e-mail. This is covered later in the Outlook 2003 section of this chapter.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Junk E-mail Blocking
Another popular question is what native ability Exchange has to block offensive e-mail domains as a poor man’s form of spam blocking (that is, using it instead of purchasing a third-party spam blocking tool). This is most easily accomplished by select and configure the Connection Filtering and Sender Filter tabs on the Message Deliver Properties dialog box that you see in Figure 6-6 (right-click Message Delivery and select Properties under Global Settings in the Exchange System Manager under Advanced Management in the Server Management console).
Figure 6-6
Get to know the Message Delivery Properties sheet if you want to engage in basic e-mail blocking inside of Exchange.
This e-mail blocking can also be accomplished painfully by creating an Active Directory contact object that has the offending e-mail name (such as player@gamblinggreen.com) and then adding it via the Delivery Restrictions tab (click the Add button beneath Reject messages from) on the Small Business SMTP connector Properties screen.
BEST PRACTICE: Of course, I saved perhaps the best junk e-mail blocking discussion for last. Near the end of the fall 2003 SBS 2003 hands-on lab tour in the US, a few students, already having worked with SBS 2003 at that point, waxed poetically about the effectiveness of the Outlook 2003 spam blocking capability. The consensus was it just works. A Microsoft employee echoed the same sentiment as “your Microsoft Research division dollars at work.” Couldn’t have put it better myself!
Content Filtering
Now for the bad news. Content filtering-as many of us know it in third-party spam filters that eliminate offensive e-mails selling Viagra and Vicodin-is not natively available in Exchange (but should be around mid-2004 as per the Best Practice earlier). Don’t be confused because some might think that the Content Restrictions tab on the Small Business SMTP connector Properties screen (Figure 6-6 above) is really performing a filtering function. It is not. It is allowing
e-mail of different priorities, etc. Note that I’ll cover spam blocking in it various forms (attachment blocking, e-mail and domain blocking, and content filtering) more in Chapter 11. You’ll recall that I briefly mentioned spam in Chapter 5. Stand by!
Each day, I am posting up a few pages from my Windows Small Buisness Server 2003 Best PRactices book until SBS 2008 ships. Today we look at the native e-mail attachment blocking in Microsoft Exchange Server 2003 in SBS 2003 and also discuss content filtering....this is actually one ofthe really cool features in SBS 2003 (the atachement blocking capability).
Anyways - enjoy the read and the ride....harrybbbb
Harry Brelsford, ceo at SMB Nation, www.smbnation.com
###
Blocking Attachments, E-mails, and Content
There are some interesting capabilities that you might not know about in Exchange in SBS 2003 relating to attachment and domain blocking. Content filtering is another matter I’ll close this section with.
BEST PRACTICE: CRN reported in “Rivals Face Challenge As Microsoft Extends Its Antispam Technology” (http://crn.channelsupersearch.com/news/crn/46130.asp) that Microsoft will offer stronger anti-spam technology in Exchange Server 2003 in the first half of 2004. No other details available at press time but monitor Microsoft’s Exchange and TechNet sites for updated information. CRN at www.crn.com should be monitored as well.
Attachment Blocking
You likely recall the Remove E-mail Attachments page (Figure 4-14) in the EICW from Chapter 4. The function it performs is relatively straightforward: remove e-mail attachments of a certain type. But a question that continually arose during the fall 2003 hands-on labs for SBS 2003 concerned where this setting was being made in the background. Students asked if they could see where the EICW was setting this.
So I researched this by consulting with the Microsoft SBS program manager who owns this functionality and found that:
• An SMTP “sink” is trapping the attachments and handling them according to the rule you set on the Remove E-Mail Attachments page.
• There is no user interface (UI) to “see” where these settings are made or where this activity is occurring (other than the outcome, such as the attachment being removed or saved to a folder).
And don’t forget that we have Outlook 2003 as a backstop to also block common attachments in e-mail. This is covered later in the Outlook 2003 section of this chapter.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Junk E-mail Blocking
Another popular question is what native ability Exchange has to block offensive e-mail domains as a poor man’s form of spam blocking (that is, using it instead of purchasing a third-party spam blocking tool). This is most easily accomplished by select and configure the Connection Filtering and Sender Filter tabs on the Message Deliver Properties dialog box that you see in Figure 6-6 (right-click Message Delivery and select Properties under Global Settings in the Exchange System Manager under Advanced Management in the Server Management console).
Figure 6-6
Get to know the Message Delivery Properties sheet if you want to engage in basic e-mail blocking inside of Exchange.
This e-mail blocking can also be accomplished painfully by creating an Active Directory contact object that has the offending e-mail name (such as player@gamblinggreen.com) and then adding it via the Delivery Restrictions tab (click the Add button beneath Reject messages from) on the Small Business SMTP connector Properties screen.
BEST PRACTICE: Of course, I saved perhaps the best junk e-mail blocking discussion for last. Near the end of the fall 2003 SBS 2003 hands-on lab tour in the US, a few students, already having worked with SBS 2003 at that point, waxed poetically about the effectiveness of the Outlook 2003 spam blocking capability. The consensus was it just works. A Microsoft employee echoed the same sentiment as “your Microsoft Research division dollars at work.” Couldn’t have put it better myself!
Content Filtering
Now for the bad news. Content filtering-as many of us know it in third-party spam filters that eliminate offensive e-mails selling Viagra and Vicodin-is not natively available in Exchange (but should be around mid-2004 as per the Best Practice earlier). Don’t be confused because some might think that the Content Restrictions tab on the Small Business SMTP connector Properties screen (Figure 6-6 above) is really performing a filtering function. It is not. It is allowing
e-mail of different priorities, etc. Note that I’ll cover spam blocking in it various forms (attachment blocking, e-mail and domain blocking, and content filtering) more in Chapter 11. You’ll recall that I briefly mentioned spam in Chapter 5. Stand by!
Sunday, July 20, 2008
Exchange under the hood in SBS 2003 (bookexcerpt)
G'day mate - we continue our SBS 2003 journey well into Chapter 6 and take a look at Exchange! As you might know - I am posting up a few pages per day of the SBS 2003 purple book until SBS 2008 ships. Enjoy in good health and wealth.
harrybbbb
Harry Brelsfird, ceo at smbnation, www.smbnation.com
###
Exchange Under the Hood
Before you trot off believing you know everything there is to know about Exchange, pull up for a moment and read this section on peeking and poking around under the hood. Granted, you’ll likely know some of what is presented below, but perhaps you’ll find a gold nugget along the way that you hadn’t seen in prior sluicing runs.
Okay - What Is Exchange Server 2003?
A good instructor will always encourage even the most basic of questions by promoting a learning culture of “No question is stupid; the only stupid question is the one you don’t ask.” So it’s fair game to ask, “Exactly what is Exchange Server 2003?”
Back in time, when SBS 4.0 was released in late 1997, the Exchange application was considered to be an e-mail program. It quickly became a popular e-mail program in an era where folks were relatively new to e-mail and all of its wonderfulness. Fast forward a few years-and running around getting excited about e-mail is not only “legacy” but it’s so yesterday! Later on, the marketing message and positioning for Exchange was altered to reflect more noble goals, such as messaging, communications, and collaboration. A contemporary view of Exchange is that it’s a robust message application with collaboration being better handled by SharePoint technologies (which you meet in the next chapter).
To some extent, even the communications tag line is now deemphasized with
the introduction of the Microsoft Real Time Communications server product. But this section isn’t placed here to reiterate what you likely know about Exchange production positioning. Rather, I wanted to weave in a neo-Exchange viewpoint served up by a fellow instructor on an SBS hands-on lab tour in late 2002. This gentlemen proposed the thesis that Exchange is really nothing more than a set of messaging tools and functionality that resides atop Active Directory. Huh? I’ll tease you with this hypothesis herein until the next section, where what appears to be a ridiculous riddle is solved.
Really Managing Exchange
Once installed with SBS 2003 and configured with the EICW, Exchange Server 2003 doesn’t really require you to do much on a day-to-day basis. The damn thing just works! But there are three primary management tools you should know about: the Manage Internet and E-mail page, Exchange Server 2003 System Manager, and the Active Directory Users and Computers snap-in.
Manage Internet and E-mail
First and foremost, you should utilize the Manage Internet and E-mail page, accessed by clicking the Internet and E-mail link under Standard Management in the Server Management console. This page provides numerous links that include forcing a connection to the your ISP to retrieve mail (see the Synchronize E-mail link). Take a moment to look at the options on that page.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Exchange Server 2003 System Manager
Remember your walk down the Server Console in Chapter 4? Under the Advanced Tasks section, you were exposed to the System Manager tool. It’s shown in expanded view here in Figure 6-3.
Figure 6-3
Like the alluring Venus flytrap plant, Exchange Server 2003 System Manager is fully exposed in its attempt to lure you in deeper and deeper.
When nature calls and you simply have to perform some heavy server-side configuration procedures in Exchange Server 2003, you’ll use System Manager, plain and simple. But it’s not likely that you’ll interact with System Manager on a day-to-day basis.
BEST PRATICE: I’ll weave in very specific and narrow surgical strikes in System Manager in the remaining part of this chapter, so for now simply hop and skip around this tool. Go ahead and dig deep. Drill down into the countless child objects layered in this surprisingly
powerful management tool. Later, when you’re commanded to perform a procedure, your comfort level with System Manager will be high.
Active Directory Users and Computers
Time to solve the riddle from a few minutes ago. The solution set is this: You’re gonna perform most Exchange administration from Active Directory, using tools such as the Active Directory Users and Computers snap-in. The following tabs are shown on a user property sheet (see Figure 6-4 below as well):
• Exchange General. This identifies the mailbox store, alias delivery restrictions, delivery options, and storage limits.
• E-mail Addresses. This lists e-mail addresses associated with this user, including Custom Address, X.400 Address, Microsoft Mail Address, SMTP Address, cc:Mail Address, Lotus Notes Address, and Novell GroupWise Address.
• Exchange Features. As seen in Figure 6-4, this displays the Mobile Services that are configured plus protocol status information.
• Exchange Advanced. This provides settings for changing the simple display name, hiding the account from the Exchange address list (more on this later), setting custom attributes, configuring an Internet locator service, and modifying mailbox rights.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 6-4
The Active Directory user object property sheet showing the Exchange Features tab.
BEST PRACTICE: In the legacy SBS 2000 time frame, you did not see the Exchange Advanced by default on an Active Directory user object property sheet. You had to select Advanced Features under the View menu in Active Directory Users and Computers snap-in for this to appear. Also, the Exchange Features tab in the SBS 2000 time frame was very different and addressed the Instant Messaging configuration. Such is not the case in SBS 2003 (I discuss Instant Messaging later in this section).
While we’re talking about Active Directory, let’s add a little fuel to the fire. Remember that it’s Active Directory providing several forms of critical support to Exchange Server 2003, such as:
• Active Directory provides a directory of all Exchange objects
• Exchange uses Active Directory for all authentication and access control
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
• Active Directory provides replication and the Global Catalog (GC). Exchange clients depend on the GC.
• Exchange makes irreversible Active Directory schema changes. I hinted at this earlier in the chapter with the “1 of 10” setup comment where Exchange was preparing the forest and domain before installing itself.
BEST PRACTICE: While this chapter won’t turn into a book on Exchange, you are, of course, encouraged to read more in books dedicated to Exchange. For example, you should learn more about Active Directory distributions groups. (SBS 2003 creates a default distribution group that includes all added users named after the organization name you typed in the Windows Server 2003 GUI setup phase-for example, Springer Spaniels Limited.) Also, you might be interested in knowing that Active Directory security groups are e-mail enabled, so that if you created a security group titled “Accountants” at our sample company, you could easily send an e-mail message to its membership with the following SMTP e-mail address: accountants@springersltd.com.
Remember that distribution groups and security groups can be managed via their respective icons under Standard Management in the Server Management console.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Internet Information Server
Exchange is dependent on Internet Information Server (IIS). IIS provides Web store support. IIS provides support for Outlook Web Access (OWA) and Outlook Mobile Access (OMA). This is shown in Figure 6-5.
Figure 6-5
Viewing the IIS supporting role for Exchange (this is being viewed in the Server Management console).
BEST PRACTICE: Wanna test Exchange’s dependence on IIS? A trick I’ve played in past Microsoft hands-on labs to confound the Doubting Thomases who can’t draw out an Exchange/IIS relationship is the following: Simply turn off the World Wide Web Publishing Service in Services (in the Server Management console, this is under Advanced Management, Computer Management (Local), Services and Applications, Services). Then launch a Web browser (e.g., IE) and try to access OWA. You’ll error out every time with the World Wide Web Publishing Server turned off. Turn this service back on and OWA will work just fine.
harrybbbb
Harry Brelsfird, ceo at smbnation, www.smbnation.com
###
Exchange Under the Hood
Before you trot off believing you know everything there is to know about Exchange, pull up for a moment and read this section on peeking and poking around under the hood. Granted, you’ll likely know some of what is presented below, but perhaps you’ll find a gold nugget along the way that you hadn’t seen in prior sluicing runs.
Okay - What Is Exchange Server 2003?
A good instructor will always encourage even the most basic of questions by promoting a learning culture of “No question is stupid; the only stupid question is the one you don’t ask.” So it’s fair game to ask, “Exactly what is Exchange Server 2003?”
Back in time, when SBS 4.0 was released in late 1997, the Exchange application was considered to be an e-mail program. It quickly became a popular e-mail program in an era where folks were relatively new to e-mail and all of its wonderfulness. Fast forward a few years-and running around getting excited about e-mail is not only “legacy” but it’s so yesterday! Later on, the marketing message and positioning for Exchange was altered to reflect more noble goals, such as messaging, communications, and collaboration. A contemporary view of Exchange is that it’s a robust message application with collaboration being better handled by SharePoint technologies (which you meet in the next chapter).
To some extent, even the communications tag line is now deemphasized with
the introduction of the Microsoft Real Time Communications server product. But this section isn’t placed here to reiterate what you likely know about Exchange production positioning. Rather, I wanted to weave in a neo-Exchange viewpoint served up by a fellow instructor on an SBS hands-on lab tour in late 2002. This gentlemen proposed the thesis that Exchange is really nothing more than a set of messaging tools and functionality that resides atop Active Directory. Huh? I’ll tease you with this hypothesis herein until the next section, where what appears to be a ridiculous riddle is solved.
Really Managing Exchange
Once installed with SBS 2003 and configured with the EICW, Exchange Server 2003 doesn’t really require you to do much on a day-to-day basis. The damn thing just works! But there are three primary management tools you should know about: the Manage Internet and E-mail page, Exchange Server 2003 System Manager, and the Active Directory Users and Computers snap-in.
Manage Internet and E-mail
First and foremost, you should utilize the Manage Internet and E-mail page, accessed by clicking the Internet and E-mail link under Standard Management in the Server Management console. This page provides numerous links that include forcing a connection to the your ISP to retrieve mail (see the Synchronize E-mail link). Take a moment to look at the options on that page.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Exchange Server 2003 System Manager
Remember your walk down the Server Console in Chapter 4? Under the Advanced Tasks section, you were exposed to the System Manager tool. It’s shown in expanded view here in Figure 6-3.
Figure 6-3
Like the alluring Venus flytrap plant, Exchange Server 2003 System Manager is fully exposed in its attempt to lure you in deeper and deeper.
When nature calls and you simply have to perform some heavy server-side configuration procedures in Exchange Server 2003, you’ll use System Manager, plain and simple. But it’s not likely that you’ll interact with System Manager on a day-to-day basis.
BEST PRATICE: I’ll weave in very specific and narrow surgical strikes in System Manager in the remaining part of this chapter, so for now simply hop and skip around this tool. Go ahead and dig deep. Drill down into the countless child objects layered in this surprisingly
powerful management tool. Later, when you’re commanded to perform a procedure, your comfort level with System Manager will be high.
Active Directory Users and Computers
Time to solve the riddle from a few minutes ago. The solution set is this: You’re gonna perform most Exchange administration from Active Directory, using tools such as the Active Directory Users and Computers snap-in. The following tabs are shown on a user property sheet (see Figure 6-4 below as well):
• Exchange General. This identifies the mailbox store, alias delivery restrictions, delivery options, and storage limits.
• E-mail Addresses. This lists e-mail addresses associated with this user, including Custom Address, X.400 Address, Microsoft Mail Address, SMTP Address, cc:Mail Address, Lotus Notes Address, and Novell GroupWise Address.
• Exchange Features. As seen in Figure 6-4, this displays the Mobile Services that are configured plus protocol status information.
• Exchange Advanced. This provides settings for changing the simple display name, hiding the account from the Exchange address list (more on this later), setting custom attributes, configuring an Internet locator service, and modifying mailbox rights.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 6-4
The Active Directory user object property sheet showing the Exchange Features tab.
BEST PRACTICE: In the legacy SBS 2000 time frame, you did not see the Exchange Advanced by default on an Active Directory user object property sheet. You had to select Advanced Features under the View menu in Active Directory Users and Computers snap-in for this to appear. Also, the Exchange Features tab in the SBS 2000 time frame was very different and addressed the Instant Messaging configuration. Such is not the case in SBS 2003 (I discuss Instant Messaging later in this section).
While we’re talking about Active Directory, let’s add a little fuel to the fire. Remember that it’s Active Directory providing several forms of critical support to Exchange Server 2003, such as:
• Active Directory provides a directory of all Exchange objects
• Exchange uses Active Directory for all authentication and access control
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
• Active Directory provides replication and the Global Catalog (GC). Exchange clients depend on the GC.
• Exchange makes irreversible Active Directory schema changes. I hinted at this earlier in the chapter with the “1 of 10” setup comment where Exchange was preparing the forest and domain before installing itself.
BEST PRACTICE: While this chapter won’t turn into a book on Exchange, you are, of course, encouraged to read more in books dedicated to Exchange. For example, you should learn more about Active Directory distributions groups. (SBS 2003 creates a default distribution group that includes all added users named after the organization name you typed in the Windows Server 2003 GUI setup phase-for example, Springer Spaniels Limited.) Also, you might be interested in knowing that Active Directory security groups are e-mail enabled, so that if you created a security group titled “Accountants” at our sample company, you could easily send an e-mail message to its membership with the following SMTP e-mail address: accountants@springersltd.com.
Remember that distribution groups and security groups can be managed via their respective icons under Standard Management in the Server Management console.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Internet Information Server
Exchange is dependent on Internet Information Server (IIS). IIS provides Web store support. IIS provides support for Outlook Web Access (OWA) and Outlook Mobile Access (OMA). This is shown in Figure 6-5.
Figure 6-5
Viewing the IIS supporting role for Exchange (this is being viewed in the Server Management console).
BEST PRACTICE: Wanna test Exchange’s dependence on IIS? A trick I’ve played in past Microsoft hands-on labs to confound the Doubting Thomases who can’t draw out an Exchange/IIS relationship is the following: Simply turn off the World Wide Web Publishing Service in Services (in the Server Management console, this is under Advanced Management, Computer Management (Local), Services and Applications, Services). Then launch a Web browser (e.g., IE) and try to access OWA. You’ll error out every time with the World Wide Web Publishing Server turned off. Turn this service back on and OWA will work just fine.
Saturday, July 19, 2008
Starting Chapter 6: Exchange,Outlook,SBS 2003 (book excerpt from Windows Small Business Server 2003 Best Practices)
Hi friends!
Today we start Chapter 6 in Windows Small Business Server 2003 Best Practices. This chapter discusses Microsoft Exchanger Server 2003 and Microsoft Outlook 2003. Reade up, go forth and multiply!
FYI - in case you are new tothese postings, I amposting up a few pages a day from my purple book until SBS 2008 ships.
cheers...harrybbbbb
Harry Brelsford, MBA, Microsoft Small Business Specialist (SBSC) and heaps of credentials dating back to the early CNE days! :)
ceo, smb nation, www.smbnation.com
###
Chapter 6 Messaging with Exchange Server 2003 and Outlook 2003
Take a bow. Why? Because even before you start reading this chapter on Exchange Server 2003 (“Exchange”) and Outlook 2003 (“Outlook”), you really know more about these two messaging applications than you might admit in public. As the first part of the chapter will show, you’ve darn near completed the configuration of Exchange and Outlook just by deploying SBS 2003 over the past several chapters. So accordingly, I start with what you should likely already know up to this point. And after you finish the chapter and work more with Exchange in the real world, you’ll really know these products inside and out from an SBS 2003 viewpoint.
By the way, this chapter isn’t as SPRINGERS-centric as my other chapters are. This is in part because the SPRINGERS storyline doesn’t need a lot of direct interaction with Exchange Server 2003 for proper SBS 2003 network deployment to occur. So bear with me as I provide you a Texas-size buffet of Exchange and Outlook matters you’re like to lasso up in the real world.
What You May Already Know AboutExchange Server 2003!
This section of the chapter should inspire confidence as you’ll likely comment “I already knew that” about certain Exchange matters. Let’s get started.
• Core SBS component installation. Just prior to the Windows Configuration phase outlined in Chapter 3, the setup routine “harvests” the information on the Company Information page (revisit Figure 3-14 in Chapter 3 to see this) for later use in creating Exchange Global Address
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
List (GAL) entries (Figure 6-1). This same company information also populates the properties for an Active Directory user object on the Address tab (Figure 6-2).
Figure 6-1
Viewing a Global Address List entry in SBS 2003.
Notes:
Figure 6-2
Viewing the address information in Active Directory for a user.
BEST PRACTICE: Call it a missed opportunity, but this company information would have been great for creating an Outlook contact record for each user that is added to the SBS 2003 network. Said Outlook contact record could then be used by fellow workers to list your home and cellular telephones, making it possible to reach you with ease! Heck - such an Outlook contact record could be synchronized to your personal digital assistant (PDA), such as a sassy HpCompaq iPAQ, allowing you to find co-workers when you’re out of the office. As it stands today, the company information is used to populate the screens in Figures 6-1 and 6-2, but few of us in the small business arena truly get excited about GALs and AD user objects! This good stuff also could have been (but isn’t) used to create a cool list in Windows SharePoint Server (see Chapter 7 for more).
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• SBS application setup information. You will recall, after the Windows Configuration reboots at mid-point during the SBS setup phase, you completed a wizard page titled Data Folders (see Figure 3-21) where you redirected the location of the Exchange data (you also had the option to redirect the Exchange logs, but we didn’t). This is an especially cool capability in SBS 2003 because back in the SBS 2000 era, the same screen (see Figure 3-20 in my legacy SBS 2000 Best Practices book) gave you no opportunity to redirect Exchange data and logs. Rather, in the old days, you had to manually redirect Exchange data and logs following the steps in KBase article Q257184.
• Core SBS application installation phase. Who could forget the 20+ minutes you spent during the SBS installation process when you inserted Disc 2 and Exchange Server 2003 modified the Active Directory Schema-surely you remember the 1 of 10, 2 of 10, 3 of 10 messages? (You can see this in Figure 3-24 back in Chapter 3). And when Exchange itself was installed at this step, the Company archive public folder and the Company contact object were created inside the Exchange public folders.
• E-mail and Internet Connection Wizard (EICW). Of course, the EICW greatly affected Exchange Server 2003 when you completed it in Chapter 4. It was there that you elected to use the built-in firewall and allow e-mail services to flow through the firewall (see the Services Configuration page). The firewall-related page that followed, titled Web Services Configuration, allowed you to invoke Outlook Web Access, Outlook Mobile Access, and Outlook via the Internet (in-depth description of each of these sections are available by clicking More Information on that page). Next up, you selected Enable Internet e-mail on the Internet e-mail page. On the E-mail Delivery Method page, you selected Use DNS to route e-mail. The E-mail Retrieval Method page followed that allowed you to elect SMTP-based e-mail (in effect, you turned Exchange “on” for use). You didn’t configure the POP3 Connector for Exchange (a native SBS 2003 tool that I discuss later in the chapter) on this page because it’s not part of
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
the SPRINGERS storyline in this book. This was followed by the E-mail Domain Name page where you provided the Internet domain name you wanted to use for your SMTP-based external messaging. (Note that a BIG ASSUMPTION exists here that you’ve worked closely with your ISP to point a Mail Exchange (MX) record in DNS to your SBS 2003 server to successfully deliver the SMTP e-mail. If you haven’t, please contact your ISP immediately.) Finally, something I’ll discuss later is the e-mail attachment removal process that you implemented on the Remove E-mail Attachments page.
BEST PRACTICE: Actually, this is more humor than serious, but after all the details in the bullet points above about Exchange functionality in the EICW, I kinda feel like I’m listening to the patriarchal parent of the bride in the My Big Fat Greek Wedding movie who claims every word has a Greek origin. Here, after the exhaustive EICW play-by-play above, you might start to think every piece of SBS functionality originates in Exchange.
• Add User Wizard (AUW). Not to be outdone, the AUW holds its own in the Exchange configuration department. Exchange and the AUW are related in the following ways. First, the AUW creates the user object in Active Directory which also creates the Exchange mailbox. The template you select for the user in the AUW would also affect Exchange e-mail functionality. A mobile user would need the Mobile User Template to remotely access e-mail. The Power User Template provides sufficient permissions for the endowed user to create other users with an Exchange mailbox on the system via the Power User Console.
What You May Already Know AboutOutlook 2003
You probably know more about Outlook, including the 2003 version, than you give yourself credit for. Consider the following.
• Pervasive usage. Perhaps the question to ask here is “Who hasn’t used Outlook?” A show of hands would yield a very small data set. Just
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
about everyone on Planet Earth has in some way or some how used Outlook. In fact, for that reason, a change from my past books is that I’ll not show you how to send an e-mail message, as I’ll assume you already know this basic function.
• Setup Computer Wizard (SCW). When the AUW spans Setup Computer Wizard (SCW), you assign users to the computer for whom Outlook will be available. You also make the decision to install the Outlook application itself. And finally, you may elect to install Active Synch
3.7 which will synchronize Outlook information with your personal digital assistant (which I’ll demonstrate and discuss more later).
Today we start Chapter 6 in Windows Small Business Server 2003 Best Practices. This chapter discusses Microsoft Exchanger Server 2003 and Microsoft Outlook 2003. Reade up, go forth and multiply!
FYI - in case you are new tothese postings, I amposting up a few pages a day from my purple book until SBS 2008 ships.
cheers...harrybbbbb
Harry Brelsford, MBA, Microsoft Small Business Specialist (SBSC) and heaps of credentials dating back to the early CNE days! :)
ceo, smb nation, www.smbnation.com
###
Chapter 6 Messaging with Exchange Server 2003 and Outlook 2003
Take a bow. Why? Because even before you start reading this chapter on Exchange Server 2003 (“Exchange”) and Outlook 2003 (“Outlook”), you really know more about these two messaging applications than you might admit in public. As the first part of the chapter will show, you’ve darn near completed the configuration of Exchange and Outlook just by deploying SBS 2003 over the past several chapters. So accordingly, I start with what you should likely already know up to this point. And after you finish the chapter and work more with Exchange in the real world, you’ll really know these products inside and out from an SBS 2003 viewpoint.
By the way, this chapter isn’t as SPRINGERS-centric as my other chapters are. This is in part because the SPRINGERS storyline doesn’t need a lot of direct interaction with Exchange Server 2003 for proper SBS 2003 network deployment to occur. So bear with me as I provide you a Texas-size buffet of Exchange and Outlook matters you’re like to lasso up in the real world.
What You May Already Know AboutExchange Server 2003!
This section of the chapter should inspire confidence as you’ll likely comment “I already knew that” about certain Exchange matters. Let’s get started.
• Core SBS component installation. Just prior to the Windows Configuration phase outlined in Chapter 3, the setup routine “harvests” the information on the Company Information page (revisit Figure 3-14 in Chapter 3 to see this) for later use in creating Exchange Global Address
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
List (GAL) entries (Figure 6-1). This same company information also populates the properties for an Active Directory user object on the Address tab (Figure 6-2).
Figure 6-1
Viewing a Global Address List entry in SBS 2003.
Notes:
Figure 6-2
Viewing the address information in Active Directory for a user.
BEST PRACTICE: Call it a missed opportunity, but this company information would have been great for creating an Outlook contact record for each user that is added to the SBS 2003 network. Said Outlook contact record could then be used by fellow workers to list your home and cellular telephones, making it possible to reach you with ease! Heck - such an Outlook contact record could be synchronized to your personal digital assistant (PDA), such as a sassy HpCompaq iPAQ, allowing you to find co-workers when you’re out of the office. As it stands today, the company information is used to populate the screens in Figures 6-1 and 6-2, but few of us in the small business arena truly get excited about GALs and AD user objects! This good stuff also could have been (but isn’t) used to create a cool list in Windows SharePoint Server (see Chapter 7 for more).
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• SBS application setup information. You will recall, after the Windows Configuration reboots at mid-point during the SBS setup phase, you completed a wizard page titled Data Folders (see Figure 3-21) where you redirected the location of the Exchange data (you also had the option to redirect the Exchange logs, but we didn’t). This is an especially cool capability in SBS 2003 because back in the SBS 2000 era, the same screen (see Figure 3-20 in my legacy SBS 2000 Best Practices book) gave you no opportunity to redirect Exchange data and logs. Rather, in the old days, you had to manually redirect Exchange data and logs following the steps in KBase article Q257184.
• Core SBS application installation phase. Who could forget the 20+ minutes you spent during the SBS installation process when you inserted Disc 2 and Exchange Server 2003 modified the Active Directory Schema-surely you remember the 1 of 10, 2 of 10, 3 of 10 messages? (You can see this in Figure 3-24 back in Chapter 3). And when Exchange itself was installed at this step, the Company archive public folder and the Company contact object were created inside the Exchange public folders.
• E-mail and Internet Connection Wizard (EICW). Of course, the EICW greatly affected Exchange Server 2003 when you completed it in Chapter 4. It was there that you elected to use the built-in firewall and allow e-mail services to flow through the firewall (see the Services Configuration page). The firewall-related page that followed, titled Web Services Configuration, allowed you to invoke Outlook Web Access, Outlook Mobile Access, and Outlook via the Internet (in-depth description of each of these sections are available by clicking More Information on that page). Next up, you selected Enable Internet e-mail on the Internet e-mail page. On the E-mail Delivery Method page, you selected Use DNS to route e-mail. The E-mail Retrieval Method page followed that allowed you to elect SMTP-based e-mail (in effect, you turned Exchange “on” for use). You didn’t configure the POP3 Connector for Exchange (a native SBS 2003 tool that I discuss later in the chapter) on this page because it’s not part of
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
the SPRINGERS storyline in this book. This was followed by the E-mail Domain Name page where you provided the Internet domain name you wanted to use for your SMTP-based external messaging. (Note that a BIG ASSUMPTION exists here that you’ve worked closely with your ISP to point a Mail Exchange (MX) record in DNS to your SBS 2003 server to successfully deliver the SMTP e-mail. If you haven’t, please contact your ISP immediately.) Finally, something I’ll discuss later is the e-mail attachment removal process that you implemented on the Remove E-mail Attachments page.
BEST PRACTICE: Actually, this is more humor than serious, but after all the details in the bullet points above about Exchange functionality in the EICW, I kinda feel like I’m listening to the patriarchal parent of the bride in the My Big Fat Greek Wedding movie who claims every word has a Greek origin. Here, after the exhaustive EICW play-by-play above, you might start to think every piece of SBS functionality originates in Exchange.
• Add User Wizard (AUW). Not to be outdone, the AUW holds its own in the Exchange configuration department. Exchange and the AUW are related in the following ways. First, the AUW creates the user object in Active Directory which also creates the Exchange mailbox. The template you select for the user in the AUW would also affect Exchange e-mail functionality. A mobile user would need the Mobile User Template to remotely access e-mail. The Power User Template provides sufficient permissions for the endowed user to create other users with an Exchange mailbox on the system via the Power User Console.
What You May Already Know AboutOutlook 2003
You probably know more about Outlook, including the 2003 version, than you give yourself credit for. Consider the following.
• Pervasive usage. Perhaps the question to ask here is “Who hasn’t used Outlook?” A show of hands would yield a very small data set. Just
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
about everyone on Planet Earth has in some way or some how used Outlook. In fact, for that reason, a change from my past books is that I’ll not show you how to send an e-mail message, as I’ll assume you already know this basic function.
• Setup Computer Wizard (SCW). When the AUW spans Setup Computer Wizard (SCW), you assign users to the computer for whom Outlook will be available. You also make the decision to install the Outlook application itself. And finally, you may elect to install Active Synch
3.7 which will synchronize Outlook information with your personal digital assistant (which I’ll demonstrate and discuss more later).
Thursday, July 17, 2008
When do you need ISA Server in SBS 2003? (book excerpt)
Good day - I am harry brelsford, author of Windows Small Business Server 2003 Best Practices, and I am posting up a few pages per day until SBS 2008 ships! Today we complete chapter 5 and look at the case FOR having ISA server plus talk about next steps in securty and review a column by Frank Ohlhorst on security appliances!
enjoy the read....harrybbbbb
Harry Brelsford, CEO at SMB Nation, www.smbnation.com
###
When Do You Need ISA Server?
Well, you’ll certainly need ISA server 2000 by the time your reach Chapter 13, which is dedicated to this application in the SBS 2003 premium edition. But, seriously, ISA Server 2000 fits my favorite analogy about shoes and pornography. With respect to shoes, you’ll use ISA Server 2000 when said shoe fits. With respect to pornography, simply recall the famous US Supreme Court opinion on obscenity and community standards: You know it (pornography) when you see it. Translation: You’ll know when you need ISA Server 2000. But enough teasing.
This chapter was written to demonstrate the security in SBS 2003 standard edition. Period. If you want to peek at Chapter 13 to learn more about ISA Server 2000 usage, go for it. I’ll see you back here.
BEST PRACTICE: Keep this in mind. If you purchase the premium edition of SBS 2003 and deploy ISA Server 2000, you will not configure and utilize the security features supported by RRAS. You would let ISA Server 2000 do the heavy lifting.
Security Resources
Given by now we all agree that security is a fluid, dynamic concept and not static, you need to take a long coffee break and go learn more about the following security resources:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Microsoft security site. First and foremost would be to spend a few hours poking around the Microsoft security web site at www.microsoft.com/security. Enough said.
• Read Ballmer’s WWPC keynote. Believe it or not, it might be valuable for you to read the keynote given by the CEO of the richest company on earth at the October 2003 WWPC conference. There are tons of details on Microsoft’s view of security and that’s something you should know. Click over to www.microsoft.com/presspass to find the transcripts of his speech.
• Roberta and Thomas. Can’t say enough about the security books by Roberta Bragg and Dr. Thomas Shinder. Read all about it by searching on these author names at Amazon (www.amazon.com). See Roberta’s excellent article titled “Giving The the Small Business” discussing SBS 2003 security at www.mcpmag.com/columns/article.asp?EditorialsID=630.
• Small Business Best Practices. Be sure to sign up for my SBS newsletter at www.smbnation.com where I’m honor-bound to present to you the latest SBS-related security matters.
• Review security in the To Do List in SBS 2003. Believe it or not, a great use of time right now would be to read, print, and read again the information contained beneath the View Security Best Practices link on the SBS 2003 To Do List. Note that we’ll walk through a few of these suggestions you’ll see when we get to Chapter 11 and discuss SBS 2003 administration.
Next Steps
Before you get to the summary and move on, a few final thoughts. Security is all about next steps. It never ends. Some days you’re just trying to stay one step ahead of the bad guys. Other days the bad guys are one step ahead of you. Be active, be diligent, and never rest for a mere second.
More advanced topics to be covered either later in this book and/or in my forthcoming advanced SBS 2003 book include:
• Auditing (I hinted at this earlier)
• Time synch with Internet clock
• Group Policy stuff and its mysterious powers
• Software restrictions policies
• IPSec
• More details on Network Monitor (Roberta Bragg’s fave)
• The dangers of encrypted file system (EFS).
• Learn about the Microsoft software asset management program at www.microsoft.com/samservices.
So stand by and hold your horses!
Guest Column Leveraging Security Appliances
Frank J. Ohlhorst
Spam has become the scourge of every business. Today, almost every mailbox is clogged up with unwanted content, becoming both a space hog and a drain on productivity. Unsolicited email can be more than a nuisance; some spam messages contain viruses or worms which can do incredible damage to Windows based systems.
Small Business Server 2003 includes very little in spam and virus fighting capabilities, although the latest version of Microsoft Outlook does offer some malicious code protection and spam filtering capabilities, most users will not find it enough when it comes to optimally controlling the problem. What’s more, relying on desktop applications for virus control and spam is far from ideal,
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
after all, messages and files are still passed through the SBS server via Microsoft Exchange. The real key here is to prevent viruses, worms and spam from getting to the server in the first place.
Salvation comes in the form of hardware based security appliances. Those units, which are firewalls with added features, come in all shapes and sizes; complicating what makes a good fit for a SBS 2003 network. Those security appliances offer additional valuable features, ranging from content filtering to web caching. Once the gains in productivity are considered by eliminating spam and malicious code, security appliances become quite affordable. What’s more, additional savings can be had by choosing SBS2003 Standard Edition over Premium Edition, after all if a hardware firewall is in place, why bother with the cost and management overhead of ISA server.
Although plenty of software products exist that integrate with ISA server to handle critical security concerns, integrators will find moving those tasks off of the server will net increased performance and reduce complexity. SBS2003 is a single server solution, that prevents integrators from economically moving ISA server off to another server to reduce the overhead created by firewalls and add on products.
The key is to look for a unit which acts as a proxy for internet traffic and examines every incoming data packet. Those requirements will help to thin the heard a little when selecting a unit. Several vendors offer units that are tuned to small business needs, those looking for strong antivirus and content control should consider units from Fortinet (www.fortinet.com), which makes a whole host of scalable solutions for the SOHO/SMB market. Sonicwall (www.sonicwall.com) is another vendor that creates comprehensive hardware security solutions for the SMB market. In some cases it might be advisable to go straight to the source for strong firewall and security features; which is where CheckPoint (www.checkpoint.com) excels with their S-Box line of security appliances.
Regardless of what vendor’s product is implemented, integrators need to consider more than just the feature set. Ease of management and adding options should be at the top of the list, especially if ISA server is to be eliminated. Here is where browser based interfaces rule and setup wizards show their value.
Both Fortinet and Sonicwall strive to ease the administrative burden. Ideally, the selected unit should also offer remote management capabilities, which allows integrators to remotely tune and update the appliance, eliminating the need for a site visit. Another key feature to consider is automatic updating of virus signatures and spam lists, most of the products on the market successfully handle those tasks.
All things considered, spam and virus concerns only strengthen the argument for adding a hardware firewall. The trick is to select an economical product that can grow with networking needs by offering expansion options, such as content filtering, VPN or dialup failover support.
Summary
Okay - we’ve done the drill on security. This chapter focused on the standard version of SBS 2003 and the RRAS-based security features at the bits level. But really, this chapter was much more than service port openings in a firewall. Security is a multifaceted matrix of endless threats. These threats are both bits and business, virtual and physical. It’s kinda like a popular Western belief in God: Security will never end!
Meet me in the next chapter to explore Exchange Server 2003 and, later on, in Chapter 13 to discuss security once again as part of the SBS 2003 premium edition and ISA Server 2000.
Ciao!
enjoy the read....harrybbbbb
Harry Brelsford, CEO at SMB Nation, www.smbnation.com
###
When Do You Need ISA Server?
Well, you’ll certainly need ISA server 2000 by the time your reach Chapter 13, which is dedicated to this application in the SBS 2003 premium edition. But, seriously, ISA Server 2000 fits my favorite analogy about shoes and pornography. With respect to shoes, you’ll use ISA Server 2000 when said shoe fits. With respect to pornography, simply recall the famous US Supreme Court opinion on obscenity and community standards: You know it (pornography) when you see it. Translation: You’ll know when you need ISA Server 2000. But enough teasing.
This chapter was written to demonstrate the security in SBS 2003 standard edition. Period. If you want to peek at Chapter 13 to learn more about ISA Server 2000 usage, go for it. I’ll see you back here.
BEST PRACTICE: Keep this in mind. If you purchase the premium edition of SBS 2003 and deploy ISA Server 2000, you will not configure and utilize the security features supported by RRAS. You would let ISA Server 2000 do the heavy lifting.
Security Resources
Given by now we all agree that security is a fluid, dynamic concept and not static, you need to take a long coffee break and go learn more about the following security resources:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Microsoft security site. First and foremost would be to spend a few hours poking around the Microsoft security web site at www.microsoft.com/security. Enough said.
• Read Ballmer’s WWPC keynote. Believe it or not, it might be valuable for you to read the keynote given by the CEO of the richest company on earth at the October 2003 WWPC conference. There are tons of details on Microsoft’s view of security and that’s something you should know. Click over to www.microsoft.com/presspass to find the transcripts of his speech.
• Roberta and Thomas. Can’t say enough about the security books by Roberta Bragg and Dr. Thomas Shinder. Read all about it by searching on these author names at Amazon (www.amazon.com). See Roberta’s excellent article titled “Giving The the Small Business” discussing SBS 2003 security at www.mcpmag.com/columns/article.asp?EditorialsID=630.
• Small Business Best Practices. Be sure to sign up for my SBS newsletter at www.smbnation.com where I’m honor-bound to present to you the latest SBS-related security matters.
• Review security in the To Do List in SBS 2003. Believe it or not, a great use of time right now would be to read, print, and read again the information contained beneath the View Security Best Practices link on the SBS 2003 To Do List. Note that we’ll walk through a few of these suggestions you’ll see when we get to Chapter 11 and discuss SBS 2003 administration.
Next Steps
Before you get to the summary and move on, a few final thoughts. Security is all about next steps. It never ends. Some days you’re just trying to stay one step ahead of the bad guys. Other days the bad guys are one step ahead of you. Be active, be diligent, and never rest for a mere second.
More advanced topics to be covered either later in this book and/or in my forthcoming advanced SBS 2003 book include:
• Auditing (I hinted at this earlier)
• Time synch with Internet clock
• Group Policy stuff and its mysterious powers
• Software restrictions policies
• IPSec
• More details on Network Monitor (Roberta Bragg’s fave)
• The dangers of encrypted file system (EFS).
• Learn about the Microsoft software asset management program at www.microsoft.com/samservices.
So stand by and hold your horses!
Guest Column Leveraging Security Appliances
Frank J. Ohlhorst
Spam has become the scourge of every business. Today, almost every mailbox is clogged up with unwanted content, becoming both a space hog and a drain on productivity. Unsolicited email can be more than a nuisance; some spam messages contain viruses or worms which can do incredible damage to Windows based systems.
Small Business Server 2003 includes very little in spam and virus fighting capabilities, although the latest version of Microsoft Outlook does offer some malicious code protection and spam filtering capabilities, most users will not find it enough when it comes to optimally controlling the problem. What’s more, relying on desktop applications for virus control and spam is far from ideal,
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
after all, messages and files are still passed through the SBS server via Microsoft Exchange. The real key here is to prevent viruses, worms and spam from getting to the server in the first place.
Salvation comes in the form of hardware based security appliances. Those units, which are firewalls with added features, come in all shapes and sizes; complicating what makes a good fit for a SBS 2003 network. Those security appliances offer additional valuable features, ranging from content filtering to web caching. Once the gains in productivity are considered by eliminating spam and malicious code, security appliances become quite affordable. What’s more, additional savings can be had by choosing SBS2003 Standard Edition over Premium Edition, after all if a hardware firewall is in place, why bother with the cost and management overhead of ISA server.
Although plenty of software products exist that integrate with ISA server to handle critical security concerns, integrators will find moving those tasks off of the server will net increased performance and reduce complexity. SBS2003 is a single server solution, that prevents integrators from economically moving ISA server off to another server to reduce the overhead created by firewalls and add on products.
The key is to look for a unit which acts as a proxy for internet traffic and examines every incoming data packet. Those requirements will help to thin the heard a little when selecting a unit. Several vendors offer units that are tuned to small business needs, those looking for strong antivirus and content control should consider units from Fortinet (www.fortinet.com), which makes a whole host of scalable solutions for the SOHO/SMB market. Sonicwall (www.sonicwall.com) is another vendor that creates comprehensive hardware security solutions for the SMB market. In some cases it might be advisable to go straight to the source for strong firewall and security features; which is where CheckPoint (www.checkpoint.com) excels with their S-Box line of security appliances.
Regardless of what vendor’s product is implemented, integrators need to consider more than just the feature set. Ease of management and adding options should be at the top of the list, especially if ISA server is to be eliminated. Here is where browser based interfaces rule and setup wizards show their value.
Both Fortinet and Sonicwall strive to ease the administrative burden. Ideally, the selected unit should also offer remote management capabilities, which allows integrators to remotely tune and update the appliance, eliminating the need for a site visit. Another key feature to consider is automatic updating of virus signatures and spam lists, most of the products on the market successfully handle those tasks.
All things considered, spam and virus concerns only strengthen the argument for adding a hardware firewall. The trick is to select an economical product that can grow with networking needs by offering expansion options, such as content filtering, VPN or dialup failover support.
Summary
Okay - we’ve done the drill on security. This chapter focused on the standard version of SBS 2003 and the RRAS-based security features at the bits level. But really, this chapter was much more than service port openings in a firewall. Security is a multifaceted matrix of endless threats. These threats are both bits and business, virtual and physical. It’s kinda like a popular Western belief in God: Security will never end!
Meet me in the next chapter to explore Exchange Server 2003 and, later on, in Chapter 13 to discuss security once again as part of the SBS 2003 premium edition and ISA Server 2000.
Ciao!
Wednesday, July 16, 2008
Pardon our dust: SMB PC magazine download link fixed
Howdy folks – pardon the dust but our magazine download link was broken yesterday for the current magazine issue J
Here is the proper link and I even tested it!
http://www.smbnation.com/products_listpage.asp?Category=Publications&Category2=Magazine
Thanks everyone and happy reading!
Cheers….harrybbbbb
Harry Brelsford
CEO, SMB Nation and Microsoft Small Business Specialist (SBSC)!!!
www.smbnation.com
Read my blog: harrybrelsford.wordpress.com
J
Here is the proper link and I even tested it!
http://www.smbnation.com/products_listpage.asp?Category=Publications&Category2=Magazine
Thanks everyone and happy reading!
Cheers….harrybbbbb
Harry Brelsford
CEO, SMB Nation and Microsoft Small Business Specialist (SBSC)!!!
www.smbnation.com
Read my blog: harrybrelsford.wordpress.com
J
Tuesday, July 15, 2008
Physical security and SBS 2003 (book excerpt)
hi ho mate! harrybbb here, author of the purple book (Windows Small Business Server 2003 Best Practices) and a fellow Microsoft Small Business Specialist (SBSC). Each day I am posting up some pages from said book for your reading plesure until SBS 2008 ships!
Today we discuss physical security from Chapter 5.
enjoy the read…harrybbbb
Harry Brelsford, ceo at smb nation, www.smbnation.com
###
Physical Security and Management Practices
Just when you thought all security was computer-related in the world of SBS, here comes a paradigm shift wherein we’ll discuss the real, physical world! The reason for broader security discussion is to get you to once again leave the bits behind for a minute and put that business hat back on. As an SBSer, you can’t help but be involved in business matters such as physical security and management practices.
Let’s Get Physical!
After reading this section, walk around your office and see if any of the following don’t ring true or otherwise apply to you:
• Is the server physically secure? Or is it placed in the open where a large gorilla (or heck, in this day and age, a guerilla) could swoop it up and ship it to a chop shop.
• Lock down time. Locking down the disk and disc drives (that’s the floppy and CD/DVD variety) can go along way to preventing the introduction of malware. Don’t forget USB ports!
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Assuming the server isn’t sitting out in the open and is placed in a room or closet, are the doors to this area locked? Who has the keys?
• Speaking of key management, how many people have key access to your office space? Any keys still in the hands of disgruntled ex-employees?
Management
• Is there a written security policy for the use of the SBS 2003 network? Refer to Appendix A for SBS resources, such as the Yahoo! Groups that include posted documents such as security policies.
• A traditional bookkeeping matter to think about: Are the company’s business checks secure? There’s nothing like an employee with a gambling problem writing a check to stall Bruno, the mob enforcer.
• How do you feel about employee background checks? Remember some of the biggest crooks are the brightest people and have the most engaging personalities!
• Beware of psychological warfare. Kevin Mitznick and Frank Abagnale, two renowned white-collar criminals, used a form of social engineering to talk their way into profitable illegal activities—hacking into computer systems and stealing money via check fraud respectively. Mitznick would ring an employee of a company and harvest that person’s user name and password to then penetrate the company’s networks. Abagnale used things like wearing pilot uniforms to earn free flights. Both have written well-received books about their exploits and the power of social engineering.
BEST PRACTICE: Perhaps you’ve got a war story about social engineering and psychological warfare yourself that underscores the power of this penetration method and its associated security risks. I’ve got a quick one to share. Traveling home from the WWPC in New Orleans in October 2003, I used my red press pass badge holder (a conference badge holder that hangs around your neck) to
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
carry my passport identification and airline ticket. Once I cleared security, I stopped in a restaurant for a bite to eat. When it came time to pay my bill, I received a 10 percent discount because, with my red badge holder, I was mistaken for being an airport employee (in a secure area nonetheless) and granted the employee discount. I took the 10 percent savings and ran and didn’t further cause mayhem in the secure airport terminal with my newfound identity! The point is that you or I could impersonate someone else and gain access and favors we’re not entitled to. And just try having a firewall service setting block that attack!
Today we discuss physical security from Chapter 5.
enjoy the read…harrybbbb
Harry Brelsford, ceo at smb nation, www.smbnation.com
###
Physical Security and Management Practices
Just when you thought all security was computer-related in the world of SBS, here comes a paradigm shift wherein we’ll discuss the real, physical world! The reason for broader security discussion is to get you to once again leave the bits behind for a minute and put that business hat back on. As an SBSer, you can’t help but be involved in business matters such as physical security and management practices.
Let’s Get Physical!
After reading this section, walk around your office and see if any of the following don’t ring true or otherwise apply to you:
• Is the server physically secure? Or is it placed in the open where a large gorilla (or heck, in this day and age, a guerilla) could swoop it up and ship it to a chop shop.
• Lock down time. Locking down the disk and disc drives (that’s the floppy and CD/DVD variety) can go along way to preventing the introduction of malware. Don’t forget USB ports!
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• Assuming the server isn’t sitting out in the open and is placed in a room or closet, are the doors to this area locked? Who has the keys?
• Speaking of key management, how many people have key access to your office space? Any keys still in the hands of disgruntled ex-employees?
Management
• Is there a written security policy for the use of the SBS 2003 network? Refer to Appendix A for SBS resources, such as the Yahoo! Groups that include posted documents such as security policies.
• A traditional bookkeeping matter to think about: Are the company’s business checks secure? There’s nothing like an employee with a gambling problem writing a check to stall Bruno, the mob enforcer.
• How do you feel about employee background checks? Remember some of the biggest crooks are the brightest people and have the most engaging personalities!
• Beware of psychological warfare. Kevin Mitznick and Frank Abagnale, two renowned white-collar criminals, used a form of social engineering to talk their way into profitable illegal activities—hacking into computer systems and stealing money via check fraud respectively. Mitznick would ring an employee of a company and harvest that person’s user name and password to then penetrate the company’s networks. Abagnale used things like wearing pilot uniforms to earn free flights. Both have written well-received books about their exploits and the power of social engineering.
BEST PRACTICE: Perhaps you’ve got a war story about social engineering and psychological warfare yourself that underscores the power of this penetration method and its associated security risks. I’ve got a quick one to share. Traveling home from the WWPC in New Orleans in October 2003, I used my red press pass badge holder (a conference badge holder that hangs around your neck) to
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
carry my passport identification and airline ticket. Once I cleared security, I stopped in a restaurant for a bite to eat. When it came time to pay my bill, I received a 10 percent discount because, with my red badge holder, I was mistaken for being an airport employee (in a secure area nonetheless) and granted the employee discount. I took the 10 percent savings and ran and didn’t further cause mayhem in the secure airport terminal with my newfound identity! The point is that you or I could impersonate someone else and gain access and favors we’re not entitled to. And just try having a firewall service setting block that attack!
Sunday, July 13, 2008
SBS 2003 NAT\Basic Firewall (book excerpt)
howdy-howdy....harrybbbb here posting up more of my Windows Small Business Server 2003 Best Practices book for your general consumption...hope to havethe whole darnt hing posted up by the time SBS 2008 ships!
harrybbbb
Harry Brelsford ceo at smb nation www.smbnation.com
###
Defining Basic Firewall/NAT
Meanwhile, back in the lecture hall, it’s time to lay one down on you about NAT and the Basic Firewall. You can use Basic Firewall to help secure your network from unsolicited public network traffic, such as traffic sent from the Internet. People who send such traffic might be trying to access your network without your permission. You can enable Basic Firewall for any public interface, including one that also provides network address translation (also known as NAT, an Internet Protocol (IP) translation process that allows a network with private addresses to access information on the Internet for your network).
How Basic Firewall Works
First of all, what is a firewall? Quoting directly from the online help system in SBS 2003: A firewall is a combination of hardware and software that provides
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
a security system, usually to prevent unauthorized access from outside to an internal network or intranet. A firewall prevents direct communication between network and external computers by routing communication through a proxy server outside the network. The proxy server determines whether it is safe to let a file pass through to the network. Also called a security-edge gateway.
Next, the Basic Firewall provided via RRAS in SBS 2003 is a stateful firewall which combines dynamic packet filtering of network traffic with a set of static packet filters. Said Basic Firewall monitors traffic that travels through the interface for which Basic Firewall is enabled. If the interface is configured for private network traffic only, Basic Firewall will route traffic among the computers on the private network only. The Basic Firewall will route traffic between a private network and virtual private network (VPN). I define a VPN below in the advanced section.
If the interface is configured for private network traffic and to provide NAT, each packet’s source and destination addresses are recorded in a table. All traffic from the public network is compared to the entries in the table. Traffic from the public network can reach the private network only if the table contains an entry that shows that the communication exchange originated from within the private network. In this way, Basic Firewall prevents unsolicited traffic from a public network (such as the Internet) from reaching a private network. This is a key point, pardner: We’re keeping the bad guy out here.
Service Accessibility
Perhaps you noticed earlier in this RRAS section that adding the additional services by name and port was as easy as dropping beneath the hood and simply selecting from the bevy of services contained on the Services and Ports screen (which you observed in the last step-by-step procedure above). The services on the Services and Ports screen are listed here.
• FTP Server
• Internet Mail Access Protocol Version 3 (IMAP3)
• Internet Mail Access Protocol Version 4 (IMAP4)
• Internet Mail Server (SMTP)
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• IP Security (IKE)
• IP Security (IKE NAT Traversal)
• Post-Office Protocol Version 3 (POP3)
• Remote Desktop
• Secure Web Server (HTTPS)
• Telnet Server
• VPN Gateway (L2TP/IPSec - running on this server)
• VPN Gateway (PPTP)
• Web Server (HTTP)
And if you insist, you can always add different services via the Add button on the Services and Ports tab just like you could back in the EICW.
Get Certified!
A cool feature that is managed by the Web Server Certificate page in the EICW is the ability to easily install a self-signed certificate on your SBS 2003 server machine.
BEST PRACTICE: Note the self-signed certificate is not the same as installing and configuring Certificate Services to create a certificate authority. (You can see via Control Panel, Add/Remove Programs, Windows Components that Certificate Services HAS NOT BEEN INSTALLED and configured after the Web Server Certificate page in the EICW is complete.) As author Roberta Bragg put it to me, it’s “kool” but it’s not Certificate Services. This is important to understand and perhaps you’d want to proceed to install Certificate Services for other purposes such as e-commerce. That suggestion begs the next point.
So, do you need to continue to pay the SSL King (Verisign) his ransom in the world of SBS 2003? The answer is perhaps not if you were using Certificate Services as your certificate authority. So, save those dollars to be spent on something more meaningful like taking your spouse/partner out to dinner (a real nice dinner in Vegas with your Verisign savings!).
Real world speaking, this self-signed Web certificate will be most noticeable in two ways to users. First, the address in a Web browser (known as the URL) will start with the prefix HTTPS. Second, you’ll typically need to approve the certificate when a security dialog box appears as a user commences a Web session on the SBS 2003 server. And how do you explain this to the same real-world users? Tell them this is akin to logging on to their bank (e.g., Wells Fargo) or brokerage firm (e.g., ETrade).
BEST PRACTICE: The Web Server Certificate page in the EICW is dramatically reducing the number of keystrokes you had to perform in the SBS 2000 time frame to achieve the “nearly” same kind of security-related functionality (granted, I’m comparing apples to oranges here for a few minutes, but go with it). Again, a self-signed certificate and Certificate Services are not the exact same thing.
In my now retired Advanced SBS 2000 Workshop, I demonstrated the keystrokes necessary to (1) install Certificate Services from Control Panel, Add/Remove Programs, Windows Components, (2) create a self-signed certificate, (3) apply the certificate to the appropriate locations (e.g., root of the default Web site in SBS 2003 that houses OWA), and (4) apply the SSL setting to child objects (e.g., the Public folder under IIS). Note these steps, in the SBS 2000 time frame, were documented in the following documents:
• a white paper titled “Step-by-Step Guide for Setting Up a Certificate Authority”
• the following KBase article: “Turning on SSL for Exchange 2000 Server Outlook Web Access” (Q320291)
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• KBase article: “How to Force SSL Encryption for an Outlook Web Access 2000 Client” (Q279681)
This kinda stuff is now handled via the Web Server Certificate page in the EICW (at least as far as the typical SBS network is concerned). Note the enterprise security folks reading this book would of course beg to differ and point out huge differences in a self-signed certificate and Certificate Services, such as the ability to issue certificates for IPSec (which our little ol’ self-signed certificate can’t do). Enough said.
Advanced SBS Security Topics
No chapter worth its security salt could be devoid of a few advanced security topics even though said topics are beyond the scope of this introductory volume on SPRINGERS! While my future advanced SBS 2003 text will delve deeper and fly further on a single tank of gas, try on a few of the following advanced security topics for size. Security is of such importance that this is one time we can clearly take a respite from the SPRINGERS story line and explore:
Hardware-Based Firewall
Yes, Virginia, there is native SBS 2003 support for hardware-based firewalls. It’s kosher as well and you’ll be accepted in the open and affirming SBS community. Best of all, when you select the router option in the EICW as you set up the network connection (see the third screen regarding connection type in the EICW), you’ll be able to take advantage of a really cool SBS 2003 feature: It automatically configures hardware-based routers as part of its wizardry! Say what? This isn’t a misprint. What occurs is this. If your hardware-based firewall is Universal Plug and Play (UPNP) compliant (this is an industry standard) and you provide sufficient credentials (that allow you to configure the hardware-based firewall itself), then the EICW will open the correct ports to support the services you’ve selected that need access from the Internet.
Dual-Firewall
Another popular configuration with SBS 2003 is to implement a dual firewall. In this case, you’d use the built-in firewall capability in SBS 2003 and then supplement that on the network border with an additional firewall. Note this additional firewall is typically hardware-based, but could very well be a software-based firewall from another vendor. A view of a dual firewall scenario is shown in Figure 5-12.
Figure 5-12
This is your road map for implementing a dual-firewall scenario with SBS 2003.
BEST PRACTICE: You could implement a dual firewall scenario with either SBS 2003 standard edition (with the RRAS NAT/Basic Firewall) or SBS 2003 premium edition (with ISA Server 2000 discussed later in Chapter 13).
What Is a VPN?
No, this isn’t a trick question. Many readers of this book might not actually know what a VPN is. Don’t believe me? Then you should have been there during the filming of an SBS setup video at Microsoft Studios on 158th Ave NE in Redmond the day we forgot to define VPN in the script. An important marketing manager discovered this omission and we had to play some Hollywood magic to splice in a short lecture on VPN connectivity in the post production phase. Needless to say, this drove up the video costs and since that day, I’ve never forgotten to add this lecture in any chapter where it makes sense.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Here is the official definition of a VPN taken from the online help system in SBS 2003: The extension of a private network that encompasses encapsulated, encrypted, and authenticated links across shared or public networks. VPN connections can provide remote access and routed connections to private networks over the Internet client computers. However, computers that are part of a private network will not be able to detect computers outside of the private network, and computers that are not part of the private network will not be able to detect computers that belong to the private network.
Relating VPN connectivity to security is the next step. You might be saying “Who cares?” at this point. Both you and I care. When the shoe fits, establishing a VPN connection using either the point-to-point tunneling protocol (a poor man’s encryption method) or layer-two tunneling protocol (a rich man’s encryption method that requires a certificate authority) creates a secure link between a remote computer and the SBS 2003 network. Essentially, you can compute with less worry from afar.
BEST PRACTICE: I’ll touch on VPN connectivity in Chapter 8 again with step by step procedures. And don’t forget you actually configured server-side VPN connectivity in Chapter 4 when you completed the Configure Remote Access link. Be advised much deeper discussion is beyond the scope of this introductory SBS 2003 volume. Look for richer VPN discussion in my advanced SBS 2003 text due in mid-2004.
harrybbbb
Harry Brelsford ceo at smb nation www.smbnation.com
###
Defining Basic Firewall/NAT
Meanwhile, back in the lecture hall, it’s time to lay one down on you about NAT and the Basic Firewall. You can use Basic Firewall to help secure your network from unsolicited public network traffic, such as traffic sent from the Internet. People who send such traffic might be trying to access your network without your permission. You can enable Basic Firewall for any public interface, including one that also provides network address translation (also known as NAT, an Internet Protocol (IP) translation process that allows a network with private addresses to access information on the Internet for your network).
How Basic Firewall Works
First of all, what is a firewall? Quoting directly from the online help system in SBS 2003: A firewall is a combination of hardware and software that provides
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
a security system, usually to prevent unauthorized access from outside to an internal network or intranet. A firewall prevents direct communication between network and external computers by routing communication through a proxy server outside the network. The proxy server determines whether it is safe to let a file pass through to the network. Also called a security-edge gateway.
Next, the Basic Firewall provided via RRAS in SBS 2003 is a stateful firewall which combines dynamic packet filtering of network traffic with a set of static packet filters. Said Basic Firewall monitors traffic that travels through the interface for which Basic Firewall is enabled. If the interface is configured for private network traffic only, Basic Firewall will route traffic among the computers on the private network only. The Basic Firewall will route traffic between a private network and virtual private network (VPN). I define a VPN below in the advanced section.
If the interface is configured for private network traffic and to provide NAT, each packet’s source and destination addresses are recorded in a table. All traffic from the public network is compared to the entries in the table. Traffic from the public network can reach the private network only if the table contains an entry that shows that the communication exchange originated from within the private network. In this way, Basic Firewall prevents unsolicited traffic from a public network (such as the Internet) from reaching a private network. This is a key point, pardner: We’re keeping the bad guy out here.
Service Accessibility
Perhaps you noticed earlier in this RRAS section that adding the additional services by name and port was as easy as dropping beneath the hood and simply selecting from the bevy of services contained on the Services and Ports screen (which you observed in the last step-by-step procedure above). The services on the Services and Ports screen are listed here.
• FTP Server
• Internet Mail Access Protocol Version 3 (IMAP3)
• Internet Mail Access Protocol Version 4 (IMAP4)
• Internet Mail Server (SMTP)
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• IP Security (IKE)
• IP Security (IKE NAT Traversal)
• Post-Office Protocol Version 3 (POP3)
• Remote Desktop
• Secure Web Server (HTTPS)
• Telnet Server
• VPN Gateway (L2TP/IPSec - running on this server)
• VPN Gateway (PPTP)
• Web Server (HTTP)
And if you insist, you can always add different services via the Add button on the Services and Ports tab just like you could back in the EICW.
Get Certified!
A cool feature that is managed by the Web Server Certificate page in the EICW is the ability to easily install a self-signed certificate on your SBS 2003 server machine.
BEST PRACTICE: Note the self-signed certificate is not the same as installing and configuring Certificate Services to create a certificate authority. (You can see via Control Panel, Add/Remove Programs, Windows Components that Certificate Services HAS NOT BEEN INSTALLED and configured after the Web Server Certificate page in the EICW is complete.) As author Roberta Bragg put it to me, it’s “kool” but it’s not Certificate Services. This is important to understand and perhaps you’d want to proceed to install Certificate Services for other purposes such as e-commerce. That suggestion begs the next point.
So, do you need to continue to pay the SSL King (Verisign) his ransom in the world of SBS 2003? The answer is perhaps not if you were using Certificate Services as your certificate authority. So, save those dollars to be spent on something more meaningful like taking your spouse/partner out to dinner (a real nice dinner in Vegas with your Verisign savings!).
Real world speaking, this self-signed Web certificate will be most noticeable in two ways to users. First, the address in a Web browser (known as the URL) will start with the prefix HTTPS. Second, you’ll typically need to approve the certificate when a security dialog box appears as a user commences a Web session on the SBS 2003 server. And how do you explain this to the same real-world users? Tell them this is akin to logging on to their bank (e.g., Wells Fargo) or brokerage firm (e.g., ETrade).
BEST PRACTICE: The Web Server Certificate page in the EICW is dramatically reducing the number of keystrokes you had to perform in the SBS 2000 time frame to achieve the “nearly” same kind of security-related functionality (granted, I’m comparing apples to oranges here for a few minutes, but go with it). Again, a self-signed certificate and Certificate Services are not the exact same thing.
In my now retired Advanced SBS 2000 Workshop, I demonstrated the keystrokes necessary to (1) install Certificate Services from Control Panel, Add/Remove Programs, Windows Components, (2) create a self-signed certificate, (3) apply the certificate to the appropriate locations (e.g., root of the default Web site in SBS 2003 that houses OWA), and (4) apply the SSL setting to child objects (e.g., the Public folder under IIS). Note these steps, in the SBS 2000 time frame, were documented in the following documents:
• a white paper titled “Step-by-Step Guide for Setting Up a Certificate Authority”
• the following KBase article: “Turning on SSL for Exchange 2000 Server Outlook Web Access” (Q320291)
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
• KBase article: “How to Force SSL Encryption for an Outlook Web Access 2000 Client” (Q279681)
This kinda stuff is now handled via the Web Server Certificate page in the EICW (at least as far as the typical SBS network is concerned). Note the enterprise security folks reading this book would of course beg to differ and point out huge differences in a self-signed certificate and Certificate Services, such as the ability to issue certificates for IPSec (which our little ol’ self-signed certificate can’t do). Enough said.
Advanced SBS Security Topics
No chapter worth its security salt could be devoid of a few advanced security topics even though said topics are beyond the scope of this introductory volume on SPRINGERS! While my future advanced SBS 2003 text will delve deeper and fly further on a single tank of gas, try on a few of the following advanced security topics for size. Security is of such importance that this is one time we can clearly take a respite from the SPRINGERS story line and explore:
Hardware-Based Firewall
Yes, Virginia, there is native SBS 2003 support for hardware-based firewalls. It’s kosher as well and you’ll be accepted in the open and affirming SBS community. Best of all, when you select the router option in the EICW as you set up the network connection (see the third screen regarding connection type in the EICW), you’ll be able to take advantage of a really cool SBS 2003 feature: It automatically configures hardware-based routers as part of its wizardry! Say what? This isn’t a misprint. What occurs is this. If your hardware-based firewall is Universal Plug and Play (UPNP) compliant (this is an industry standard) and you provide sufficient credentials (that allow you to configure the hardware-based firewall itself), then the EICW will open the correct ports to support the services you’ve selected that need access from the Internet.
Dual-Firewall
Another popular configuration with SBS 2003 is to implement a dual firewall. In this case, you’d use the built-in firewall capability in SBS 2003 and then supplement that on the network border with an additional firewall. Note this additional firewall is typically hardware-based, but could very well be a software-based firewall from another vendor. A view of a dual firewall scenario is shown in Figure 5-12.
Figure 5-12
This is your road map for implementing a dual-firewall scenario with SBS 2003.
BEST PRACTICE: You could implement a dual firewall scenario with either SBS 2003 standard edition (with the RRAS NAT/Basic Firewall) or SBS 2003 premium edition (with ISA Server 2000 discussed later in Chapter 13).
What Is a VPN?
No, this isn’t a trick question. Many readers of this book might not actually know what a VPN is. Don’t believe me? Then you should have been there during the filming of an SBS setup video at Microsoft Studios on 158th Ave NE in Redmond the day we forgot to define VPN in the script. An important marketing manager discovered this omission and we had to play some Hollywood magic to splice in a short lecture on VPN connectivity in the post production phase. Needless to say, this drove up the video costs and since that day, I’ve never forgotten to add this lecture in any chapter where it makes sense.
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Here is the official definition of a VPN taken from the online help system in SBS 2003: The extension of a private network that encompasses encapsulated, encrypted, and authenticated links across shared or public networks. VPN connections can provide remote access and routed connections to private networks over the Internet client computers. However, computers that are part of a private network will not be able to detect computers outside of the private network, and computers that are not part of the private network will not be able to detect computers that belong to the private network.
Relating VPN connectivity to security is the next step. You might be saying “Who cares?” at this point. Both you and I care. When the shoe fits, establishing a VPN connection using either the point-to-point tunneling protocol (a poor man’s encryption method) or layer-two tunneling protocol (a rich man’s encryption method that requires a certificate authority) creates a secure link between a remote computer and the SBS 2003 network. Essentially, you can compute with less worry from afar.
BEST PRACTICE: I’ll touch on VPN connectivity in Chapter 8 again with step by step procedures. And don’t forget you actually configured server-side VPN connectivity in Chapter 4 when you completed the Configure Remote Access link. Be advised much deeper discussion is beyond the scope of this introductory SBS 2003 volume. Look for richer VPN discussion in my advanced SBS 2003 text due in mid-2004.
Wednesday, July 9, 2008
SBS 2003 security - revisiting setup and automatic updates
hi everyone - Harrybbbb here, the author of the Windows Small Business Server 2003 Best Practices book and a fellow Microsoft Small Business Specialist (SBSC). Today I am posting up moreof Chapter 5from my purple book.
This chapter is about security and we now discuss SBS setup fundamentals that impact security. Enjoy!
harrybbbbb Harry Brelsford CEO at SMB Nation www.smbnation.com
###
SBS Setup Revisited
Believe it or not, you’ve already taken significant steps so far in making your SBS network secure. For example, you have deployed the SPRINGERS network with two network adapter cards (aka network interface card or NIC) that will create something of a “Great Barrier Reef” (GBR) to create a division between good and evil (Figure 5-1). The GBR will make even more sense in a few more passages when you explore the Routing and Remote Access Service (RRAS) basic firewall capability in SBS 2003.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 5-1
This figure shows at a high-level how two network adapter cards work in conjunction with SBS 2003.
BEST PRACTICE: You’ll recall that the two network adapter cards were suggested during the SBS setup at mid-point via a setup warning message. This was discussed in Chapter 3. And I’m honor bound to comment that while the two network adapter card method is much preferred, remember that the crown jewels are sitting atop the “reef,” to follow my analogy. You have been so advised.
Another task you completed in the SBS 2003 setup phase was naming the internal domain (SPRINGERSLTD.LOCAL). This act laid the foundation for having separate DNS domains and creating separation from the outside world. Read on to the next paragraph to “hear the rest of the story” on this.
You also completed the E-mail and Internet Connection Wizard (EICW) in the prior Chapter (Chapter 4). It was necessary to complete that wizard, which applied many security configurations to SBS 2003, in that particular chapter to maintain “order” in the SPRINGERS methodology. In the EICW, you referred to and configured SBS 2003 to realize and recognize the external domain (SPRINGERSLTD.COM). So between the SBS 2003 setup process and completing the EICW, you effectively created domain separation, which is a good thing. Why? Because you’ve shielded the internal domain from external viewing. But heed this disclaimer: The outsiders can still see the external IP address of the wild side network adapter card on the SBS server machine.
Whether you knew it or not, basic auditing was turned on as part of the SBS setup process so that logons are recorded in the Security log under Event Viewer (this is located under System Tools beneath Computer Management (Local) under Advanced Management). My forthcoming advanced text on SBS 2003 will cover auditing in much more detail.
And finally, you completed the password policies settings, read the security best practices stuff from the To Do List, completed the remote access configurations (which inherently have security in mind), and so on. So you’re not new to security in SBS.
Updates!
With SBS 2003, as soon as you’re connected to the Internet, you need to RUN, NOT WALK to implement the very latest patches. This will make your machine “fit” for service, and should be done given the speed in which gremlins travel on the Internet. As elegantly pointed out by Microsoft CEO Steve Ballmer at the SBS 2003 launch at the WWPC, the time between identification of vulnerability and acts that exploit said vulnerability has been dramatically compressed. Waiting only minutes prior to implementing the latest patches clearly exposes your “naked” SBS 2003 server machine to worms and other bad stuff. And if your SBS server machine is located in New Delhi, India, be sure to immediately secure it physically so it’s not attacked and stolen by monkeys! (An almost-true story here as told to yours truly).
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Automatic Updates!
Because this is such an easy step, it’s easy to overlook. In fact, overlooking this task is one of Microsoft’s great fears and was the subject of extensive media coverage in the fall of 2003. Why? Because Microsoft, as displayed by Ballmer in his WWPC keynote address, has typically released a patch to correct a vulnerability before someone exploits that vulnerability (e.g., Microsoft released its SQL Server Slammer patch before the worm was released in the wild). But the problem is that folks don’t take the time update their computers. So while the patch existed, in many cases it hadn’t been applied. That certainly reflected some “dark days” in the world of network administration and exposed some of us to be less than competent at our SBSer job.
This specific issue about getting folks to update their system has spawned significant debate in the technology community and media. One side believes that Microsoft should automatically update your system as its default, out of the box configuration. Others are concerned about the privacy issues involved in allowing Microsoft to collect machine configuration information (so it can decide what to apply!). You are encouraged to follow popular journals such as CRN (www.crn.com) to monitor this technical/social/political debate.
Note that you will remember in Chapter 4 the automatic update function started to run at the conclusion of the E-mail and Internet Connection Wizard (EICW). However, I elected to defer the in-depth updating discussion until this chapter to make it “fit” the security discussion.
You might be amazed at how easy it is to actually update your SBS 2003 system with the latest patches. Follow these steps.
1 Log on to your SBS 2003 server machine (e.g., SPRINGERS1) as Administrator (which in the case of SPRINGERS would use the password Husky9999!).
2 Click Start, All Programs, Windows Update.
3 Click Next at the Automatic Updates Setup Wizard page where you are welcomed.
BEST PRACTICE: Perhaps the socio-political discussion earlier in this section hit home with you. On the Automatic Updates Setup Wizard page, there are links that allow you to learn how automatic updates
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
impact your licensing agreement and how Microsoft’s privacy policy affects you when Automatic Update is run.
4. The Notification Settings page (Figure 5-2) allows you to configure the Automatic Update settings. This relates to the degree in which you want the update function to be automatic. For example, are you interested in having the updates automatically updated and applied? Probably not, as I’ll explain in the next Best Practice. The default selection regarding downloading updates automatically and notifying you is the preferred method (this is advisory mode).
Figure 5-2
For SPRINGERS, please make your screen look similar to this figure.
BEST PRACTICE: Civil liberties and privacy concerns aside, you want some control over how your updates are applied and the automatic deployment of updates is typically frowned upon. Why? Because you may well want to test the updates on a sample network (e.g., SPRINGERS with a live Internet connection on a test server) before applying the updates to a real production machine. Once in a blue
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
moon, a patch will fix one thing and break two (that statement isn’t to fault Microsoft, but rather speak the truth and appreciate the complexities of software interaction).
So test and verify whenever possible before deploying patches on a production server machine!
5. Click Finish on the Completing the Automatic Updates Setup Wizard page. Note there is no link titled “here” to save this as part of your SBS 2003 network notebook, because this isn’t a native SBS 2003 Wizard.
6. An Internet Explorer Web browser will launch and connect to Microsoft’s automatic update site (http://v4.windowsupdate.microsoft.com/en/default.asp). Note in the case of your imaginary implementation of SPRINGERS, it may well be that you aren’t truly connected to the Internet. But in the “real world” you likely would be connected to the Internet and could complete this task as expected.
7. Approve the request from Microsoft to download a component called “Windows Update” to analyze your machine by clicking Yes. It is this process that will assess what patches are missing and need to be applied. Oh, and you may select the checkbox to Always trust content from Microsoft Corporation.
8. On the Welcome to Windows Update page that appears, click Scan for updates.
9. A screen of suggested updates will be displayed next (titled Pick updates to install). Click Review and install updates.
10. The actual updates to approve and install are shown in Figure 5-3 on the Total Selected Updates screen. You may remove updates at this point that you do not care to install. Because this book, being written in the fall of 2003, is only as current as the day on which I wrote it, I can’t even hope to recreate a figure that displays the update you’re likely to see at a future date. Bear with me. Assuming the suggested updates are acceptable, click Install Now.
Notes:
Figure 5-3
Carefully review each update before proceeding. If in doubt, remove the update and reconsider it at a future time (don’t wait too long though, but be careful nonetheless).
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
11. You will likely need to approve a license agreement for one or more of the updates being applied. Such an agreement might look like Figure 5-4. Click Accept.
Figure 5-4
Accept any necessary license agreements so that you can proceed.
Notes:
12. A component progress dialog box will be displayed similar to Figure 5-5.
13. You will arrive at the Installation Complete page seen in Figure 56 and you will likely be asked for a reboot at this stage. This is normal; see my further discussion under patch management.
Figure 5-5
You can monitor the status of the updates being applied.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 5-6
Success followed by a reboot.
BEST PRACTICE: Don’t forget to run Automatic Update on all of your workstations. These individual workstations on the SBS network need to stay-ship shape as well!
BEST PRACTICE: Sometimes you’ll have a configuration that is slightly different from what Automatic Update expects to see and what it can report. For example, perhaps Automatic Update isn’t the best way to keep your legacy NetMeeting application patched because it doesn’t necessarily know about, care about, and have the smarts to deal with that application. So some updates are applied manually by visiting the Microsoft security Web site at www.microsoft.com/security.
Of course the above paragraph only begs the question: HOW
WOULD YOU KNOW TO GO TO THAT SITE AND CHECK FOR
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
MANUAL UPDATES? Calm down! You can subscribe to my SBS newsletter wherein I’ll announce such updates and you can subscribe to the Microsoft security bulletins at the aforementioned site to receive similar notices. See the resources section near the end of this chapter for more information.
This chapter is about security and we now discuss SBS setup fundamentals that impact security. Enjoy!
harrybbbbb Harry Brelsford CEO at SMB Nation www.smbnation.com
###
SBS Setup Revisited
Believe it or not, you’ve already taken significant steps so far in making your SBS network secure. For example, you have deployed the SPRINGERS network with two network adapter cards (aka network interface card or NIC) that will create something of a “Great Barrier Reef” (GBR) to create a division between good and evil (Figure 5-1). The GBR will make even more sense in a few more passages when you explore the Routing and Remote Access Service (RRAS) basic firewall capability in SBS 2003.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 5-1
This figure shows at a high-level how two network adapter cards work in conjunction with SBS 2003.
BEST PRACTICE: You’ll recall that the two network adapter cards were suggested during the SBS setup at mid-point via a setup warning message. This was discussed in Chapter 3. And I’m honor bound to comment that while the two network adapter card method is much preferred, remember that the crown jewels are sitting atop the “reef,” to follow my analogy. You have been so advised.
Another task you completed in the SBS 2003 setup phase was naming the internal domain (SPRINGERSLTD.LOCAL). This act laid the foundation for having separate DNS domains and creating separation from the outside world. Read on to the next paragraph to “hear the rest of the story” on this.
You also completed the E-mail and Internet Connection Wizard (EICW) in the prior Chapter (Chapter 4). It was necessary to complete that wizard, which applied many security configurations to SBS 2003, in that particular chapter to maintain “order” in the SPRINGERS methodology. In the EICW, you referred to and configured SBS 2003 to realize and recognize the external domain (SPRINGERSLTD.COM). So between the SBS 2003 setup process and completing the EICW, you effectively created domain separation, which is a good thing. Why? Because you’ve shielded the internal domain from external viewing. But heed this disclaimer: The outsiders can still see the external IP address of the wild side network adapter card on the SBS server machine.
Whether you knew it or not, basic auditing was turned on as part of the SBS setup process so that logons are recorded in the Security log under Event Viewer (this is located under System Tools beneath Computer Management (Local) under Advanced Management). My forthcoming advanced text on SBS 2003 will cover auditing in much more detail.
And finally, you completed the password policies settings, read the security best practices stuff from the To Do List, completed the remote access configurations (which inherently have security in mind), and so on. So you’re not new to security in SBS.
Updates!
With SBS 2003, as soon as you’re connected to the Internet, you need to RUN, NOT WALK to implement the very latest patches. This will make your machine “fit” for service, and should be done given the speed in which gremlins travel on the Internet. As elegantly pointed out by Microsoft CEO Steve Ballmer at the SBS 2003 launch at the WWPC, the time between identification of vulnerability and acts that exploit said vulnerability has been dramatically compressed. Waiting only minutes prior to implementing the latest patches clearly exposes your “naked” SBS 2003 server machine to worms and other bad stuff. And if your SBS server machine is located in New Delhi, India, be sure to immediately secure it physically so it’s not attacked and stolen by monkeys! (An almost-true story here as told to yours truly).
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Automatic Updates!
Because this is such an easy step, it’s easy to overlook. In fact, overlooking this task is one of Microsoft’s great fears and was the subject of extensive media coverage in the fall of 2003. Why? Because Microsoft, as displayed by Ballmer in his WWPC keynote address, has typically released a patch to correct a vulnerability before someone exploits that vulnerability (e.g., Microsoft released its SQL Server Slammer patch before the worm was released in the wild). But the problem is that folks don’t take the time update their computers. So while the patch existed, in many cases it hadn’t been applied. That certainly reflected some “dark days” in the world of network administration and exposed some of us to be less than competent at our SBSer job.
This specific issue about getting folks to update their system has spawned significant debate in the technology community and media. One side believes that Microsoft should automatically update your system as its default, out of the box configuration. Others are concerned about the privacy issues involved in allowing Microsoft to collect machine configuration information (so it can decide what to apply!). You are encouraged to follow popular journals such as CRN (www.crn.com) to monitor this technical/social/political debate.
Note that you will remember in Chapter 4 the automatic update function started to run at the conclusion of the E-mail and Internet Connection Wizard (EICW). However, I elected to defer the in-depth updating discussion until this chapter to make it “fit” the security discussion.
You might be amazed at how easy it is to actually update your SBS 2003 system with the latest patches. Follow these steps.
1 Log on to your SBS 2003 server machine (e.g., SPRINGERS1) as Administrator (which in the case of SPRINGERS would use the password Husky9999!).
2 Click Start, All Programs, Windows Update.
3 Click Next at the Automatic Updates Setup Wizard page where you are welcomed.
BEST PRACTICE: Perhaps the socio-political discussion earlier in this section hit home with you. On the Automatic Updates Setup Wizard page, there are links that allow you to learn how automatic updates
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
impact your licensing agreement and how Microsoft’s privacy policy affects you when Automatic Update is run.
4. The Notification Settings page (Figure 5-2) allows you to configure the Automatic Update settings. This relates to the degree in which you want the update function to be automatic. For example, are you interested in having the updates automatically updated and applied? Probably not, as I’ll explain in the next Best Practice. The default selection regarding downloading updates automatically and notifying you is the preferred method (this is advisory mode).
Figure 5-2
For SPRINGERS, please make your screen look similar to this figure.
BEST PRACTICE: Civil liberties and privacy concerns aside, you want some control over how your updates are applied and the automatic deployment of updates is typically frowned upon. Why? Because you may well want to test the updates on a sample network (e.g., SPRINGERS with a live Internet connection on a test server) before applying the updates to a real production machine. Once in a blue
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
moon, a patch will fix one thing and break two (that statement isn’t to fault Microsoft, but rather speak the truth and appreciate the complexities of software interaction).
So test and verify whenever possible before deploying patches on a production server machine!
5. Click Finish on the Completing the Automatic Updates Setup Wizard page. Note there is no link titled “here” to save this as part of your SBS 2003 network notebook, because this isn’t a native SBS 2003 Wizard.
6. An Internet Explorer Web browser will launch and connect to Microsoft’s automatic update site (http://v4.windowsupdate.microsoft.com/en/default.asp). Note in the case of your imaginary implementation of SPRINGERS, it may well be that you aren’t truly connected to the Internet. But in the “real world” you likely would be connected to the Internet and could complete this task as expected.
7. Approve the request from Microsoft to download a component called “Windows Update” to analyze your machine by clicking Yes. It is this process that will assess what patches are missing and need to be applied. Oh, and you may select the checkbox to Always trust content from Microsoft Corporation.
8. On the Welcome to Windows Update page that appears, click Scan for updates.
9. A screen of suggested updates will be displayed next (titled Pick updates to install). Click Review and install updates.
10. The actual updates to approve and install are shown in Figure 5-3 on the Total Selected Updates screen. You may remove updates at this point that you do not care to install. Because this book, being written in the fall of 2003, is only as current as the day on which I wrote it, I can’t even hope to recreate a figure that displays the update you’re likely to see at a future date. Bear with me. Assuming the suggested updates are acceptable, click Install Now.
Notes:
Figure 5-3
Carefully review each update before proceeding. If in doubt, remove the update and reconsider it at a future time (don’t wait too long though, but be careful nonetheless).
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
11. You will likely need to approve a license agreement for one or more of the updates being applied. Such an agreement might look like Figure 5-4. Click Accept.
Figure 5-4
Accept any necessary license agreements so that you can proceed.
Notes:
12. A component progress dialog box will be displayed similar to Figure 5-5.
13. You will arrive at the Installation Complete page seen in Figure 56 and you will likely be asked for a reboot at this stage. This is normal; see my further discussion under patch management.
Figure 5-5
You can monitor the status of the updates being applied.
Notes:
Visit www.microsoft.com/technet for the latest updates for any Microsoft product.
Figure 5-6
Success followed by a reboot.
BEST PRACTICE: Don’t forget to run Automatic Update on all of your workstations. These individual workstations on the SBS network need to stay-ship shape as well!
BEST PRACTICE: Sometimes you’ll have a configuration that is slightly different from what Automatic Update expects to see and what it can report. For example, perhaps Automatic Update isn’t the best way to keep your legacy NetMeeting application patched because it doesn’t necessarily know about, care about, and have the smarts to deal with that application. So some updates are applied manually by visiting the Microsoft security Web site at www.microsoft.com/security.
Of course the above paragraph only begs the question: HOW
WOULD YOU KNOW TO GO TO THAT SITE AND CHECK FOR
Visit www.smbnation.com for additional SMB and SBS book, newsletter and conference resources.
MANUAL UPDATES? Calm down! You can subscribe to my SBS newsletter wherein I’ll announce such updates and you can subscribe to the Microsoft security bulletins at the aforementioned site to receive similar notices. See the resources section near the end of this chapter for more information.
Tuesday, July 8, 2008
SBS 2008 to RTM\go gold in early October
Hello from WPC. MS finally revealed the dates today!!!! Here is the press release (below)
cheers….harrybbbb
Harry Brelsford,CEO, SMB Nation, www.smbnation.com
###
Partners Gear Up for Big Opportunities with Windows Essential Server Solutions
Q&A: Steven VanRoekel, senior director, Windows Server Solutions Group at Microsoft, announces launch date for Windows Small Business Server 2008 and Windows Essential Business Server 2008, Release Candidate 1 versions, plus new hardware partners and development kits for software vendors.
Related Links
Videos:
•
SAM Interview
Feature Stories:
•
Integrated IT Designed for Midsized Businesses – Nov. 7, 2007
Press Releases:
•
Windows Essential Server Solutions Simplify Big Business IT for Small and Midsize Companies– Feb. 20, 2008
•
Microsoft Announces Public Preview and Pricing for Windows Essential Server Solutions – May 13, 2008
Virtual Pressrooms:
•
Microsoft Worldwide Partner Conference 2008 Virtual Pressroom
•
Windows Essential Server Solutions Virtual Press Room
Microsoft Resources:
•
Windows Essential Server Solutions Web Site
HOUSTON – July 7, 2008 – Today at the Microsoft Worldwide Partner Conference (WPC), Microsoft detailed how IT consultants working with small and midsize businesses will benefit from Windows Essential Server Solutions: Windows Small Business Server 2008 and Windows Essential Business Server 2008.
PressPass spoke with Steven VanRoekel, senior director of the Windows Server Solutions group at Microsoft, to find out what partners and customers can expect from today’s announcements.
PressPass: What are you announcing today?
Steven VanRoekel, senior director, Windows Server Solutions Group, Microsoft
Click for high-res version.
VanRoekel: We’re making several announcements that are especially important for partners as they prepare to use Windows Essential Server Solutions to help their small and midsize customers be more productive and grow.
I am excited to announce that Nov. 12, 2008, is the official launch date for Windows Small Business Server 2008 and Windows Essential Business Server 2008. Activities that day will signal availability of both solutions and kick off launch efforts worldwide. In many ways, though, we consider WPC our launch for partners and we want to help them plan and prepare for the solutions.
We are also announcing that both solutions are reaching the Release Candidate 1 milestone, another step toward final release. Pre-release versions of Small Business Server 2008 and Essential Business Server 2008 are available for download and evaluation now through www.multiplyyourpower.com.
I’m also pleased to announce that Dell and Wortmann AG in Europe are among the companies planning to deliver hardware systems powered by Essential Business Server 2008 and Small Business Server 2008. Software development kits and other resources will be available to software vendors, so their products can be truly integrated with and managed from within the Windows Essential Server Solutions.
PressPass: What exactly are Windows Essential Server Solutions?
VanRoekel: Windows Essential Server Solutions, which include Windows Small Business Server 2008 and Essential Business Server 2008, are our family of integrated, all-in-one IT solutions designed and priced for small and midsize businesses. By combining Microsoft technologies such as Windows Server 2008, Exchange Server 2007, SQL Server 2008 and other Microsoft products and services, these solutions make the benefits of enterprise-class IT accessible, affordable and simpler for smaller organizations.
PressPass: What business opportunities do the solutions present to Microsoft partners?
VanRoekel: According to IDC, there are roughly 35 million small and midsize businesses (SMBs) worldwide, and many see IT as a way to prosper and grow their business. In fact, according to IDC, IT spending worldwide will grow by 5.2 percent annually through 2012, but worldwide SMB IT spending will grow by 7.0 percent during this same period. *
Small and midsize organizations frequently rely on consultants to build and manage their IT. Accordingly, we designed the solutions with partners in mind. Specifically, Windows Essential Server Solutions give partners consistent platforms that help reduce deployment costs, grow managed service revenues, earn higher margins and support more customers more efficiently. And, perhaps most importantly, the solutions help partners develop stronger, mutually beneficial relationships with their clients.
Some partners have told us they believe they will be able to increase their customer base by 25 percent to 50 percent with Small Business Server 2008. Other partners foresee 20 percent to 50 percent growth of their customer base with Essential Business Server 2008, which is a brand-new Microsoft product, because it allows them to more easily deliver products, consulting and deployment services for midsize clients.
Partners have forecast cost savings of 10 percent to 20 percent with the solutions, because they provide a consistent infrastructure partners can easily deploy to more customers. This means cost savings they can pass on to the client that free up budget for new business applications and capabilities, such as collaboration and support for remote or mobile workers. These applications in turn generate higher margins for partners and help them deliver greater value to their customers.
PressPass: How is Microsoft helping IT consultants take advantage of Windows Essential Server Solutions?
VanRoekel:Our partners were front and center as we built the Windows Essential Server Solutions. We collaborated with them throughout the whole product design, development and testing process. Our goal was to ensure they can implement and manage the solutions for customers in an easily repeatable manner. In addition, the Premium Editions of the solutions provide great platforms for the business applications that their customers want. The Remote Web Workplace feature helps partners easily support their customers’ mobile employees. And the solutions’ pricing provides partners with not only more upfront revenue, but also generous cost savings for clients.
We’re also making big investment in training, programs and offers to help partners take advantage of the solutions. In the next year we plan to train more than 25,000 partners through events and online tools, and at the Worldwide Partner Conference we expect to educate more than 2,000 partners. And, of course, Small Business Server 2008 and Essential Business Server 2008 are an important part of the current and future Microsoft Partner Program offerings.
We are also introducing a new online tool, called Solutions Pathway. This tool will allow partners to easily assess customers’ current investments in Microsoft server technologies, and then receive savings of approximately 30 percent or more on upgrades or migrations to the solutions.
Beyond this, we are rolling out a number of special offers, such as rebates of up to $200 (U.S.) for solution provider partners configuring Windows Small Business Server 2003 R2 for clients who acquire the software and purchase Software Assurance within a certain time period. Software Assurance will provide the upgrade to Small Business Server 2008 at no additional cost when it is available, with full access to support, tools and training.
PressPass: What opportunities do independent software vendors (ISVs) have with Windows Essential Server Solutions?
VanRoekel: Both Essential Server Solutions products are a great way for our software partners to meet the needs of SMB customers. The more than 160 applications certified to run on Windows Server 2008 will be compatible with Small Business Server 2008 and Essential Business Server 2008. Building on that, we are making software development kits available on the Microsoft Developer Network (MSDN), so software partners will be able to easily integrate their applications with the solutions’ central administration consoles. We estimate this will allow IT consultants and their customers to perform as much as 80 percent of their typical IT management tasks through one console, saving significant time and resources. This week we are introducing the Essential Business Server development center to provide guidance about application compatibility and integration, including how-to’s, downloads, templates and code samples.
At WPC this week, several of our software partners including CA, Citrix Systems, Symantec Corp. and Trend Micro Inc. are demonstrating their applications’ integration with Essential Business Server, which some of our beta testers are already using. We’re also showcasing Essential Business Server’s integration with other Microsoft applications, including Microsoft Dynamics, System Center Data Protection Manager and Microsoft Office SharePoint Server. CA, Symantec and Trend Micro plan to integrate their applications with Small Business Server 2008 too.
PressPass: Who are your hardware partners?
VanRoekel: Our hardware partners are excited about the new opportunities presented by the Essential Server Solutions to help our joint customers. There will be a wide variety of systems running or optimized for both products by the end of the year. AMD, Dell, HP, IBM and Intel are all demonstrating systems at the Worldwide Partner Conference this week. Fujitsu Siemens Computers and Wortmann AG in Europe also plan to deliver products built on both of the solutions. HP, IBM and Intel are integrating their hardware management software with Essential Business Server.
PressPass: What is the one thing you would like partners to take away from this interview?
I hope our partners will download and evaluate the Windows Essential Server Solutions and take advantage of the wealth of training and guidance we are providing as we progress toward launch. We are investing in their success, and the success of their customers.
cheers….harrybbbb
Harry Brelsford,CEO, SMB Nation, www.smbnation.com
###
Partners Gear Up for Big Opportunities with Windows Essential Server Solutions
Q&A: Steven VanRoekel, senior director, Windows Server Solutions Group at Microsoft, announces launch date for Windows Small Business Server 2008 and Windows Essential Business Server 2008, Release Candidate 1 versions, plus new hardware partners and development kits for software vendors.
Related Links
Videos:
•
SAM Interview
Feature Stories:
•
Integrated IT Designed for Midsized Businesses – Nov. 7, 2007
Press Releases:
•
Windows Essential Server Solutions Simplify Big Business IT for Small and Midsize Companies– Feb. 20, 2008
•
Microsoft Announces Public Preview and Pricing for Windows Essential Server Solutions – May 13, 2008
Virtual Pressrooms:
•
Microsoft Worldwide Partner Conference 2008 Virtual Pressroom
•
Windows Essential Server Solutions Virtual Press Room
Microsoft Resources:
•
Windows Essential Server Solutions Web Site
HOUSTON – July 7, 2008 – Today at the Microsoft Worldwide Partner Conference (WPC), Microsoft detailed how IT consultants working with small and midsize businesses will benefit from Windows Essential Server Solutions: Windows Small Business Server 2008 and Windows Essential Business Server 2008.
PressPass spoke with Steven VanRoekel, senior director of the Windows Server Solutions group at Microsoft, to find out what partners and customers can expect from today’s announcements.
PressPass: What are you announcing today?
Steven VanRoekel, senior director, Windows Server Solutions Group, Microsoft
Click for high-res version.
VanRoekel: We’re making several announcements that are especially important for partners as they prepare to use Windows Essential Server Solutions to help their small and midsize customers be more productive and grow.
I am excited to announce that Nov. 12, 2008, is the official launch date for Windows Small Business Server 2008 and Windows Essential Business Server 2008. Activities that day will signal availability of both solutions and kick off launch efforts worldwide. In many ways, though, we consider WPC our launch for partners and we want to help them plan and prepare for the solutions.
We are also announcing that both solutions are reaching the Release Candidate 1 milestone, another step toward final release. Pre-release versions of Small Business Server 2008 and Essential Business Server 2008 are available for download and evaluation now through www.multiplyyourpower.com.
I’m also pleased to announce that Dell and Wortmann AG in Europe are among the companies planning to deliver hardware systems powered by Essential Business Server 2008 and Small Business Server 2008. Software development kits and other resources will be available to software vendors, so their products can be truly integrated with and managed from within the Windows Essential Server Solutions.
PressPass: What exactly are Windows Essential Server Solutions?
VanRoekel: Windows Essential Server Solutions, which include Windows Small Business Server 2008 and Essential Business Server 2008, are our family of integrated, all-in-one IT solutions designed and priced for small and midsize businesses. By combining Microsoft technologies such as Windows Server 2008, Exchange Server 2007, SQL Server 2008 and other Microsoft products and services, these solutions make the benefits of enterprise-class IT accessible, affordable and simpler for smaller organizations.
PressPass: What business opportunities do the solutions present to Microsoft partners?
VanRoekel: According to IDC, there are roughly 35 million small and midsize businesses (SMBs) worldwide, and many see IT as a way to prosper and grow their business. In fact, according to IDC, IT spending worldwide will grow by 5.2 percent annually through 2012, but worldwide SMB IT spending will grow by 7.0 percent during this same period. *
Small and midsize organizations frequently rely on consultants to build and manage their IT. Accordingly, we designed the solutions with partners in mind. Specifically, Windows Essential Server Solutions give partners consistent platforms that help reduce deployment costs, grow managed service revenues, earn higher margins and support more customers more efficiently. And, perhaps most importantly, the solutions help partners develop stronger, mutually beneficial relationships with their clients.
Some partners have told us they believe they will be able to increase their customer base by 25 percent to 50 percent with Small Business Server 2008. Other partners foresee 20 percent to 50 percent growth of their customer base with Essential Business Server 2008, which is a brand-new Microsoft product, because it allows them to more easily deliver products, consulting and deployment services for midsize clients.
Partners have forecast cost savings of 10 percent to 20 percent with the solutions, because they provide a consistent infrastructure partners can easily deploy to more customers. This means cost savings they can pass on to the client that free up budget for new business applications and capabilities, such as collaboration and support for remote or mobile workers. These applications in turn generate higher margins for partners and help them deliver greater value to their customers.
PressPass: How is Microsoft helping IT consultants take advantage of Windows Essential Server Solutions?
VanRoekel:Our partners were front and center as we built the Windows Essential Server Solutions. We collaborated with them throughout the whole product design, development and testing process. Our goal was to ensure they can implement and manage the solutions for customers in an easily repeatable manner. In addition, the Premium Editions of the solutions provide great platforms for the business applications that their customers want. The Remote Web Workplace feature helps partners easily support their customers’ mobile employees. And the solutions’ pricing provides partners with not only more upfront revenue, but also generous cost savings for clients.
We’re also making big investment in training, programs and offers to help partners take advantage of the solutions. In the next year we plan to train more than 25,000 partners through events and online tools, and at the Worldwide Partner Conference we expect to educate more than 2,000 partners. And, of course, Small Business Server 2008 and Essential Business Server 2008 are an important part of the current and future Microsoft Partner Program offerings.
We are also introducing a new online tool, called Solutions Pathway. This tool will allow partners to easily assess customers’ current investments in Microsoft server technologies, and then receive savings of approximately 30 percent or more on upgrades or migrations to the solutions.
Beyond this, we are rolling out a number of special offers, such as rebates of up to $200 (U.S.) for solution provider partners configuring Windows Small Business Server 2003 R2 for clients who acquire the software and purchase Software Assurance within a certain time period. Software Assurance will provide the upgrade to Small Business Server 2008 at no additional cost when it is available, with full access to support, tools and training.
PressPass: What opportunities do independent software vendors (ISVs) have with Windows Essential Server Solutions?
VanRoekel: Both Essential Server Solutions products are a great way for our software partners to meet the needs of SMB customers. The more than 160 applications certified to run on Windows Server 2008 will be compatible with Small Business Server 2008 and Essential Business Server 2008. Building on that, we are making software development kits available on the Microsoft Developer Network (MSDN), so software partners will be able to easily integrate their applications with the solutions’ central administration consoles. We estimate this will allow IT consultants and their customers to perform as much as 80 percent of their typical IT management tasks through one console, saving significant time and resources. This week we are introducing the Essential Business Server development center to provide guidance about application compatibility and integration, including how-to’s, downloads, templates and code samples.
At WPC this week, several of our software partners including CA, Citrix Systems, Symantec Corp. and Trend Micro Inc. are demonstrating their applications’ integration with Essential Business Server, which some of our beta testers are already using. We’re also showcasing Essential Business Server’s integration with other Microsoft applications, including Microsoft Dynamics, System Center Data Protection Manager and Microsoft Office SharePoint Server. CA, Symantec and Trend Micro plan to integrate their applications with Small Business Server 2008 too.
PressPass: Who are your hardware partners?
VanRoekel: Our hardware partners are excited about the new opportunities presented by the Essential Server Solutions to help our joint customers. There will be a wide variety of systems running or optimized for both products by the end of the year. AMD, Dell, HP, IBM and Intel are all demonstrating systems at the Worldwide Partner Conference this week. Fujitsu Siemens Computers and Wortmann AG in Europe also plan to deliver products built on both of the solutions. HP, IBM and Intel are integrating their hardware management software with Essential Business Server.
PressPass: What is the one thing you would like partners to take away from this interview?
I hope our partners will download and evaluate the Windows Essential Server Solutions and take advantage of the wealth of training and guidance we are providing as we progress toward launch. We are investing in their success, and the success of their customers.
Subscribe to:
Posts (Atom)
