Welcome to Brendon Davis

My TechEd Notes

Autor brendon

Well auTechEd was a blast last week. So much information and so little implementation time!!

I tried to attend most Security/ Windows Phone 6.5/ Office Communications Server /other Fun sessions. The best by far was the Mobile Smackdown which beat Dugie’s and Lilia’s demo’s ONLY because of the free swag they threw at us.

I need to record my notes somewhere and my brain has an woeful retention policy… So here they are.

Be warned, these are my raw notes from the sessions. I will go through and clean these up over time. Don’t expect them to make any sense.

Windows 2008 R2 Presentation

Windows Virtualization Server download is free
Windows R2 supports VDI
File classification Extensibility points
Powershell
    Invoke expression – runs CMD applications
    Powershell integrated scripting environment
Can publish TS applications using RSS feeds

VDI and Terminal Services

Now called Remote Desktop Services (RD <name>)
User accounts in AD can have personal virtual desktops assigned
RemoteApp
    supports forms based authentication.
    Supports user based access enumeration
    FQDN must match host name for Remove VM’s
 
Are able to separate client TS sessions or TS applications to use IP addresses different to that of the host, useful for tracking clients from separate users.
TS now support Fair Share CPU scheduling. Uses WSRM to reactively reduce app priority. Kernel level process – Enabled by default, HKLM\Software\Policies\Microsoft\Windows\SessionManager\FGSS\EnableDFSS – 0 or 1 to control.
 
Able to use WSRM to share processing between devices unfairly.
RD Gateway now monitors for account validation. Disabled – Expired accounts are kicked off.

MED-V & WinXP Mode

MED-V
    Virtual Image repository and deployment store.
    Allows for creation of DVD, USB key, etc to install MED-V host.
    Centralised Management and Monitoring
    Time-bomb VM’s to die after several months
    Restrict access to a single application.
    Image repository can use site based storage (DFS?)
    Can set MED-V to auto logon at start.
    Can assign different amount of RAM depending on how much the host has spare.
    Can package an image before storing online.
        Can compare new package to existing storage and use local copy to save transferring all data again.
    Can redirect IE6 pages to local IE8 browser and vice versa.
    Not on Win7 yet.
 
WinXP Mode
    Can share USB data but can also assign specific ports.   

Securing Portable Devices
Can use SYSKEY to encrypt the local SAM.
Should encrypt data with EFS if bitlocker is not supported.
Never trust free wireless…

Dynamic Data Centre Toolkit

Able to provide a front end to Exchange, Sharepoint, System Center, HyperV, SQL Server,
Links with Visual Studio
Quick migration and live migration
http://microsoft.com/dynamicdatacentertoolkit
 
Private cloud, infrastructure as a service,
Smaller than Widows Azure but larger than Individual servers.
 
Platform as a service – Azure
Compatible with ITIL.
Is a silverlight skin over SystemCentre management.
Two separate microsoft.com/hosting/ second video under LEAN MORE.
<someone>@microsoft.com – Monthly live meetings.

Forfront TMG in Depth

ISA 2006 SP1 can do secondary authentication for Active-sync devices.
 
FFTMG (ISA) 2010
Christmas release. Licensed per-processor.
Standard vs. enterprise is sterling integration or not.
May be able to manage standard machines from ISA.
 
Is a subscription based licensing for AV filtering, anti-spam, etc.
Protect everywhere, access anywhere
 
Need to manage the per-proc license the same as other software, VM rules included.
Need separate license for Exchange edge role if active. Install is option under setup.
 
New features
    SIP filter – application firewall.
    ENAT is (enhanced NAT) specific internal IP addresses can be assigned to multiple external IP addresses.
    Separate ISP Links – redundancy or aggregation.
    Exchange Edge compatibility is integrated into ISA. Uses Exchange CD
    Supports SQL reporting services
   
 
Microsoft reputation service (URL, mail, IP address, file) is a object based
MailMarhsal and Brightmail is part of Microsoft!!!
 
generic application protocol analyser. (GAPA) now called network inspection service is able to monitor protocol communications and block known signatures, additionally to anti-virus.
 
The categorising is done using online reputation services. Each URL sent including site directories is mapped against the Microsoft service.
The downloaded classifications are cached on the ISA server with a TTL value.
The default option for uncategorised sites is set on ISA.
Can enable malware based inspection on each web access rules. EG, provide group membership to bypass the inspection.
Can enable caching on a per-rule basis.
Allows grouping of rules.
 
Console page to view when applied configurations are finished processing and active
 
The separate Web access and server publishing rules are also displayed in the firewall policy view.
 
Can either specify a block and redirection or add custom HTML code to a ISA WEB blocked error message.
Can configure HTTPS inspection on per-rule basis. Can therefore use categories “Financial” to bypass HTTPS inspection.
Can use the firewall client to notify users the content is being inspected.
 
ISA Supported in Virtualized environments. TechNet article.

Windows 7 at Home

Windows 7 deep dive – 19av
Microsoft channel 10 tool to boot USB.
Life Chat 6000 plug can run xbox controllers.
Hack7mc.com – for additional notes.
They can get internet TV to work.
MCE can do sync with devices,
AnyDVD can copy DVD Vob’s to file.

Mobile SMACKDOWN!!

Microsoft Tag Reader – http://gettag.mobi

PS. Yes, that is a SARA FORD FAN CLUB badge. Check out YouTube for the full story.