New CTO, new Linux focus for HP?

Posted on November 7, 2012 by Tony Redmond

The conspiracy theorists will have had a field day with the news that HP has spent $500,000 to upgrade their membership of the Linux Foundation to “Platinum” level. Taken together with the other recent announcement that Martin Fink has taken over as HP Chief Technology Officer and Director of HP Labs, you might imagine that Linux is viewed more positively in Palo Alto than before. Perhaps it is HP’s way to shoot a polite warning across Microsoft’s bows so that the folks in Redmond don’t assume that they can simply march all over the market of their OEMs without consequences. I don’t know.

HP has been without a CTO since Shane Robison retired soon after Meg Whitman took over as CEO. At that time HP said that Robison would not be replaced and it seemed that he took some of the blame for the strategic decisions around the HP Touchpad fiasco, the upheaval around the prospect of selling off HP’s Personal Systems Group, and the overpriced purchase of Autonomy. For whatever reason, in the interim Bill Veight acted as the strategy lead for HP.

Martin is an interesting guy. His most recent assignment was to head the Business Critical Systems (BCS) division, the group that engineers HP’s Superdome IA64-based high-end systems that were the subject of fairly bitter litigation between HP and Oracle in the past year. In a nutshell, Oracle had concluded that IA64 was a dead platform and didn’t want to put any more engineering effort to make their products work on Superdome. HP naturally didn’t appreciate this very much and the lawyers went to battle. Fink featured in the thrust and parry between the two companies, which eventually ended up when the judge ordered Oracle to live up to their agreement with HP.

But before BCS, Martin was HP’s Linux leader for a number of years and he placed a huge role in making HP a player in the Linux market. He fought to make Linux respected in HP’s Microsoft-dominated plans and grew the business over the years, something that I always respected even when I wasn’t quite on the same side.

I’m not sure that Martin’s history with Linux and Superdome make him a natural enemy of Microsoft’s. I think he is a pragmatist who will do the right thing for HP’s business and that probably means staying reasonably tight with Microsoft while exploring other opportunities for the world’s largest IT company. This is the only reasonable course for an HP CTO, especially one who also has direct oversight of HP Labs. The challenge with HP Labs has always been to transition the result of research and the discoveries made in Labs to the HP businesses. This has happened over the years with great results such as Inkjet printing, but the pace of technology evolution has increased to a point where Labs doesn’t seem to have kept up as well as it did in the past. It’s been a while since I was involved with HP Labs, but I have seen little reported in public in the last 30 months to show that the success rate for transition is any better than it was. I suspect that the reinvigoration of HP Labs will prove to be a huge challenge for the new CTO, one for I wish him all the very best of luck.

People and organizations change over time. A new person in a new role brings a new voice and new perspective to the challenges faced by companies. It will be interesting to see how the new HP CTO makes his impact in time, perhaps even by making HP an even better platform for Linux?

Follow Tony @12Knocksinna

Posted in Uncategorized | Tagged , , , | 1 Comment

Exchange Unwashed Digest for October 2012

Posted on November 5, 2012 by Tony Redmond

October 2012 was quite a busy month for my “Exchange Unwashed” blog on WindowsItPro.com with 11 articles appearing. Here’s the regular monthly digest:

Exchange 2013 reduces number of mounted databases to 50 (October 30). I wonder how many companies run an Exchange 2010 Database Availability Group (DAG) with more than 50 mounted databases on any individual member node? If there are any companies in this situation, they are going to have to do some work to prepare for Exchange 2013 as the limit for mounted databases has been trimmed back from 100 to 50. Apparently it’s all to do with the extra workload of the mailbox server in Exchange 2013. Or something like that.

The Emerging Need for More Supervision Over ActiveSync Implementations (October 25). ActiveSync is great because it’s become the de facto standard for mobile devices to connect to Exchange. The downside of the success is the free rein that ActiveSync licensees have in the way that they use the protocol within their email clients. The upshot, as seen in Apple iOS 6.0, is symptoms such as “meeting hijacks” where ActiveSync allows a client to update the organizer of a meeting. Not good, and something that Microsoft really needs to be a tad stronger over.

Exchange 2013 and Office 2013 Professional Plus available for download (October 24). One of my public service announcements to let MSDN and TechNet subscribers that they can now get the RTM code for Exchange 2013 and Office 2013. Nothing more exciting that that… let the testing begin!

The road to economic competitiveness – ten years of I/O reduction for Exchange (October 23). I thought that I’d get more reaction to this commentary, which reflects on the sorry state that Exchange 2003 really was (using hindsight as a lens) and all the work that Microsoft has done over the last ten years to restore competitiveness with Google and Gmail. I thought I was making a good point. Maybe others believe that Microsoft really did all the work to reduce I/O for the good of humanity.

Coping with Swelling Mailboxes: Why Outlook 2013 Changes Caching (October 18). In thinking about why Outlook 2013 would even want to mess with the model for cached Exchange mode established and working successfully since Outlook 2003, there’s really only one reason: we are all email slobs with little or no interest in cleaning up our mailbox. So Outlook has to be better at storing all our rubbish, which it is in Outlook 2013, so that’s good…

Exchange 2013 counts data within databases better–may affect user mailbox quotas (October 16). With the zeal of a banker who suddenly realizes that they’ve been calculating interest wrongly, the Exchange Store has discovered that it’s not been charging user mailboxes for all the overhead that databases incur to handle mailboxes. So Exchange 2013 cleans everything up and charges the right amount, with the net effect that you might need to up mailbox quotas by some 30%. Is this a problem? Probably not…

Exchange 2013: the real journey starts now (October 12): The Exchange development group surprised me when they declared success on October 11 and allowed Exchange 2013 to meet the Release to Manufacturing (RTM) bar. I think the core of the product is fine but some loose ends exist around the rest of the product, like the small matter of public folder migration. Never mind, the party started in Redmond on October 11 and should just be about finished now. The next thing to do is to get Exchange 2010 SP3 out the door so that companies can actually deploy Exchange 2013 and the issue of the first service pack or whatever the first batch of fixes for Exchange 2013 will be named. Coming soon. Or so we are told.

Expiring digital signatures and rereleased updates (October 11): All software products released by Microsoft are digitally signed. Sometimes the digital signatures aren’t quite right and the products have to be rereleased. And so the latest roll-up updates for Exchange 2010 SP2, Exchange 2010 SP1, and Exchange 2007 SP3 have reappeared, brighter and better than ever before.

ActiveSync problems with iOS6 (October 9). A new operating system for the iP-devices is released by Apple, another batch of problems with their email clients when connected via ActiveSync to Exchange is discovered. It’s become boring but predictable. iOS6 came out, everyone was hyper-excited, and then we had meeting hijacking all round that’s apparently been a problem since iOS4. Still, it’s Apple, and they’re good, and they’ll fix the problem because they’re good, and it’s only meetings, and no one was harmed, and what do you really care about meetings, and Apple’s good…

Outlook 2013 introduces hybrid cached mode (October 4). Outlook 2013 is really quite smart when it connects to servers and finds out that a lot of new data is waiting there that isn’t present in its cache. Where older clients would fetch and wait, Outlook 2013 fetches and shows. Read all about it!

Exchange 2010 SP3 prepares the way for Exchange 2013 (October 2). You need Exchange 2010 SP3 to be able to co-exist with Exchange 2013. Rather strangely, Microsoft took the pre-emptive step of telling people that Exchange 2010 SP3 is on its way, even though it won’t be available until sometime in early 2013. I guess it was just to reassure companies who are contemplating early Exchange 2013 deployments that they’ll be able to connect to their old servers too!

November is already starting well, so please join me at Exchange Unwashed!

Follow Tony @12Knocksinna

Posted in Cloud, Email, Exchange, Exchange 2010, Exchange 2013, Office 365, Outlook | Tagged , , , , | Leave a comment

HP’s BYOD dilemma, Google’s weak keys, and Apple’s PR mastery

Posted on November 2, 2012 by Tony Redmond

A number of recent events have attracted my attention. Maybe they will interest you too.

First, an HP executive made an interesting comment in an interview about BYOD when he said that HP wouldn’t introduce a bring-your-own-device to work anytime soon. The real meat was when he said “Why? It would be embarrassing – more importantly it would be embarrassing for our employees. Employees have to be proud of our products.” To put this remark into context, the guy who was being interviewed was Eric Cador, Senior VP of HP’s PC and Printers division in EMEA. Eric’s mission is to sell lots of HP PCs and printers and allowing HP employees to bring competing devices to work would probably not help the message he’s trying to transmit to customers.

The problem is that Eric doesn’t work for HP IT and probably doesn’t understand what’s happening to facilitate user choice to make people more productive. When Apple introduced the original iPhone in 2007, it didn’t take long for iPhones to begin popping up on the HP network. I remember a conversation with the HP team who do an excellent job of running the HP Exchange organization, who reported that they had considered blocking iPhone devices connecting to Exchange via ActiveSync until they had reviewed the IIS logs to discover that roughly a hundred of the users who had connected via iPhone were Vice Presidents or higher. The discovery terminated the discussion abruptly. I doubt that HP has blocked iPhones and iPads in the interim and seeing that HP doesn’t currently manufacture a competing product to either the iPhone or iPad, the fine people in HP IT might continue on their path. Of course, if the HP Envy X2 or similar Windows 8 tablets take off, then they might want to block iPad, but I’ve got to believe that there are still a ton of senior HP personnel using iPhones… and who wants to tell them that they’ve got to drop their beloved Apple and use a Windows Phone instead?

Next, the interesting story about how a mathematician who received some job spam from a Google recruiter discovered that Google protected its email with a relatively weak 512-bit key. Not many people would have noticed this fact and fewer would have swung into action to break the key using Amazon Web Services and then prove this to Google by sending email that purported to come from Sergey Brin. This caused the nice people in Mountain View to sit up and take notice with the result that the DomainKeys Identified Mail (DKIM) key published in DNS for Google was suddenly increased to 2,048 bits, taking it out of the realm of practical breaking given the resources available to non-government agencies. All of this goes to prove that even those who run some of the largest email systems in the world can get things wrong some of the time. I’m sure it was simply the result of overlooking that the DKIM key needed to be strengthened and I’m equally sure that a similar situation exists in many other large companies.

Finally, Apple ran out of luck in the UK Courts as their appeal to avoid having to post a notice on their web site to inform consumers that Samsung’s Galaxy tablet had not infringed Apple’s patents for the iPad. I admire a judge who assessed of the iPad: “It is a cool design”. I also admire the way that Apple turned disadvantage into advantage by using the court-forced statement to inform consumers of the strength of the iPad’s design and the fact that Samsung had been found by a German court to have copied the iPad in a case involving the same patent. The joy of words when issued by master marketeers.

Follow Tony @12Knocksinna

Posted in Technology | Tagged , , , , | Leave a comment

Outlook Anywhere coming to a CAS server near you soon

Posted on October 31, 2012 by Tony Redmond

If you’re running Exchange 2007 or Exchange 2010 today and want to introduce Exchange 2013 at some point in the future (subject to code being available to permit version interoperability – see below), you’re going to have to put Exchange 2013 Client Access Servers (CAS) into operation. Ideally, the Exchange 2013 CAS will take over the namespace (for example, mail.contoso.com) for the organization and work with its Exchange 2007 or Exchange 2010 counterparts to route incoming client connections to the right mailbox servers.

This topic was addressed by Greg Taylor of Microsoft at the recent TEC event in Barcelona and I thought that he provided a pretty good overview of the way that the new (always improved) CAS handles client connections and why you might need to update existing CAS servers to deal with the way that Exchange 2013 proxies or redirects connections.

In many companies, the usual approach to handle incoming connections is to deploy a load balancer in front of the CAS. For the purpose of this article, “CAS” means either an individual CAS or a member of a CAS array in an Internet-facing site). It doesn’t matter whether the load balancer operates at layer 4 (now supported by Exchange 2013) or layer 7. What does matter is that the load balancer will pass incoming client connections to the CAS.

At this point, the CAS has to decide where to direct the connection. The location of the destination mailbox determines how processing proceeds. Clearly, if the mailbox is on an Exchange 2013 mailbox server, the CAS is able to proxy the connection direct to that mailbox server without any problems. However, if the mailbox is on an Exchange 2007 or Exchange 2010 server, the CAS has to use an HTTP proxy or redirection to transfer the connection to an Exchange 2007 or Exchange 2010 CAS, which then takes responsibility for making the final connection to the mailbox.

The proxy from the Exchange 2013 CAS uses Kerberos to communicate with its legacy counterparts and the destination is the RPCproxy or Outlook Anywhere endpoint (the /rpc virtual directory in IIS), which requires secured connections. If you configure Basic Authentication for Outlook Anywhere, IIS only enables Basic Authentication on the /rpc virtual directory. For this reason, IIS has to be updated to support Integrated Windows Authentication (IWA – previously known as NTLM) connections as otherwise Kerberos won’t work. However, if you were to simply modify IIS to support IWA, it would be overwritten by Exchange and have the side effect of changing the authentication mechanism used by clients to connect to the CAS, which is probably not what you want to happen.

The workaround is reasonably simple – you have to run the Set-OutlookAnywhere cmdlet in the Exchange Management Shell to update IIS on all your legacy CAS servers so that internal (between CAS) connections are authenticated with Kerberos while external (client) connections continue to use BASIC. The command is as follows:

Set-OutlookAnywhere –Name ExCAS01 –ClientAuthenticationMethod Basic                    –IISAuthenticationMethods Basic, NTLM

If you’ve already made the decision to enable NTLM for Outlook Anywhere you don’t need to make any changes to IIS. However, even if this is the case, you still need to consider how the Exchange 2013 CAS proxies connections to other CAS servers located in internal or non-Internet facing sites (that is, without a direct connection to the Internet via a firewall etc.).

This requirement does not exist for previous versions of Exchange so it’s unlikely that Outlook Anywhere is enabled on CAS servers in non-Internet facing sites as they do not expect to process incoming Outlook Anywhere connections. However, if the Exchange 2013 CAS has to proxy an incoming connection because the target mailbox is on a server in an internal site, the proxy is to the Outlook Anywhere endpoint. It therefore follows that the CAS servers in these sites need to be updated by running the Enable-OutlookAnywhere cmdlet so that they can accept the incoming proxy to their Outlook Anywhere endpoint with NTLM authentication enabled.

Microsoft hasn’t yet released the necessary updates that allow legacy versions of Exchange to co-exist with Exchange 2013 so it’s not yet possible to deploy Exchange 2013 into a legacy organization and have the Exchange 2013 CAS take over responsibility for the namespace. Exchange 2010 SP3 is expected in early 2013 and an update to Exchange 2007 SP3 should be available in the same timeframe.

On another CAS-related point, fellow MVP Jeff Guillet points out that Exchange 2013 enables RPC encryption for clients as the default once again. The default was the same for Exchange 2010 so this should only be a worry for those upgrading from Exchange 2007. However, it’s fair to say that only Outlook 2003 clients were really affected by making RPC encryption the default. Exchange 2013 doesn’t support Outlook 2003, so maybe we have nothing to worry about!

Follow Tony @12Knocksinna

Posted in Email, Exchange, Exchange 2013 | Tagged , , , , , | 1 Comment

Protecting Exchange mailbox databases against rogue administrators

Posted on October 26, 2012 by Tony Redmond

Jürgen Hasslauer gave an interesting talk at The Experts Conference (TEC) in Barcelona covering the features included in Exchange 2013 to monitor and control access to sensitive data. The talk was based on his experience of assessing Exchange against the requirements of a German government customer that is migrating from Lotus Notes. As you’d expect from a government body that deals with confidential data (the possibility that Frau Merkel’s telephone number might be revealed was mentioned in passing – but who would want that?), the requirements are exhaustive and in-depth and the good news is that Exchange 2013 appears to be measuring up to the task.

Jürgen covered many topics, including mailbox and administrator auditing and the new query-based hold that can be placed on mailboxes. Up to five separate query holds can be active for a mailbox, each of which determines criteria for Exchange to use when assessing whether items should be retained to satisfy something like a legal discovery action. The query holds are composed using the Keyword Query Language (KQL) rather than Advanced Query Syntax (AQS) as used in Exchange 2010 discovery searches. If more than five query-based holds are placed on a mailbox, Exchange retains everything on the basis that it’s simpler to hold the lot than attempt to resolve six or more different queries. All good stuff!

But then the discussion turned to the security of mailbox databases. Or rather, the ease in which a mailbox database can be physically copied and then interrogated to uncover its secrets should a rogue administrator desire. Administrators take backups of mailbox databases all the time as a natural and required action to ensure that data can be restored should a catastrophic failure occur. Even in an era when Exchange can protect databases by maintaining several copies in a DAG, many companies still require physical backups to be taken, if only because they can then place the backup media in an offsite repository. Often this is done to satisfy an audit requirement.

The most recent Exchange versions back up databases using Windows Volume ShadowCopy Services (VSS) to disk. The disk copies can then be recopied to tape media if this is considered the most convenient choice for offsite storage. All in all, the backup system for mailbox databases works well and few problems are encountered in taking or restoring backups.

Security people consider how data can be exposed to unauthorized access. If a rogue administrator is able to take a copy of an Exchange mailbox database, they will be able to restore that database and mount it as a recovery database on a mailbox server. Outlook or other Exchange clients cannot access data in a recovery database as this kind of access is blocked. However, an administrator is able to extract information from a recovery database and move it into a mailbox that can be accessed by a client. Some protection can be gained if Active Directory Rights Management Services (ADRMS) is deployed and used to secure message content. S/MIME can also help. But either approach won’t secure information held in calendar or contact items or anything else that the user fails to protect. It is therefore entirely possible that a rogue administrator might be able to discover information that should remain secret by trawling through data exported from a recovery database.

Third party products are also available to make the task of a rogue administrator even easier. For example, the Veeam Explorer for Exchange proudly boasts that it “gives you instant visibility into your Exchange backups. You can browse, search and selectively export items (emails, notes, contacts, etc.) directly from Veeam backups of your Exchange virtual machines (VMs).” (emphasis by Veeam)

The potential of using a product that offers easy navigation through the data held in backup media is valuable in circumstances where information needs to be retrieved from a backup under well-controlled circumstances. The potential that such a utility holds out creates a completely different vista to a security professional – the prospect that a rogue administrator is provided with an easy-to-use GUI to browse mailboxes.

Technology offers good answers to many problems. In this case, technology exists to allow untrammeled access to Exchange mailbox databases. It’s unreasonable to expect that Exchange will offer complete protection against administrative access to databases as this would make the recovery process much more difficult than it is today. The wise approach is to recognize the danger that exists if an administrator turns rogue and then take precautions to ensure that staff are briefed on the danger, that everyone knows the consequences of accessing confidential data when they have no good reason to do so, that warning signs such as employee unhappiness or unexplained actions that might compromise data are picked up, and that sufficient management monitoring occurs to ensure that the correct operational balance is maintained between efficient operation and total data security.

Follow Tony @12Knocksinna

Posted in Exchange, Exchange 2010, Exchange 2013, Technology | Tagged , , , , | Leave a comment

Exchange 2013, Facebook, malfunctioning ActiveSync clients, modern public folders and more at TEC Barcelona

Posted on October 24, 2012 by Tony Redmond

The European edition of The Experts Conference (TEC) rolled around in Barcelona this week. As a location, the conference center was fine, if just a tad remote from the delights of Barcelona’s city center.  The conference center is co-located with the Hotel Rey Juan Carlos 1 that’s used by FC Barcelona to host guests for UEFA Champions’ League matches because it’s close to the Camp Nou stadium, and proved to be a good place to stay. The remote location might be considered to be a good thing by some on the basis that attendees might stay focused on the conference proceedings, but many escaped in a search for restaurants, etc.

Although the Exchange sessions were reasonably well-attended, I thought that TEC had less people than last year. Of course, the Microsoft Exchange Conference (MEC) was last month and attracted a lot of people. In addition, Microsoft is running a set of “Ignite” events across Europe that others will have chosen to attend. TEC is run by Quest Software, now a division of Dell, and it has a fine reputation for high-quality sessions that was maintained in the sessions I attended. Some notes on matters of interest follow. Click here to download the slides from my opening keynote (which provides a real fly-by of Exchange 2013).

During the “ask the experts” (a fairly loose description for the assembled talents), Greg Taylor (well-known Microsoft guru), expressed some frustration when asked about the recent ActiveSync woes experienced by Apple iOS6 users. ActiveSync is a protocol that Microsoft licenses to third parties, who then integrate ActiveSync into their email applications to provide users with the ability to connect to Exchange. Although Microsoft offers support and guidance to licensees to help them implement ActiveSync and announced an ActiveSync logo program in April 2011, no validation is required to ensure that the application works properly against Exchange before it is released. That work is totally under the controller of the developers, in this case Apple.

Greg acknowledged that Microsoft has to cope with the perception that Exchange is the root cause of any ActiveSync problem and that even though there are people assigned to work closely with third parties, they might need to take a more proactive approach to ensure that future problems don’t occur. He pointed to some code changes made in Exchange 2013 to remove an Exchange 2010 feature where a HTTP 451 redirect is provided to ActiveSync clients to point them to the current location of a user’s mailbox (see this discussion on Google’s code site for some insight into issues that this caused for Android clients). Apparently some clients just couldn’t handle the 451 properly and Microsoft concluded that the easiest fix was to change the logic in Exchange 2013 so that the Client Access Server now proxies incoming ActiveSync connections.

We had an interesting discussion about the value of waiting for Exchange 2013 SP1 before deployment. Greg made the valid point that the nature of development is now more dynamic than before so that features and enhancements appear at more regular intervals rather than waiting for the more formal release represented by a full service pack. His perspective was that customers can keep up to date and access new features by applying roll-up updates. I don’t deny that this is true because we have seen how Microsoft releases new features in updates such as Exchange 2010 SP2 RU4, but I still think that many customers will wait for SP1 because:

  • They’ll learn from the experience gained through early deployments. Documentation and third-party knowledge will also improve from RTM to SP1
  • They’ll need the time to figure out how to deploy Exchange 2013 inside their own environments because they have to resolve interoperability, co-existence, and updates for third party software. They also need time to assess whether they want to couple the deployment with Office 2013 on the desktop (or indeed, to deploy SharePoint 2013 to be able to use site mailboxes)
  • The record of Exchange over the years is that SP1 is “feature complete” when compared to the RTM software. Exchange 2013 is no different in this respect.

Modern public folders received a fair amount of discussion. One aspect of the migration is that system public folders are not moved over because their function have largely been replaced by other mechanisms. For example, Outlook clients don’t access a system folder to fetch free/busy information. Some issues have been identified, such as what happens with organizational forms, and another came up at TEC when a company asked whether the Outlook Security Settings folder would be migrated. I confess that I had forgotten all about this folder (see this page for a blast from the past), but it is used by Outlook clients to fetch security settings – and its value (over group policies) is that the folder is accessible from non-domain joined clients. Because modern public folders drop the multi-master replication model, the original question was whether it was feasible to have 60,000 clients connect to a single public folder. Naturally this might challenge the performance of the mailbox server. Microsoft is checking whether the folder will be migrated and if so what kind of performance you might expect. I think slow…

Building off the question “what would you like to see in Exchange ‘next’”, a spirited debate took place around the changing nature of communication due to the influence of Facebook and Twitter and how companies can handle this both to harness the value of the information plus capture it for compliance purposes. Some companies attempt to block access to Facebook at work because they fear that employees will spend too much time chatting with friends. I think this is a fair concern because Facebook does seem to steal cycles from people in such a way that they don’t realize quite how much time they spend on the site, a feeling underscored by the high number of minutes that Facebook reports for user connections. There are many challenges here. Blocking network connections is all very well but it doesn’t stop people connecting to Facebook with their mobile devices. I hear that Microsoft has many very intelligent people dedicated to figuring out how Exchange should co-operate and co-exist with new communication channels. Perhaps they’ll figure out how work-related Facebook and Twitter communications can be seamlessly captured by Exchange in much the same way as Lync conversations can be recorded. We shall see in due course.

In closing, I note that David Espinoza, the product manager who drives the Exchange customer Technology Adoption Program (TAP), claimed “if Exchange was a standalone company it would be the 9th largest software company in the world” at Microsoft’s Ignite event in Berlin (reported by Twitter, so take that into account). If true, this underscores the importance of Exchange to Microsoft and its impact on the world of email. I don’t think anyone now doubts the dominance of Exchange for corporate messaging. Its challenge though is to maintain its relevance in a world where the nature of personal communication is going through rapid change, possibly faster than at any other time since the introduction of the original integrated office systems in the early 1980s.

In closing, I note that Microsoft has posted help files for the released versions of Exchange 2013 on-premises and hybrid. The help files should be a good place to look for information about Exchange 2013 in the coming months so I’d grab a copy and have it on your local disk.

As always at good conferences, lots of value was gained from the side conversations. I look forward to the next event.

Follow Tony @12Knocksinna

Posted in Cloud, Email, Exchange, Exchange 2013, Office 365, Outlook | Tagged , , , , , | Leave a comment

Three reasons why Surface RT disappoints

Posted on October 21, 2012 by Tony Redmond

The release of Windows Surface RT devices for preorder and the resulting confusion generated through a blizzard of blog posts and tweets about many different aspects of the subject has made me think that Microsoft has dropped the ball a little in the battle for hearts and minds in the great Bring-Your-Own-Device (BYOD) debate.

Compared to the clarity that surrounds product launches of Apple, Microsoft’s obvious target for BYOD, or even the simple messaging around Google’s Chromebook device, there does not appear to have been too much precision or joined-up thinking around Surface RT. In reviewing all the commentary that I have read on the topic, I see three major areas where a better job could have been done.

First, launching Surface RT devices in a limited set of markets with artificial barriers in place to stop cross-country purchases is possibly one way to drive excitement because people can’t get hold of a device. On the other hand, it’s also frustrating to find that you can’t buy a Surface – and frustrated purchasers might look elsewhere, especially those in countries (like Ireland) where Microsoft Stores don’t exist and the date when a Surface RT device might become available in a physical retailer is uncertain. In addition, the Surface RT devices are relatively expensive when you consider that the O/S takes up about 10GB of the available storage, meaning that 32GB or 64GB devices are the only really viable devices if you intend to do any work – or store music, videos, or photos – on a Surface.

I guess it could be argued that selling only a limited number of Surface RT devices will make Microsoft’s PC partners slightly less dismayed at Microsoft’s venture into their territory. After all, the Christmas buying season is an enormously important time for PC vendors because it’s a prime opportunity to sell new laptops and ultrabooks to consumers. The success of the iPad and other tablets has taken some of the gloss off PC markets recently and the advent of the Surface makes life just a little harder.

Second, the fact that Windows RT is not Windows 8 seemed to have passed many by. The only applications that run on a Windows RT device are those written for the ARM-equipped platform. That means applications bundled with Windows RT such as the version of Office 2013 Student and Home (now complete and soon to be available for download from Windows Update to replace the Preview version) but not common applications like Adobe PhotoShop. Over time, Microsoft will make applications available through the Windows 8 Marketplace, but this is a sad story when compared to the veritable cornucopia of applications available for the iPad or Android tablets.

And of course, the fact that RT is not Windows means that the techniques used by administrators to manage devices within large companies simply won’t work because the Surface RT devices will ignore Active Directory, domains, policies, and all that kind of stuff. In fact, Surface RT devices will be largely equivalent to an iPad or Android tablet in that ActiveSync might offer the only way that an administrator can exert any influence over the BYOD devices. I think that this is a missed opportunity for Microsoft because it ignores the predominance of Windows infrastructures in use within large companies. If some method had been found to enable Surface RT devices to be “managed”, however loosely (more than ActiveSync, less than group policies), then recommending Surface RT as the natural platform for BYOD devices would be a natural consequence.

Third, the fuss and bother around the licence for the version of Office 2013 bundled with Surface RT is simply a result of Microsoft not figuring out how a simple adjustment to Office licensing would have created a massive competitive advantage for them over their opposition. Office is the de facto standard for desktop applications in large companies. If Microsoft had said “Surface and Office are natural partners” and forgotten about pointing out to all and sundry that the version of Office 2013 that runs on the Surface RT “is only intended for non-commercial purposes”, the messaging and impact would have been so much better.

Sure, Office 2013 RT is a tad incomplete because it lacks Outlook, but even so, the versions of Word, Excel, and PowerPoint that run on the Surface RT are so much better than anything that runs on an iPad, and the files that these applications generate can easily be shared with work colleagues by attaching them to messages sent using the inbuilt Windows 8 Mail application.  Not perfect, but a pretty good start – and the basis of yet another solid advantage to Microsoft in the BYOD battle. And the fact is that seizing this advantage would have been so possible without much cost for Microsoft simply because so many Office licenses are owned by the companies where potential Surface RT purchasers work, which satisfies the legalistic gyrations that seem to be necessary to explain how a Surface RT owner could use Office 2013 for commercial purchasers. Sure, there might have been a small number of Surface RT owners who do not have access to a full Office license, but these could have been overlooked in the drive for BYOD success.

The upshot of this all is that Surface RT is a disappointment. Even if I wanted to spend the large amount of money demanded by Microsoft for a suitable device, I can’t buy a Surface RT because of where I live; I see many issues that companies have to work out if they want to allow people to use the Surface for “real work” and the applications that I’d find useful don’t run on the device. Cue end of interest in purchasing any Windows 8 tablet until the Surface Pro appears and a “real” version of Windows 8 is available. By that time the PC vendors will have launched their own versions of Windows 8 tablets (such as the HP Envy X2) so more choice will be available, which is always a good thing.

Of course, the iPad and its Android counterparts share many of the same disadvantages listed above and have no real answer to the bundled Office 2013 software included with the Surface, but they’re not made by Microsoft. It’s an expectations thing I guess. When it all boils down, the excitement preceding the device simply did not live up to reality.

Follow Tony @12Knocksinna

Posted in SharePoint 2010 | Tagged , | Leave a comment

No Surface pre-order for Irish buyers

Posted on October 17, 2012 by Tony Redmond

Being a geek at heart (and having the t-shirt to prove the fact), the reports that Microsoft Surface devices were now available for pre-order moved me to investigate the situation, especially when Henrik Walther (of msexchange.org fame, now holding a blue badge as a Microsoft employee) reported that he had preordered a Surface on the Microsoft UK Store.

Henrik pointed me to the right page to order a 64GB Surface RT (the version running “normal” x64 software isn’t available yet). However, any attempt to access the link provoked some confusion and then annoyance as the good people who program Microsoft’s Store site have inserted code to redirect any IP address coming in from Ireland to an absolutely useless page (for my purposes). Cue frustration.

Consulting the web turned up the fact that the countries on the list for for preorder are Australia, Canada, China, France, Germany, Hong Kong, the United Kingdom and the United States. No mention of Ireland here, which is surprising given the vast amount of Microsoft profits earned in Ireland due to its intellectual property being held by Irish-registered companies (something that irritates the U.S. IRS no end) and the fact that some engineering is done in Microsoft Ireland’s HQ about a mile from my house.

Interestingly, the people who run the Microsoft Store in the U.S. don’t block Irish visitors, perhaps because they think we’d never be interested in buying from a U.S. site (clearly they’ve not learned from Amazon.com), and presented a page offering a range of Surface options.

Nice as it is to be able to see what the device costs, I’m not sure that I would spend $699 for a  64GB Wi-Fi device and then have to pay $129 for the Type cover (the version that has a complete keyboard) plus whatever tax is payable when the Irish customs detect the parcel arriving by post (probably 23% plus an administration fee). $699 seems expensive for a device that hasn’t yet proved itself in the market, even accounting for the fact that Home and Student Office 2013 (Preview) is installed. It would be more compelling if Microsoft had been able to produce a version of Outlook to include in the RT version. Windows 8 includes a Mail application that is OK but not as powerful as Outlook. On the accessory front, $129 seems like a lot for a Type cover when compared to some of the add-on keyboards that are available for the iPad. No doubt others will disagree in the rush to be the first kid on the block to own a Surface.

It will be interesting to see how much Microsoft proposes to charge for a Surface when the devices become available in Ireland. In the interim, I might just research things further when I am in London over the next few days. Maybe a UK Surface will work… or not…

Follow Tony @12Knocksinna

Update: Once I reached London, I was able to preorder a Surface. However, £668.99 for a 64GB RT with a Surface Type Cover  (approximately €836 or $1,076 according to OANDA) seems a tad rich for what the device delivers. By comparison, the US site offers the same configuration for $828.99 plus whatever tax is charged depending on the state you live in, probably around $895 in most places or $181 cheaper than the UK.  Microsoft will probably claim that the difference is entirely due to the much larger sales tax (VAT) charged in the UK (20%), but the cost makes me think that I shall wait!

Posted in Technology | Tagged , | 1 Comment

Exchange 2013 reaches RTM

Posted on October 12, 2012 by Tony Redmond

The point at which a brand-new version of Exchange attains the necessary level of quality to allow the development group to sign the code off as being suitable for “Release to Engineering” (RTM) is a cause for celebration in Redmond. And so it was on October 11 when the Exchange team concluded, based on internal measurements (bug counts, etc.) and lots of feedback from its customer Technology Adoption Program (TAP), that Exchange 2013 was ready to go. Along with its counterparts from the rest of the Office 15 Wave (SharePoint, Lync, and the rest of the Office applications), Exchange 2013 has been dispatched to manufacturing where the bits of build 15.00.0516.032 (for those who track version numbers) will be lovingly polished before being made available to customers at the “General Availability” (GA) date some few weeks away.

Of course, “manufacturing” has a very different meaning in a world where software is largely distributed via downloads rather than the physical media that we used to have to deal with. I had a reminder of this recently when I found a 6-diskette kit for Word 6.0. The joys that frequent insertion of magnetic media bring to IT administrators are long gone.

But alongside the general level of happiness and contentment that surrounds the release of Exchange 2013, is it just a symptom of my level of grumpiness that I am bothered by Microsoft’s constant references to Exchange 2013 as the “new Exchange”? As in the EHLO post “Introducing Data Leak Protection in the New Exchange” or the many references scattered around with little care during various talks at MEC.

It might well be that Exchange 2013 is the bright, wonderful, improved, sparkling, overhauled, and generally refurbished version of Microsoft’s enterprise email server, but is that any reason to keep on hyping it as “new”? I think not.

After all, if we accept that we must use “new” each time we wish to talk about Exchange 2013, then it surely follows that we must now adjust the names given to previous versions. Accepting the inevitable, here’s my list of suggested nomenclature for your consideration.

Version Name
Exchange 5.5 The not even worth mentioning Exchange
Exchange 2000 The positively archaic Exchange
Exchange 2003 The decrepit and antique Exchange
Exchange 2007 The showing its age but still acceptable Exchange
Exchange 2010 The quite recent and still pretty good Exchange

I’m not the only one to notice. Paul Thurrott wrote a piece called “The death of version numbers” on September 25 and concluded that this is probably linked to Microsoft’s desire to sell tons of user subscriptions to cloud-based versions of its products, all of which run on “the service”, aka Office 365 or maybe soon “the new Office cloud platform”.

Clearly it’s in Microsoft’s interest to tie people into monthly subscription payments and I assume that increasing emphasis will go on the purported advantage of early access to new features that you gain by using “the service”. Of course, you gain no advantage whatsoever if the new features are meaningless to you, but that’s not the point. You get bragging rights as a potential user of the new features and isn’t that important? Or perhaps not.

Thinking up some appropriate names for legacy versions of Exchange gave me some enjoyment. Perhaps you can do better? In the meantime, we shall now settle down and await for Exchange 2013 to reach the next stage in its development and become “generally available”.

Follow Tony @12Knocksinna

Posted in Email, Exchange | Tagged , | 2 Comments

Is the PC still personal, six years after HP bought Voodoo?

Posted on October 8, 2012 by Tony Redmond

You might recall the “PC is Personal Again” campaign launched by HP in 2006 to reinvigorate the PC market and announce its intention to bring new standards of design to PCs. Part of the campaign involved moving R&D funding away from tower-style PCs as it was felt that not much innovation could be gained. Instead, the focus moved onto laptops where areas such as miniaturization, hard disk protection, materials, and so on could be exploited to create new reference models for laptops and so gain a competitive edge in the market.

Around the same time, HP decided to buy Voodoo PC, a company based in Calgary that specialized in “boutique” PCs. The transaction acquired some good talent as well, amongst which was Rahul Sood, the founder of Voodoo PC, who now runs the Bing VC fund at Microsoft.

I can remember the reaction from a gathering of HP senior technologists when the Voodoo transaction and the kind of PCs that they made were revealed. Gasps of amazement is one way to describe the reaction. Partially from the fact that HP would buy such a company that manufactured such a small number of PCs, but more due to the excellence of the design and execution of the PCs that Voodoo created. It certainly was an exciting time.

Good things flowed from the acquisition, the first of which was original Blackbird gaming PC. Voodoo had an impact on PC design at HP, including the introduction of the Envy sub-brand to create laptops that were just a little different than the norm and not just a rip-off of whatever Apple was currently doing with the Mac. But like anything else, it takes energy and commitment to realize true success over a sustained period. In HP’s case, I think that most if not all of the original Voodoo team has left the company and probably took some of the Voodoo mojo with them. It’s interesting to find that the original Voodoo web site offering products such as the Envy 133 and HP Firebird is still online, even if it hasn’t been updated since 2009. Personnel turnover is a fact of life in very large corporations; the question is whether Voodoo made sufficient impact on the huge corporation that HP is today to have an enduring effect.

A recent article asked the question whether HP has lost its way with the Envy brand. The author pointed to the fact that HP now sells a range of Envy-branded printers (such as the HP Envy 114) and wonders whether this indicates a loss of the excellence in design that the Envy brand started out representing. Despite the fact that the printer market has become cut-throat as printers evolved into no more than vehicles for ink delivery and replenishment, there’s still much to admire in some designs and I think that a fair case can be made to attempt to stretch the Envy brand across printers if the models involved are of the same quality. As I haven’t used an Envy printer, I can’t comment.

HP Envy 17

I can, however, comment about recent HP Envy PCs because I actually went and bought an HP Envy 17 recently. I know that a lot of the action in the PC market revolves around ultra-notebooks but I need a device that can run several virtual machines. A large bright screen helps aging eyes too. After looking at many different PCs – and even considering a new MacBook Pro with its retina screen, the choice came down to an HP Elitebook 8730w or the Envy.

There’s much to like about the rugged dependability of the Elitebook range. My previous PC, an Elitebook 8530w, took four years of abuse, travel, and lack of care without missing a beat. However, when comparing the Elitebook against the Envy, I concluded that the Envy looks a lot nicer and it costs a lot less. Maybe I do need the military-grade rugged build of the Elitebook, but I don’t think so. I therefore bought the Envy 17.

Unless you purchase through a Configure-to-Order (CTO) build process, the PC that you buy might not be 100% appropriate for your needs. In my case, the Envy came with 2 x 750GB SATA 5400 rpm drives. Great for space, bad for speed. I therefore replaced them with 2 x 256GB SSDs to achieve what I think is a nice balance between cost and storage capacity. I also upgraded the PC to Windows 8 Pro on the basis that I like the fast start-up and hibernation feature and can cope with the horrors of the new graphical interface.

Not everything was plain sailing. Immediately after buying the PC and after going through the normal “let me fetch hundreds of Windows updates” and applying them all, the Envy refused to reboot. Any attempt to power on met with zero response. The Envy has a battery that is not particularly easy to get at or remove either, so I left it in place and put the PC back into its box (the Envy packaging is very nice, not quite Apple standard but better than other PCs that I have bought) and left it alone over a weekend. Apart from anything else, this gave me time to think about what the problem might be.

Monday came around after a pleasant weekend. The Envy must have enjoyed its weekend too as it booted first time. It hasn’t missed a beat since (no pun intended – the Beats Audio is excellent) and I have enjoyed using the Envy ever since. Since its SSD transplant, it is super-fast and responsive and I find it to be a very productive and good-looking device. About the only problem I’ve run into is the lack of a traditional VGA port – the Envy comes equipped with HDMI and mini-display ports, but that’s not much good when customer offices don’t have the necessary connectors. I could also complain about the super-sensitive touchpad, but I suspect that this is entirely down to user error (or rather, user impatience).

The article that I’ve cited says “HP is letting Envy succumb too cynicism and mediocrity. No one else seems willing and able to pick up the standard of quality that HP is casting aside.” Based on my experience with the Envy 17, I’m not so sure that the brand is descending towards mediocrity. It would have been good not to have had the reboot problem, but any PC can have problems until the hardware beds in and settles down and this seems to be the case here.

Comparing the Envy to my wife’s MacBook Air (to use a good benchmark for device excellence), I think that the keyboard and screen are as good. Given the relative size of the two devices, it’s hard to compare the construction. The MacBook Air is nicer to hold and the materials seem to be slightly better quality. Comparing the Envy to an Acer equipped with the same i7 CPU that we recently bought for my daughter is also difficult because the Envy cost so much more – and you can see the quality in the build. However, I don’t like the way that the Envy lid picks up fingerprints and other greasy marks so readily. Again, this might be user error – or rather, user fingers.

All in all, I’m happy with my Envy. Whether or not it contains any of the DNA that Voodoo brought to HP when PCs were becoming personal again six years ago is for others to say. And next time I’m looking for a printer, I guess I’ll check out the Envy printer range, just to see whether the brand stretches that far!

Follow Tony @12Knocksinna

Posted in Technology | Tagged , , , | 4 Comments