Feed: Planet V12n
Posted on: Tuesday, June 03, 2008 11:28 AM
Author: Planet V12n
Subject: Hyper-V could benefit from VMware’s Xen-based competition (Server Virtualization Blog)

If Hyper-V doesn’t convert the VMware faithful as soon as Microsoft makes its hypervisor generally available later this year, it may get a little help from its friends: Xen-based virtualization platforms.

Some like IT consultant Ardalan Dlawar believe that Microsoft will leverage support for Xen-based platforms to increase competition with VMware. “And Xen will have more third-party support and fewer compatibility issues,” according to Dlawar.

Despite user arguments that ;Hyper-V will have to deliver more than a lower price tag to win users, Hyper-V will certainly get consideration from many VMware customers. While organizations want to maximize their VMware investment, especially enterprise customers which deploy tens or hundreds of VMware virtual machines, Hyper-V evals will most likely be deployed, according to Andi Mann, the research director at Boulder, Colo.-based Enterprise Management Associates (EMA).

Based on a survey of more than 600 enterprises, EMA found about 30% of enterprises have already planned a Hyper-V deployment even with Hyper-V’s general availability several months away. In addition, Microsoft is actually within 10% of VMware in current and planned enterprise deployments according to EMA’s data. Also consider this EMA finding: Xen-based platforms already account for more than 40% of current or planned deployments, the data suggests that the market demand for VMware alternatives won’t disappear.

“VMware is still way out in front in server virtualization,” said Mann, “but both Microsoft and Citrix Systems are definitely catching up.”

Of course, VMware and Microsoft aren’t the only options available. As managers continue utilizing toolsets available from Xen-based products such as Citrix’s XenServer and Virtual Iron Software, VMware and Microsoft are both working on tool sets that enable users manage their virtualization counterparts respectively.

“Both VMware and Microsoft understand that they are not going to be the only players on the market, they recognize that customers are leveraging their competitors’ technology in different parts of their businesses,” according to Adnan Hindi, the VP of operations at ScienceLogic in Reston, Va. Hindi said that companies like his, which produces cross-platform appliances, will benefit from multiple-platform virtual landscapes. As shops continue to see benefit in the utilities that Xen-based products offer, Hindi sees a universal virtualization tool set ultimately working itself out; these tools would essentially equalize platforms in the market and dilute decision making in choosing a virtualization platform largely down to cost.

Over the past year, there’s been a lot of talk about VMware’s cost of VMware. But the price of VMware Server is right for small businesses, said Brett Riale, an IT consultant in Pittsburgh, who feels “truly blessed that programs as functional as VMware Server have been released for free.” Riale is hesitant to trust another Microsoft virtualization product after “the debacle” that was Virtual Server 2005. “Unless it absolutely outperforms VMware,” Riale said that he won’t consider Hyper-V in the near future. And Dave Baughman, a systems administrator for Muncie, Ind.-based Ontario Systems, thinks that his ESX system is “a consistent platform” and that the price of support is worth their investment. “Most of the cost is for support and (VMware’s) support is very good,” says Baugham.

But what will happen when all the Microsoft customers with enterprise agreements get a taste of Hyper-V support? Or if Microsoft offers more third-party support for Xen?

Howard Holton, a system engineer, said that market share will shift in Hyper-V’s favor.

“Hyper-V is an excellent solution for many of those that cannot afford the steep cost that ESX server requires,” says Holton, who has already has a positive experience working with the release candidate and points out that for most data center operations, VMotion’s High Availability (HA) is overkill. ”Hyper-V fits into the market below VMware for hosts that do not need true HA.”

Holton said that in the long run Hyper-V might win out over VMware because Citrix’s XenServer has finally given Xen a roadmap. XenServer is the spoiler, with a lower TCO than VMware. Although price hasn’t deterred Holton from delivering VMware to his customers in the past, he predicted that Hyper-V will only increase in value.

“As a value-added reseller in the small to midsized space, VMware is the leading virtualization product that I offer. That is changing.”

View article...

The Virtualization of Software Appliances

This 15-minute podcast explores the world of virtualization as it relates to software appliances. Learn about the impact and technical challenges independent software vendors face when considering the adoption of hyperboxes from Charles Kolodgy, Research Director at IDC and Kevin Murphy, Chief Technology Officer at NEI.

[ Listen to the Podcast Now ]

Building a Security Infrastructure with Microsoft Forefront

In Building a Security Infrastructure with Microsoft Forefront Ronald Beekelaar provides an in-depth technical overview of Forefront Client Security, Server Security and Edge Security. This includes the Forefront Server products for Exchange Server 2007 and Microsoft Office SharePoint Server (MOSS) 2007 and the Forefront Edge product named Intelligent Application Gateway (IAG) 2007.

http://www.microsoft.com/emea/spotlight/event.aspx?id=96

Links to Session Videos:

Ø  Building a Security Infrastructure Keynote- Steve Lamb, IT Pro Evangelist, Microsoft UK

Ø  Forefront Overview, Ronald Beekelaar, MVP Security and MVP Virtual Machines,        Beekelaar Consultancy

Ø  Forefront Client Security Ronald Beekelaar, MVP Security and MVP Virtual Machines, Beekelaar Consultancy

Ø  Forefront Server Security Ronald Beekelaar, MVP Security and MVP Virtual Machines, Beekelaar Consultancy

Ø  Forefront Edge Security Ronald Beekelaar, MVP Security and MVP Virtual Machines, Beekelaar Consultancy

Posted: Thursday, May 29, 2008 9:23 PM by John Westworth

JohnR : Building a Security Infrastructure with Microsoft Forefront

Thursday, May 29, 2008 3:51 PM yuridio

ISA Server 2006 SP1 is on the way to make this summer even hotter

The expected ISA Server 2006 SP1 is on the way, Jim Harrison has blogged in the ISA Team Blog about the new features of this release. The ISA Server community is very excited about this announcement as externally by Tom Shinder blogging on his blog.

I just delivered a webcast to the IT community in Brazil through Support Academy (an initiative from Microsoft Latam Team) about those new features and here are some of the demos (I removed the narration since it was in Portuguese J):

Demo 1 – Configuration Change Tracking

· This demo shows the functionalities of this new feature and how to easily identify what change was done in the Firewall Policy.

Demo 2 – Web Publishing Rule Test Button

· Very cool feature that can be used proactively to see if the publishing rule is working (prior to put in production) or reactively while troubleshooting an issue.

Demo 3 – Traffic Simulator

· Tired to wait for the user to be able to see the error that he is receiving when accessing a web site? Now you can do your own simulation with this tool.

Demo 4 – Diagnostic Logging Query

· With this integration you will be able to understand exactly what is going on when ISA is processing your request.

Start planning your summer migrations for ISA Server 2006 SP1.

Filed under: ISA Setup, ISA Administration

Yuri Diogenes's Blog : ISA Server 2006 SP1 is on the way to make this summer even hotter

Dr. Tom Shinder has published a new article on using the new Web Access Policy node.  Tom says:

This new node provides a location where you can configure the TMG firewall to allow outbound HTTP, HTTPS and Web proxy forwarded FTP connections to the Internet. This change also seems to represent an increased focus on HTTP for the product. While previous versions of the ISA Firewall did have a sophisticated Web proxy filter and HTTP Security Filter, the TMG firewall takes things to the next level by adding malware inspection for outbound HTTP requests.

Read the rest of the article at the source.

Source: Creating a Web Access Policy using the Forefront Threat Management Gateway (TMG) Beta 1 (Part 1)

USEast Technologies acquires NS-Series ISA appliance maintenance contracts from NEI

USEast Technologies will assume responsibility for supporting the Microsoft^®-based NS Series installed base

Randolph, Massachusetts, May 27, 2008 - USEast Technologies announced today that it has reached an agreement with NEI, a leading provider of server appliance products and services for storage, security and communications software vendors, to assume responsibility for technical support and maintenance of its installed base of NS Series security products. The NS Series of products are security appliances based on Microsoft’s Internet Security and Acceleration (ISA) server technology and are installed in more than 500 locations worldwide. Under the agreement, NEI will continue to provide logistical support for the hardware component of the NS Series through USEast Technologies.

“We are pleased to partner with USEast Technologies to help support the NS Series installed base,” said Tom Brodeur, NEI’s senior director of global support services. “We have worked closely with Don Adams and his team in recent years to enhance NS customer support and we are confident USEast will provide superior support services for the NS customer base.”

“Don Adams and his team are well-versed in Microsoft security technology and should bring a revitalized commitment and enthusiasm to the NS Series ISA installed base,” said Dr. Thomas Shinder, Microsoft Forefront MVP and author of numerous books about Microsoft security technologies. “Don was intimately involved in the original design of the NS Series when he was employed by Network Engines, Inc., (renamed NEI) and I anticipate that USEast will soon offer the NS Series installed base exciting new Microsoft Forefront Edge security solutions.”

“We are excited about the opportunity to provide ongoing support for the NS appliance installed base,” stated Don Adams, president and founder of USEast Technologies. “We are currently contacting all customers and communicating our plans for providing support for the installed base of NS appliances and supplying NS Series upgrades. In the near future we will be communicating our plans for offering a new generation of Microsoft Forefront Edge Security appliances and solutions.”

About USEast Technologies LLC

USEast Technologies is based in Randolph, Massachusetts. The company provides services and products for Microsoft security and virtualization technologies. For more information about USEast Technologies, visit www.useast.com.

About NEI

Founded in 1997, NEI is headquartered in Canton, Massachusetts, and trades on the NASDAQ exchange under the symbol NENG. NEI network appliance solutions are made to ease and enhance the deployment, manageability, and security of IT infrastructure applications. With a heritage of providing product and service technologies tailored to support the entire lifecycle of its customers' appliances, NEI has become the appliance partner of choice for OEMs, ISVs and software integrators worldwide. For more information about NEI’s products and services, visit www.nei.com.

Contact Info:
Send email to PR@USEast.com
Call 781-583-1448

Home

I'm an avid fan of the Virtual Appliance concept so you'll see a lot of articles on this site about VA's.  Wikipedia defines a virtual appliance thusly:

“A virtual appliance is a minimalist virtual machine image designed to run under Parallels, VMware, Xen, Microsoft Virtual PC, QEMU, Usermode Linux, CoLinux, Virtual Iron, VirtualBox or other virtualization technology.”

USEast has plans to enter the VA business at some point.  We'd like to be the first to ship a VA based on ISA Server... just waiting for MS to allow us to do it.  What do you think?  Good idea?  Read more at the link below.

Need it quick? Use a virtual appliance to get up and running in no time

Servers and Storage | TechRepublic.com

Alessandro Perilli has some interesting thoughts regarding how Microsoft might address virtualization security.  I wonder if ISA server will play some part in their strategy?  See more info at the source.

Source: Is Microsoft working on a VMsafe-like framework? | virtualization.info

Microsoft expands desktop virtualization after finalizing Kidaro acquisition

TAGS: Desktop Virtualization

Microsoft has finalized its acquisition of Israel-based desktop virtualization startup Kidaro and said that it plans to incorporate Kidaro's technology into the Microsoft Desktop Optimization Pack (MDOP) during the first half of 2009 under the new name Microsoft Enterprise Desktop Virtualization. This technology will join Microsoft's Application Virtualization, formerly known as SoftGrid, which was acquired from Softricity.

View the whole article at the source.

Source: Virtualization Report | David Marshall | InfoWorld | Microsoft expands desktop virtualization after finalizing Kidaro acquisition | May 26, 2008 02:43 PM | David Marshall

Dr. Tom Shinder is excited about the summer release of ISA 2006 SP1.  Check out what he's got to say at the source.

Source: Thomas Shinder Blog » Blog Archive » ISA 2006 Service Pack 1 Details Leaked

Understanding Why ISA Server re-prompts for Authentication when Passwords Expire

Introduction

There are times that the user does not change their password on the day that Group Policy forces a password change. Normally, if the user logs off and tries to logon again, Windows will inform him that his password is expired and require him to change it. ISA is not able to perform the same action as Windows.

This article describes what happens when the user’s domain password expires while he is trying to browse Internet through ISA Server and ISA Server uses a rule that requires authentication.

Read more at the source.

Source: Understanding Why ISA Server re-prompts for Authentication when Passwords Expire

Looks like that TMG beta 1 has gone public.... Read on!

Sunday, May 25, 2008 1:05 AM yuridio

Overview of Forefront Threat Management Gateway Beta 1

1. Introduction

The Microsoft Forefront Threat Management Gateway promises to be the milestone that all ISA Server admins were waiting for. I heard all the time people saying that the difference between ISA Server 2004 and ISA Server 2006 were not that big and that we pretty much have the same product for 4 years already. Well, that isn’t really true; there are indeed many differences between 2004 and 2006. Maybe some people were waiting for a huge upgrade like it was from ISA 2000 to 2004 and this didn’t happen. After two years since ISA Server 2006 was released, we have now (without a doubt) a big change, maybe will not be noticeable now but it will in the final version.

You can download the beta version from here and use the installation guide article that my friend Tom Shinder wrote. This beta version available for download has only a limited set of features. However, before install read the release notes to see what you can and what you cannot do.

There are many things that you will notice and see that it is different from ISA Server 2006. As far as installation is concern there are some things that you need to remember:

· IIS will be installed: that’s correct; IIS now will be installed by TMG. You might be thinking: “I remember that we have issues with IIS and ISA in the same box…”. You are right for ISA Server, but for TMG we need IIS because TMG needs SQL Reporting Services 2005 and SQL Reporting Services 2005 needs IIS. It is important to emphasize that IIS is not removed if you uninstall TMG.

· 64 bits System: although the final version of TMG requires a 64-bit processor and Windows Server 2008 64-bit, this beta version can be installed in a 32-bit system with Windows Server 2008.

· WEBS: the TMG beta version that we have available for download it will be part of the Windows Essential Business Server. TMG will be available through WEBS Standard and Premium Edition.

Note: The official TMG documentation is available at Microsoft TechNet Library web site.

View the complete article at Overview of Forefront Threat Management Gateway Beta 1

Microsoft Internet Security and Acceleration Server News

Source: Heavy on the Technical : ISA / IIS / Biztalk / WSPS / MOSS Info for the Month of April 

Forefront Threat Management Gateway, the Next Generation of ISA Server, Now in Public Beta

Get a first look at the Forefront Threat Management Gateway, the next generation of ISA Server, as part of the new Forefront codename “Stirling” integrated security system. This first look public beta provides Web anti-malware for enhanced protection against Internet-based threats, simplified management, secure connectivity, and support for Windows Server 2008. Download the public beta today.

http://technet.microsoft.com/evalcenter/cc339029.aspx

Go and get the ISA Server Best Practices Analyzer (IsaBPA) version 6 now!

http://www.microsoft.com/downloads/details.aspx?familyid=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en

Internet Security and Acceleration (ISA) Server TechCenter

http://www.microsoft.com/technet/isa/default.mspx

Please note that if you have feedback on documentation or wish to request new documents - email isadocs@microsoft.com

ForeFront Edge Security Forums at http://forums.microsoft.com/ForeFront/default.aspx?ForumGroupID=384&SiteID=41

Discuss ISA Server at the new Microsoft Forefront™ Edge Security forums, available at TechCenter

Internet Security and Acceleration Server Blog

The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:

Understanding By-Design Behavior of ISA Server 2006: Buffering and Streaming Web Publishing Rule Content

http://blogs.technet.com/isablog/archive/2008/04/09/understanding-by-design-behavior-of-isa-server-2006-buffering-and-streaming-web-publishing-rule-content.aspx

Introducing a New Era for ISA Server

http://blogs.technet.com/isablog/archive/2008/04/09/introducing-a-new-era-for-isa-server.aspx

ISA Server 2006 form base authentication problem using UPN logon format on a multiple domain environment

http://blogs.technet.com/isablog/archive/2008/04/17/isa-server-2006-form-base-authentication-problem-using-upn-logon-format-on-a-multiple-domain-environment.aspx

ISA Server 2006 Service Pack 1 Features

ISA Server 2006 Service Pack 1 Features

Introduction

Microsoft® Internet Security and Acceleration (ISA) Server 2006 Service Pack (SP) 1 will be available for your installation pleasure this summer!

This Service Pack introduces new features and improved functionality for ISA Server 2006 Enterprise and Standard Editions. The new features focus primarily on enhanced troubleshooting mechanisms designed to help you identify and resolve ISA Server configuration issues. Also included in this package are the updates we’ve promised for so long, such as SAN certificate support.

Service Pack 1 new and improved features

ISA Server 2006 SP1 includes the following new features:

· Configuration Change Tracking — logs all configuration changes applied to ISA Server configuration to help you backtrack through your change history.

· Web Publishing Rule Test Button — helps you verify that the rule configuration agrees with what is set at the published web server and provides specific suggestions when they disagree.

· Traffic Simulator — simulates network traffic as it would be seen by the ISA rules engine and gives you specific information about traffic processing along the way.

· Diagnostic Logging Query — an extension to the Diagnostic Logging feature provided in the Supportability Pack, this feature makes it much easier to see only the data that is relevant to the current troubleshooting effort.

ISA Server 2006 SP1 also includes such feature improvements as:

· Support for Network Load Balancing (NLB) multicast and multicast with IGMP operations (KB 938550)

· Support for certificates with multiple Subject Alternative Name (SAN) entries in published web servers

· Kerberos Constrained Delegation (KCD) authentication supports trusted-domain user accounts (KB 942637 )

For additional feature improvements, see "Improvements to existing features" later in this document.

More info at the source

Source: ISA Server Product Team Blog : ISA Server 2006 Service Pack 1 Features

Finally, after waiting over 2 years, Citrix finally releases their Branch Office Appliance.  Please let us know if anybody actually sees one.  We'd love to hear your feedback.

New Citrix Branch Repeater Uses ISA Server

Wednesday, May 21, 2008, 2:43:00 PM | David Burt

Citrix has announced the availability of the new Citrix Branch Repeater, an "all-in-one" device for delivering applications to branch offices.   The Citrix Branch Repeater was developed jointly with Microsoft, and  uses Microsoft ISA Server 2006 Web caching to accelerate delivery of web content to the branch.  ISA Server 2006  helps branch office users easily and securely access the Internet or corporate-based resources. More on ISA's use in the new Citrix Branch Repeater on  Thomas Shinder's ISAServer.org blog here.

Internet Security & Acceleration (ISA) Server,  first launched in 1997 as the Microsoft Proxy Server, is a very versatile product with a great many uses, including as a VPN, a Firewall, a URL filtering proxy, and with Citrix, a Web caching device.   In addition to Citrix, ISA has a rich partner ecosystem that includes providers of URL filters, Anti-Virus, Reporting, User Authentication, and more on our partner page here.

Forefront Team Blog