RSS | MY PROFILE | PRIVACY 

Vol. 20, #20 - May 18, 2015 - Issue #1030

Supporting Java in the enterprise

  1. Editor's Corner
    • Supporting Java in the enterprise
    • Keep those SSDs powered on!
    • Takeaways from Microsoft Ignite
    • Detecting QUANTUMINSERT
    • Interplanetary datacenter?
    • Send us your feedback
    • Recommended for Learning
    • Microsoft Virtual Academy
    • Free White Paper: Best Practices Guide for IT Governance and Compliance
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. This Week's Tips
    • Automating Disk Cleanup
    • Use VBA to set zoom level for Outlook emails
    • Test drive Windows Server TP2 in the cloud
  4. Events Calendar
    • Americas
    • Europe
  5. Webcast Calendar
    • Expert Webinar: What does Windows Server 2003 End of Support mean for your business?
    • Register for Webcasts
  6. Tech Briefing
    • Citrix
    • Networking
    • VMware
    • Windows PowerShell
    • Windows Server
  7. Recommended TechGenix Articles
    • Recommended articles from websites in TechGenix Network
  8. Windows Server News
    • Scaling secure networks in the cloud
    • Microsoft Hyper-V Containers the latest Docker embrace
    • Three VDI endpoints go head to head
    • No guarantees with CPU affinity
  9. WServerNews FAVE Links
    • Legends Of Aviation
    • Amazing Realistic 3D Drawing
    • Beautiful Martial Arts Performance
    • Bohemian Rhapsody
  10. WServerNews - Product of the Week
    • Deep Packet Inspection for Quality of Experience Monitoring

 

Deep Packet Inspection for Quality of Experience Monitoring

Read this whitepaper to get a detailed description of packet analysis techniques to measure high network response times, network delay, server processing times, client processing time, traffic distribution, and overall quality of experience.

Download Now>>

 

Editor's Corner

In last week's newsletter we included an Ask Our Readers request from a reader who wanted to know more about how to support Java applications in an enterprise environment. Many organizations are wary about running Java applications because of ongoing security concerns with the platform. In this week's issue we'll hear from two individuals who address this matter in detail. We also have other news, tools, tips and fun stuff to enlighten and entertain our almost 100,000 IT pro subscribers around the world.

But while we're at it how about letting your colleagues know about our newsletter? Tell them they can subscribe to WServerNews by going here:

http://www.wservernews.com/go/1431772992703

How's that for some "hard sell" in action? Remember, (A)lways (B)e (C)losing!

But if you want to see some real "hard sell" at work, check out how Dogbert mercilessly flogged his new technology magazine in this classic Dilbert comic strip from 2001:

http://www.wservernews.com/go/1431772995359

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at wsn@mtit.com

Supporting Java in the enterprise

In Issue #1029 The latest on Windows 10, we included the following section:

Ask Our Readers - How to support Java in the enterprise?

In the Mailbag section of the previous Issue #1028 IT salaries: good, bad or ugly? we included some reader suggestions for tools you can use to determine what's filling up the disk on a Windows client or server system. One of our readers named James recommended Java-based utility called JDiskReport but I responded that this wouldn't work for admins who have security concerns about having the Java JVM on systems they manage. When this week's issue of WServerNews appeared he sent us another email containing an important question that some of our readers may want to try and respond to:

Reading today's issue of WServerNews I noticed you mentioned my recommendation for a volume usage analyzer and concern over using Java in the enterprise. Sadly, as I'm sure is true for other readers, Java is a necessary evil as a number of standalone and web applications here at the university require this platform. Oracle has tried of late to mitigate security risks, which is great, but in the process has created new headaches for administrators and end users. Now that Google announced dropping support for NPAPI in version 45 of Chrome, things will only get worse. We're already fielding support calls as NPAPI is disabled in current version.

I would be interested in hearing how other enterprise admins are handling Java and other high risk third party software. We have been able to uninstall on a handful of system but in general our strategy has been protect workstations (firewall/IPS, blacklists, EMET, GPO's, virus protection) and keep Java up to date using App Deployment Toolkit through SCCM. Speaking of keeping Java updated… Is it just me or is Oracle intentionally making Java more difficult to support in an enterprise? 

Several readers responded to this request and we wanted to feature two of them in this issue. The first contribution is from David Morris, an IS Systems Manager from the USA who says:

I'm writing to address the recent questions about Java in the Enterprise, specifically around security concerns. There's quite a bit of FUD and misinformation in the industry about Java, even among Java shops who should know better.  I know, because I've been a party to Norex calls with other Java shops panicking about Java security that wasn't even relevant to how they used Java.  The media screams about a Java "vulnerability" without distinguishing between Java deployment approaches, and then everyone with any association with Java panics.  Just as some people still believe there's a relationship between Java and JavaScript (there isn't. At all.), some believe that Java is a monolithic runtime that's only used and deployed in one way.  Not the case at all.

Avoiding applets, and a reliance on the Java browser plugin, will plug nearly all major vulnerabilities.  Our enterprise development has been largely Java for well over a decade now, and we've avoided applet development like the plague. Browser plugins introduce a much larger "surface area" to be attacked than a local client or server installation of a Java runtime.  They essentially punch a hole in your firewall and allow rogue remote code to execute within your browser -- if the sandbox is compromised due to an exploit, you've just granted the enemy access to your local environment and the corporate network.

We've developed and deployed many dozens of Java applications across our enterprise, but none are run from a browser -- that was a conscious decision we made from the start. Unfortunately, we do have some purchased 3rd party solutions that require applet support, and those have been our only real pain point.  When faced with a mandatory Java upgrade to patch a security hole (as with Java 7 prior to Update 51 a couple years ago), we've struggled to find a secure, compatible Java version that all of these apps were compatible with, since you can only have a single "system" JRE active (which happens to also provide the plugin).  We're leaning on our vendors to reduce or eliminate the applet requirement, and I would love to see Oracle drop support for applets and deprecate their use.  Unlikely, considering they now push it as a selling point for JavaFX, the successor to Swing that allows you to write your GUI once and run as thick client or web -- my fear is shops will be attracted to this "feature" without understanding its consequences.

Outside of the browser, with proper traditional client and server security (firewalls, ACLs, etc.), Java runtimes have historically carried very little risk (nearly all such risks were of internal attack, not external).  Unlike with the browser plugin, which is owned by the one-and-only "system" JRE, you can deploy multiple Java client runtimes and point each application to their own version if necessary, making Java upgrade impact less of an issue.  We've adopted this model with our enterprise Java deployments, where the app bundles its desired JRE and runs independent of the "system" JRE or any other JRE on the same host.

Our second contribution on this topic comes from Jeremy Moskowitz, a long-time Microsoft MVP in the technical expertise area of Group Policy. Jeremy runs a popular site called GPanswers.com and is the Founder of PolicyPak Software. Here's what Jeremy had to say on this topic:

So, as a Group Policy MVP, when I was posed the question of "How are we supposed to manage X in the enterprise?" I built a company around it. And we've been going like gangbusters since 2012. We manage hundreds of applications, like Java, Firefox, Flash and everything else nearly-impossible to manage.

Here are some videos on how we manage Java:

http://www.wservernews.com/go/1431773005109

And we have hundreds of thousands of seats under management doing it this way.

Other popular Paks are available for managing Firefox:

http://www.wservernews.com/go/1431773007234

and Microsoft Lync Client:

http://www.wservernews.com/go/1431773009046

We also have one for managing Internet Explorer:

http://www.wservernews.com/go/1431773011046

where we manage more than Group Policy normally can do.

So PolicyPak doesn't REPLACE Group Policy or SCCM or what people are using to DEPLOY software. We simply manage it. And keep it locked down so users cannot work around the settings. While our tool is general purpose, we have dozens and dozens of pre-configured Paks:

http://www.wservernews.com/go/1431773013609

Be sure to also check out Jeremy's site GPanswers.com where he maintains a blog and has some additional resources on Group Policy and offers both live and online training:

http://www.wservernews.com/go/1431773016671

Readers who have further thoughts or questions about managing Java or anything else in enterprise environments can direct their comments to us at wsn@mtit.com

And now on to some other news that might be of interest for IT pros...

Keep those SSDs powered on!

KoreLogic has a blog post that suggests that removing an SSD from a computer and keeping it on the shelf without any power source may cause it to start losing data after only a few weeks have passed:

http://www.wservernews.com/go/1431773021453

The above blog post also refers to a presentation from the Joint Electron Device Engineering Council (JEDEC) also suggests that for each 5 C increase in temperature the data retention period for SSDs is approximately halved--see page 27 of this PDF:

http://www.wservernews.com/go/1432029829812

This may have interesting legal implications for using SSDs for archival storage that organizations might want to think about as SSDs gradually replace HDDs. What do you think? Email us at wsn@mtit.com

Takeaways from Microsoft Ignite

Here's how a few tech commentators have summed up everything Microsoft announced at Ignite 2015:

Michel de Rooij

http://www.wservernews.com/go/1431773027093

Nik Patel

http://www.wservernews.com/go/1431773029031

Office365MVPs.com

http://www.wservernews.com/go/1431773031890

MSExchangeGuru.com

http://www.wservernews.com/go/1431773034250

365Ninja.com

http://www.wservernews.com/go/1431773039046

Spbreed's Blog

http://www.wservernews.com/go/1431773042140

What do you think were the most important announcements (or omissions) at Ignite? Let us know at wsn@mtit.com

Detecting QUANTUMINSERT

Schneier on Security has article on how to detect man-on-the-side Internet attacks like the NSA's QUANTUMINSERT:

http://www.wservernews.com/go/1431773045281

The comments at the bottom of this blog post make for some interesting reading...

Interplanetary datacenter?

Is Microsoft or Amazon or Rackspace or some other company building a datacenter for their cloud on the asteroid Ceres? It sure looks like it on this photo from NASA's Dawn spacecraft which is currently orbiting Ceres:

http://www.wservernews.com/go/1431773048703

Got any other ideas what this strange artifact might be? Email us at wsn@mtit.com

Send us your feedback

Got feedback about anything in this newsletter? Let us know at wsn@mtit.com

Recommended for Learning

The Microsoft Press Blog has an announcement about a new book:

Virtualizing Desktops & Apps with Windows Server 2012 R2 Inside Out

Dive into Windows Server 2012 R2 virtualization—and really put your systems expertise to work. Focusing on both virtual desktop infrastructure and virtualized applications, this supremely organized reference packs hundreds of timesaving solutions, tips, and workarounds. Discover how the experts tackle Windows virtualization— and challenge yourself to new levels of mastery.

http://www.wservernews.com/go/1431773052015

Microsoft Virtual Academy

Some announcements from the Microsoft Virtual Academy:

On-demand:  Azure IaaS for IT Professionals

Check out these free on-demand courses to get technical insights and tips from Microsoft Azure experts.  Build on your foundational cloud skills, and prepare for Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions:

http://www.wservernews.com/go/1431773063109

On-demand:  Windows 10 Technical Preview Fundamentals for IT Pros

For a sneak peak at Windows 10, watch this course as our expert instructors explore improvements to help you meet your enterprise IT and security challenges:

http://www.wservernews.com/go/1431773066250

Free Microsoft Press Ebook - Introducing Windows 10 for IT Professionals, Preview Edition

Get a head start evaluating Windows 10—with early technical insights from award-winning journalist and Windows expert Ed Bott. This guide introduces new features and capabilities, providing a practical, high-level overview for IT professionals ready to begin deployment planning now. Details and download link here:

http://www.wservernews.com/go/1431773068515

Free White Paper: Best Practices Guide for IT Governance and Compliance

This white paper details three critical steps for maintaining compliance with external regulations and internal security policies: assess the environment and controls; audit and alert on unapproved user activity; and develop remediation procedures.

It then goes on to discuss four key external regulations that are driving companies to prepare for an IT compliance audit. Finally, we discuss the best practices for implementing a compliance solution that will minimize stress during an organization's next IT compliance audit.

Sign up for the white paper today.

Quote of the Week

"Just because something doesn't do what you planned it to do doesn't mean it's useless." --Thomas Edison

Until next week,
Mitch Tulloch

BTW feel free to follow me on Twitter and connect with me on LinkedInNote to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at wsn@mtit.com and we'll try to troubleshoot things from our end.

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Get the info, find the issues and pro-actively fix them. Simplify and automate day-to-day, time-consuming tasks or get an update on that global project you are running, Lansweeper offers you the tools.
http://www.wservernews.com/go/1431773611625

Veeam Endpoint Backup FREE is a standalone solution for backup of your physical computers. At no cost, you can protect your home or work Windows-based desktops, laptops and tablets. Download now!
http://www.wservernews.com/go/1431773614046

Read this free eBook and find out how to calculate the true return on investment (ROI) involved in maintaining traditional storage solutions for email archiving and Exchange management.
http://www.wservernews.com/go/1431773616468

Microsoft's free Rights Management Services Analyzer Tool lets you check the settings, configuration, and behavior of your RMS infrastructure and client applications that use RMS.
http://www.wservernews.com/go/1431773618750

Azure DocumentDB Data Migration Tool enables movement of data from various data sources into DocumentDB.
http://www.wservernews.com/go/1431773620953

 

This Week's Tips

This week we have tips on how you can automate the Disk Cleanup tool in Windows, how you can use VBA to set zoom level for all emails in the Reading pane of Microsoft Outlook, and how you can get started playing around with Windows Server Technical Preview 2 if you don't have a spare server system to install it on.

Automating Disk Cleanup

To reclaim disk space on a Windows system you can run Disk Cleanup by opening the properties of your system drive. But is it possible to automate this process? Yes you can by using the below Windows PowerShell script which was provided to us by Amrinder Singh Chadha, a Senior IT Program Manager at Microsoft. The script should work on any version of Windows that has PowerShell v3 or higher. Note that this script is provided "as is" with no warranties or guarantees, so use it at your own risk. You can download it here:

http://www.wservernews.com/go/1431778169593

Use VBA to set zoom level for Outlook emails

While you can manually change the zoom level of an email in the Reading pane of Outlook 2010 or 2013 by using the zoom slider on the right of the Status bar, the new setting you select doesn't persist and you'll have to change the zoom each time you read a new email message.

Fortunatley there's a workaround as this article on Slipstick Systems explains. The workaround is to run the Visual Basic for Applications (VBA) macro outlined in the section "Set the zoom level using VBA" on this page:

http://www.wservernews.com/go/1431773895328

Test drive Windows Server TP2 in the cloud

Jose Barreto, a Principal Program Manager on the File Server team at Microsoft, tweeted that the image named "Windows Server Technical Preview" in the Microsoft Azure library is actually build 10074 or Technical Preview 2 of the product. So if you have an MSDN subscription and have activated your free Azure benefits you can test drive the latest version of Windows Server without needing to install it on a physical server system. And even if you don't have an MSDN subscription you can still try out Microsoft Azure for one month at no cost by going here:

http://www.wservernews.com/go/1431773898578

While you're at it be sure to check out Jose's blog:

http://www.wservernews.com/go/1431773900796

You can also follow him on Twitter:

http://www.wservernews.com/go/1431773905375

GOT TIPS you'd like to share with other readers? Email us at wsn@mtit.com

Events Calendar

North America

Microsoft Worldwide Partner Conference (WPC) on July 12-16 in Orlando, Florida USA
http://www.wservernews.com/go/1431773972734

AWS re:Invent on October 6-9 in Las Vegas, Nevada USA
http://www.wservernews.com/go/1431773974406

Europe

Microsoft TechDays 2015 on May 28-29 in the Hague, Netherlands
http://www.wservernews.com/go/1431773976687

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact michaelv@techgenix.com

Webcast Calendar

Expert Webinar: What does Windows Server 2003 End of Support mean for your business?

Windows Server 2003 End of Support presents a number of challenges for your business. Ignoring the problem isn’t a great strategy as no more support and no more updates will put your organization at risk sooner or later.

Hear from our expert panel on: 

And learn how a real life customer embarked on their new journey.

Webinar Details:
Date: Tuesday, 19th May 2015
Time: 3pm GMT & 10am EST
Duration: 45 minutes

Sign up today!

Register for Webcasts

Add your Webcast

PLANNING A WEBCAST you'd like to tell our subscribers about? Contact michaelv@techgenix.com

Tech Briefing

Citrix

Securing a NetScaler (Johannes Norz)
http://www.wservernews.com/go/1431774152093

Installing and Configuring Citrix XenApp/XenDesktop 7.6 (Part 4) (VirtualizationAdmin.com)
http://www.wservernews.com/go/1431774154078

Networking

Cisco ACI - Switch Profiles and Interface Policies (VirtualizationAdmin.com)
http://www.wservernews.com/go/1431774158031

Interacting with TCP/IP Through PowerShell (Part 2) (WindowsNetworking.com)
http://www.wservernews.com/go/1431774160250

VMware

Set Lockdown Mode in vSphere 6 via PowerCLI (vTagion)
http://www.wservernews.com/go/1431774171250

vCloud Air DRaaS – Improvements (VMFOCUS)
http://www.wservernews.com/go/1431774173859

Windows PowerShell

Use PowerShell to Extract Zipped Files (Hey, Scripting Guy! Blog)
http://www.wservernews.com/go/1431774176968

PowerShell Essentials (Part 9) (WindowsNetworking.com)
http://www.wservernews.com/go/1431774180046

Windows Server

Getting Started With Azure Pack (Part 1) (VirtualizationAdmin.com)
http://www.wservernews.com/go/1431774182390

Reporting Application of GPOs on Remote Computers and Generating A Report (Part 2) (WindowsNetworking.com)
http://www.wservernews.com/go/1431774186500

 

Recommended TechGenix Articles

Cloud Data Jurisdiction: The provider, The Consumer and Data Sovereignty
http://www.wservernews.com/go/1431774457937

Importing a Virtual Machine into Amazon EC2 (Part 3)
http://www.wservernews.com/go/1431774460046

Sharing the Load – Securely
http://www.wservernews.com/go/1431774462312

Getting Started With Azure Pack (Part 2)
http://www.wservernews.com/go/1431774464031
 
Interacting with TCP/IP Through PowerShell (Part 3)
http://www.wservernews.com/go/1431774466015

Windows Server News

Scaling secure networks in the cloud

Zero trust security policies can be difficult to scale in physical implementations due to the fact that a single device has to filter all traffic.  Fortunately, if you choose to utilize virtualization and cloud, IT can overcome that challenge and scale them successfully. Find out how to achieve zero trust security in the cloud today.
http://www.wservernews.com/go/1431774534875

Microsoft Hyper-V Containers the latest Docker embrace

Microsoft is continuing to push for Docker with new Hyper-V Container tools for greater application isolation, casting a wider net and targeting security concerns with it.  Still, despite Docker's popularity, lingering questions remain. Get an exclusive look at what the experts are saying about Microsoft's big push for Docker.
http://www.wservernews.com/go/1431774537453

Three VDI endpoints go head to head

Admins used to focus solely on the back-end infrastructure necessary to deliver desktop services, and not on client endpoints. Today, they can now provide users with the hardware that makes it possible to access their virtual desktops. Get an inside look at three varieties of hardware you can deploy for virtual desktop users so you can deliver solid VDI from the back end to the front.
http://www.wservernews.com/go/1431774539640

No guarantees with CPU affinity

CPU affinity is an often misunderstood resource control in vSphere.  Controlling the delivery of CPU resources to a VM is a key part of performance management, but it's usually unwise to configure a CPU affinity on a VM for a variety of reasons. Learn more in this helpful guide today.
http://www.wservernews.com/go/1431774542750

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at wsn@mtit.com

Legends Of Aviation

Aviation showreel featuring the Patrouille Suisse, Red Arrows, Breitling Super Constellation, Swiss Airbus A330, Rimowa JU-52 and many others:
http://www.wservernews.com/go/1431774603562

Amazing Realistic 3D Drawing

An amazing, realistic 3D drawing of a glass of water that will blow your mind:
http://www.wservernews.com/go/1431774605312

Beautiful Martial Arts Performance

A beautiful performance by the 'China Youth' team showing the elegance of Chinese traditional martial arts culture:
http://www.wservernews.com/go/1431774607750

Bohemian Rhapsody

Queen's Bohemian Rhapsody played by a 81 key Marenghi Organ built in 1905:
http://www.wservernews.com/go/1431774609734

WServerNews - Product of the Week

Deep Packet Inspection for Quality of Experience Monitoring

Read this whitepaper to get a detailed description of packet analysis techniques to measure high network response times, network delay, server processing times, client processing time, traffic distribution, and overall quality of experience.

Download Now>>

 

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.