Vol. 12, #36 - Sep 17, 2007 - Issue #642
Ready, Set, Shop for Virtualization Products
|This issue of WServerNews is sponsored by|
- Editors Corner
- Ready, Set, Shop for Virtualization Products
- Should Governments Be Allowed To Install Spyware?
- How Much Time For Equipment Maintenance?
- Webcast: Protecting Exchange Against Spam, Viruses, and Phishing
- Quotes of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- Exchange 2007 Service Pack Beta Released
- The Defenseless Defender
- Critical September Patch Could Hit Windows 2000 SP4 Systems
- The 'Bossie' Awards For Open Source Code
- Windows Hot-Add Memory Hurts Exchange Server Performance
- Worm Spreading Through Skype
- Experts: "Microsoft Changes Windows Files Without Permission"
- Tip: SQL Server Stored Procedures You Should Know About
- Windows Server News
- Ready, Set, Shop for Virtualization Products
- WServer Third Party News
- Hard Times On The HIPAA Front. Worried About Audits?
- Hackers Update Malware Tool Kit, Add First Zero-Day Attack Code
- Live Webinar - Replication and Recovery of Exchange 2007, with Microsoft Guest Speaker
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- The Most Versatile Active Directory Tool Available.
Active Directory - Activated like never before!
Just released, rDirectory 2.0!
Tap into Active Directory's potential
with composable web applications you can deploy in minutes. New &
improved rDirectory 2.0 combines an easy to use designer with templates
and preconfigured applications for secure solutions that leverage your
existing AD. It's the perfect system: a self-editable directory, a template
driven account creation tool, a way for users to create and self-subscribe
to email lists and groups, a self-service password reset utility, a valuable
tool for any help desk and more. Discover the flexibility of rDirectory
and new ideas on how to leverage AD will start popping up. See why customers
call rDirectory the "the most versatile Active Directory tool available."
Ready, Set, Shop for Virtualization Products
This issue we have a special report in the WINDOWS SERVER NEWS
section about virtualization. You should definitely read it if you
plan or are already using VMs of either VMware or Microsoft, as the
conclusions are quite interesting from your budget-perspective!
Should Governments Be Allowed To Install Spyware?
First, thanks for the many responses. Out of the hundreds of you that
responded, I picked one that takes a very interesting perspective:
Pat McDermott-Wells sent me this: "I teach a required course in
Ethics & Computers in Society at the School of Computing & Information
Sciences at Florida International University in Miami. This is one
of the topics that we debate in the course. In addition to using
spyware, are we willing to let the government:
Spyware was recently used in this country by the FBI to apprehend a
student who was making bomb threats to his high school. Link at:
- increase its use of CCTV in public venues?
- use biometric scanning information (facial scanning at the Super
Bowl in Tampa)?
- pull our phone, cell phone, and web surfing history from vendors
and ISPs (or listen in real-time)?
- monitor our movements via GPS, cell phones, OnStar?
- institute a national ID card (or body chip embedded in our arms)?
One need only research the FBI Carnivore program to see that this is
not a new endeavor. The IRS has launched web bots to watch online
purchasing activity. International phone calls have been monitored by
our intelligence agencies almost since the first transatlantic phone
cables were laid.
All of these issues constitute the "slippery slope" which we as citizens
are asked to navigate. Bluntly asked about any of these issues, most
people will strongly respond "No!". But if you then ask those same
people the same question but with this approach - "If you knew that
another 9/11 attack would be stopped before it occurred, would you
agree to this government action?" - many people will then readily
agree. In straw polls in my classes, a solid majority will now agree.
After all, the reasoning goes, if one is not doing anything illegal,
there is nothing to fear from government scrutiny.
The troubling aspect is that while this technology can be used for
tremendous good, in the wrong hands it can be used against our own
citizens for personal or political gain. It therefore increases the
risk of handing power to a tyrant. So this now becomes a question of
degrees: When it is appropriate to use this technology? Under what
circumstances? And, as is the case with most major ethical decisions,
it can be boiled down to two central questions: "Where do you draw the
line between acceptable and unacceptable?" And "Who decides where that
line should be drawn?".
And as somewhat of an answer to this, a significant section of you
came back with, "If a Judge issues a warrant, it's OK."
How Much Time For Equipment Maintenance?
Sunbelt and Yankee have a quick 5 minute survey about hardware & server
OS reliability. At the end of the survey, you have the chance to color
your information with comments about your experience of patching and
repair. This survey will be used by Yankee Group to identify the relative
time undertaken to keep equipment maintained. Please take 5 and I will
report back the results in a coming issue:
Webcast: Protecting Exchange Against Spam, Viruses, and Phishing
Securing your Exchange Server is key to protecting your enterprise
environment from spam, viruses, and phishing. You're invited to join
Sunbelt Software for the webcast: "Protecting Your Organization from
Spam, Viruses, and Phishing". In this webcast, Alex Eckelberry,
president and Greg Kras, VP of Product Management for Sunbelt Software
will explain the benefits of using an 'all-in-one' integrated and
policy-based email security solution versus separate products on your
Exchange Server for antivirus, antispam, attachment filtering, and
Learn how Ninja Email Security helps you to fight spam, viruses, trojans,
phishing and other email security threats with a series of 'best-of-breed'
plug-ins, at a lower cost and in 'Half The Admin Time':
When: Tuesday, September 18, 2007 2:00 PM (EDT)
Please register here:
Quotes of the Week
"There is no way to peace; peace is the way." -- A. J. Muste
"Even peace may be purchased at too high a price." -- Benjamin Franklin
"First they ignore you, then they laugh at you, then they fight
you, then you win." -- Gandhi
Thank you for being a WServerNews subscriber.
Exchange 2007 Service Pack Beta Released
Exchange Server 2007 reached the next step in its lifecycle with a
community technology preview (CTP) of its first service pack. Redmond
announced the release of beta 1 of SP1, available to MSDN and TechNet
subscribers. The service pack includes a great deal of added
functionality, much more than is often seen in an SP1 release. Some
of the upgraded features of SP1 include greater interoperability
with the as-yet-unreleased Windows Server 2008, more integration
with Office Communications Server 2007, a better Outlook Web Access
(OWA) experience, and improved disaster recovery functionality. More:
The Defenseless Defender
Here's the story of one European nation that left the doors to its
Defense department Web site wide open. It was Sunbelt researchers
that found this hole! eWEEK created a slide show with this one:
Critical September Patch Could Hit Windows 2000 SP4 Systems
IT managers got a light load of patches this month with only one rated
critical. Searchwindowssecurity has the details:
The 'Bossie' Awards For Open Source Code
This week InfoWorld announced the winners of the Bossie awards, honoring
the "Best of Open Source Software" for business.
Windows Hot-Add Memory Hurts Exchange Server Performance
Microsoft Windows Server operating systems that support hot-add memory
can unintentionally deplete Exchange Server 2003's kernel-paged pool memory
and cause serious performance problems. Prevent and resolve hot-add memory
issues on Exchange with these performance troubleshooting options.
Worm Spreading Through Skype
Sans warned that a worm spreading through Skype's instant messenger
"injects code into the Explorer.exe process to force it to run the
actual malware;" it also puts phony entries in the Windows hosts file to
prevent security software from getting updates. A number of anti-virus
companies "have already updated their signature definitions to detect and
delete the new malware." The worm spreads by sending itself to contacts
from infected machines. Here is more at the Internet Storm Center:
Experts: "Microsoft Changes Windows Files Without Permission"
Microsoft's update system is changing files on both XP and Vista -- even if
a user disables automatic updates. Microsoft, however, calls it built-in
behavior and no cause for alarm. Scott Dunn at the Windows Secrets site
has all the details. This is an interesting read:
Tip: SQL Server Stored Procedures You Should Know About
How can SQL Server stored procedures be helpful if you don't know they
exist? In this tip, database architect Denny Cherry shares 18 handy
stored procedures that have gone undocumented by Microsoft.
||Windows Server News
Ready, Set, Shop for Virtualization Products
To follow up on last week's item about Redmond's new Virtual Server
manager, here is more news. VMWare's VMWorld customer conference held
in California this past week featured the usual parade of products and
vendor partnerships announced amidst the standard hype.
But the most interesting news at the conference happened behind the scenes.
VMWare, the current market leader with approximately 60% market share, is
getting ready to discount its Virtual Center pricing and offer new bundles
and promotions before year's end, according to resellers familiar with the
company's upcoming initiatives.
VMWare's anticipated price cuts are not prompted by a feeling of holiday
cheer; it's to block their chief competitor Microsoft. Redmond has only
half of VMWare's market share -- about 30% -- and is working hard to catch
up. Right now, as many of you know, VMWare's Virtual Center is the leader
in terms of features and functionality. Microsoft will roll out a major
beta of its Hypervisor technology code named "Viridian" by year's end.
Viridian though, won't be available in 'gold code' general release until
earliest June 2008, at least 6 months after W2K8 ships. So meanwhile,
Microsoft is playing its trump card: pricing. Their executives held a
series of customer and press briefings of their own during VMWorld to
showcase how their list prices favorably compared to VMWare. And hard
as it is to believe, Microsoft list pricing is anywhere from 42% to
roughly 75% cheaper than VMWare's current retail pricing.
I was surprised since Microsoft is not known for being a discount software
vendor. I reviewed the retail prices (based on publicly available list
pricing from both Microsoft and VMWare's respective Websites) and confirmed
it for myself.
Right now, a list price 'apples-to-apples' comparison of Microsoft vs.
VMWare shows that Microsoft's Virtual Server costs about 50% less in a
Single Server entry level configuration and two-thirds or 66% less in
an enterprise configuration. In a 10 server configuration that includes
management and Windows Server licenses, VMWare VI3 Virtual Server
platform (including management and Microsoft Virtual Server licenses)
retails for $58,750 compared with $33,600 for Microsoft's Virtual
Server in a comparable configuration. Yes, I know that no one pays
list price, but it gives you an idea of the pricing disparity that
exists between the two platforms right now.
The big irony and main reason VMWare costs more is because anytime a
corporate customer purchases VMWare's virtualization offering they also
have to buy a Windows Server license (or a Red Hat or Novell server
license if using Linux) on top of paying for the VMWare offering.
Microsoft -- and the Linux vendors like Red Hat include virtualization
for free as part of the baseline server OS. Ironically, the need to
purchase client access licenses on top of a Windows Server license
is the very reason that Windows list pricing is more expensive than
comparable Linux offerings.
The catch in this equation is that you get what you pay for. Microsoft's
current virtualization product is a 1.0 release. Any business that
needs best of breed right away should stick with VMWare or one of
the smaller niche market players like Cassatt, Egenera, SWSoft or
Virtual Iron to name just a few. But if your business is price
driven and "good enough" will suffice for the time being until
Viridian ships, then you might want to consider Microsoft's Virtual
The bottom line is that the competition in the virtualization market is
fierce. And competition is good leverage for corporate customers. The
last Virtualization survey Sunbelt conducted earlier this year, showed
that nearly one-third of organizations plan to deploy virtualization
solutions from multiple vendors in their shops. Again, this bodes well
for increasing your bargaining power with all the vendors since they
will be anxious to gain and retain your business. I've given you some
sample prices to judge for yourself. But don't just take my word for
it. Call your vendors and resellers and ask them to give you some
price quotes. Happy Shopping!
Single Server Configuration for Virtualization
Windows Server Enterprise License $2,400 $2,400
VMWare VI3 Platform $3,750 $0
VMWare Virtual Center $0 $0
Microsoft Virtual Server/Hypervisor $0 $0
Microsoft System Center Server Mgmt Suite $0 $860
HA/Clustering $2,000 $0
Dynamic Resource Mgmt $2,000 $0
Back up $500
Total $10,650 $3,260
||WServer Third Party News
Hard Times On The HIPAA Front. Worried About Audits?
ComputerWorld has a very good story if you are in the Healthcare
space, and are supposed to be HIPAA compliant. They started out
with: "It's been a week of bad news for lazy or sloppy healthcare
organizations. An employee fired after a security breach of
protected health information filed a wrongful termination suit
against his former employer, and it may have merit because of poor
policies. A community health care provider hacked by a disgruntled
employee may be dragged into a compliance quagmire because it's not
clear that the organization took basic steps to revoke his access.
And to top it off, the U.S. Department of Health and Human Services
(HHS) is starting to swing the enforcement rule -- a dowdy part of
the Health Insurance Portability and Accountability Act (HIPAA) that
few people read -- like a scythe in a field of weedy policies and
overgrown practices. Worried about audits?
The first HIPAA audit by the HHS has been widely reported. Atlanta's
Piedmont Hospital received notice of the audit, and much has been
made of the information requested. But did we not see this coming?
If you need an affordable, and military-spec vulnerability scanner:
Hackers Update Malware Tool Kit, Add First Zero-Day Attack Code
Yup. There are now basically commercial-quality tools to create
malware. And those tools get updates as well. ComputerWorld had
the scoop: "A new version of the IcePack hacker exploit tool kit has
been released, security researchers warned today, and for the first time
it includes attack code designed to exploit an unpatched, or zero-day,
Three of IcePack's eight exploit tools are new, said Roger Thompson,
chief technology officer at Exploit Prevention Labs Inc. That's noteworthy
in and of itself, Thompson said. "The mix of old and new exploits is to
be expected, but three new ones in one update is pretty impressive," he
noted. Here is the story:
If you need industrial-strength, enterprise anti-malware, check out
CounterSpy Enterprise. The definitions file now has 1.5 million threat
Live Webinar - Replication and Recovery of Exchange 2007, with Microsoft Guest Speaker
Date: September 18th, 2007
Time: 11am - 12pm EST
- Bob Roudebush, Director of Solutions Engineering, Double-Take Software
- Patrick Foley, Technical Evangelist, Microsoft
Exchange Server 2007 represents a new platform for messaging,
collaboration and communication from Microsoft. It creates new
opportunities for e-mail data protection and availability including
Exchange-specific replication capabilities for the first time with the
inclusion of Local Continuous Replication (LCR) and Continuous Cluster
Replication (CCR) for Exchange data. Together, the protection and
recovery capabilities of Double-Take Software combined with the new
recovery features within Exchange 2007 provide an end-to-end solution
for Exchange protection, eliminating single points of failure and
providing the utmost flexibility and redundancy for your
business-critical Exchange messaging data.
Please join this webinar to learn how Double-Take Software solutions for
Exchange and Exchange 2007 can:
- Provide a third copy of Exchange data replicated to a remote
server for disaster recovery or remote availability purposes
- Provide an additional level of protection for Exchange 2007
server Hub and Transport, Mailbox Server and Client Access Server roles
by replicating the data using asynchronous, byte-level replication to
- Provide remote availability and disaster recovery of Microsoft
Clusters running Exchange Server 2007
||WServerNews FAVE Links
This Week's Links We Like. Tips, Hints And Fun Stuff.
||WServerNews - Product of the Week
The Most Versatile Active Directory Tool Available.
Tap into Active Directory's potential with composable web applications
you can deploy in minutes. New & improved rDirectory 2.0 combines an
easy to use designer with templates and preconfigured applications for
secure solutions that leverage your existing AD. It's the perfect system:
a self-editable directory, a template driven account creation tool, a way
for users to create and self-subscribe to email lists and groups, a
self-service password reset utility, a valuable tool for any help desk
and more. Discover the flexibility of rDirectory and new ideas on how to
leverage AD will start popping up. See why customers call rDirectory the
"the most versatile Active Directory tool available."