Innovative Technology Weblog

Recently I noticed a change in remote support through Microsoft Windows. This is a feature I use a lot when helping family with their issues. Now I have an issue. I cannot get through anymore. Somehow remote support is blocked. I noticed a change. Before, the receiving party had to enter a session password. Now, a 12 digit security code is presented which the helping party needs to enter flawless. I have tried is at least three times with totally different machines and at differert times. Every time a connection was not established.

This time, I did not have endless time to troubleshoot. So I decided to make a quick escape through an internet service. I found TeamViewer 5 to be an easy to use replacable. For home use it’s free. It uses two simple codes to identify the session. For now, I stick with this. Because there is nothing more frustrating for a helpdesk like me than not seeing what happens on the other side, I guess…

In a world of Windows and VMware we sometimes forget there is a lot of automation going on in the building / facilities area too. And I am not just talking coffee machines with an ip address or a mesh up with Google Maps

For example Cisco has announced the “connected real estate” some while ago. Your IT infrastructure roadmap should contain at least one or two chapters on this topic.

If you cannot imagine what I mean with the automation of facilities, here are some examples:

• Tourniquets with card readers with presence integration (lights go out when you are the last person to leave the building)
• Narrowcasting screens with RSS tickers from a SharePoint team site
• Wireless access points with little connectivity, because of constant room refurbishment
• Joined service desk tooling IT and facilities
• Placement of power and network (instead we always stumble over cable on the floor)
• Payment terminals in your canteen
• Remote physical security services
• etcetera, etcetera…

So the demand of ip adresses is certainly growing strong. As is your knowledge of something else than Windows

– Paul Slijkhuis

Many sessions were dedicated to Cloud Computing topics last week at Tech Ed EMEA. Some highlights I wanted to post here.

First the Azure platform. Like Windows SharePoint Services (SharePoint Portal is build on top of it) Azure delivers a platform for applications that will become geographic independent. By this I mean that we will see many more applications that do not require a specific location to run. Geo independency is a major advantage with cloud computing. You can now create multiple instances of your application anywhere in the world! Or if you are more of a green fellow, wherever the coolest datacenter is.

Next federation. Microsoft is aiming to become a federation trusted party. It is like the TTP in certificate world. The federation platform v2 has codename Geneva. When this product evolve we will see websites where you automatically will become recognized. Just because your system admin and the web application developer were able to combine efforts. The result is stunning. As a consumer you get a personal experience, without noticing you have logged on through the federation trust *).

*) Technical note: a federation trust is one of the the basics of cloud computing. It is not a Active Directory trust. It is more like exchanging public certificates.

The very first application that will become available in the could (it actually already is) is EMAIL ! You didn’t see this coming, right? Then you are probably an Exchange administrator. Your work will shift towards provisioning. Cloud providers can deliver the exact same email experience at virtually no costs. Beat that. You cannot. Migration is easy and so is reversing the migration *).

*) Technical note: email is using a mature protocol. RPC over HTTPS is reliable, secure and open. It is geo independent. Your Outlook will not notice the difference. And your mailbox size will become 5 GB +.

Finally provisioning using ILM v2. The new policy engine is very powerful yet complex. My personal experience is that provisioning is not a technical challenge, We solve input issues with technical tricks, that’s for sure. So actually the problem is at the input processes. This maybe your register desks and user admins. Provisiong is a crucial activity.The true challenge is getting the technical and the business specialist to allign. Cloud computing will otherwise never be a successful hype.

Question: when do you plan to migrate to Microsoft Live Mail , Google Apps Mail of like?

- Paul

We from BUIT.org have arrived at the Barcelona event of 2008. We will bring you the latest info and innovative technology updates (almost) live from TechEd IT Professionals 2008.

- Paul

The internet is a tricky world for doing business with – nothing new here. I would like to make a statement for WASHing everything that passes your DMZ environment. WASH is also the abbreviation for Web Application Security in a Holistic way. You like this one? In Dutch: een wasstraat.

No, really. Security is very important in the DMZ. The DMZ is typically the area of interest for washing application functionality and washing data transfer. Most of us already do this for email and internet traffic. And of course the firewall is delivering our basic security needs. But there are still many holes!

First hole: SSL websites.
Very few proxy servers are able to ”wash” SSL secure websites. And HTTPS is moving up. I suspect it will not take long for bad websites to abuse this hole too. I came by a solution called Clearswift Cleartunnel that extends the common ISA server with a SSL proxy. Hopefully Microsoft will put this feature into there ForeFront ISA 2008 version by default.

Second hole: XML messages
Open standards are promoted. XML is the major spin-off. So we protect HTTP and a lot of web protocols too, but XML is allowed blindly. What are we doing?!?! XML meta information is very, very useful for hacking purposes. We should mask our internal resources more carefully. Read this hacking example. So watch out for Web services applications that exists in the DMZ zone. These are commonly the applications that talk the XML protocol. As a solution I propose to accept only appliations that are designed by the WS-Security protocol principles. Otherwise look out for a XML firewall solution. Examples are: ForumSystems Xwall (also available as an ISA add-on), Cisco ACE XML Gateway, Vordel and Layer7.

Third hole: encrypted email messages
Email is the equivalent for SPAM (90-95% true). No wonder that email encryption is increasing popularity. Again, scanning there email messages is not an out of the box activity. Ideally you already have a mail security gateway supporting the common standards PGP (OpenPGP too), S/MIME and webmail. Some secure email gateways even support PDF mail. If you wish to be as flexible as possible you should support all common encryption technologies, I think. Multi functional solutions to consider are Exedra IQ suite, PGP Universal Gateway or the Utimaco Safeguard Mailgateway.

Fourth hole: FTP
Ancient technology. That is what FTP is. The HTTP protocol is much better to scale, load balance and secure. So my advice is to move to HTTP as fast as you can. Windows SharePoint Services is free to use on a Windows Server. So why not use it? 

Want more answers? Do you know of more holes to explore? Please post a reaction.

- Paul