Thursday, November 11, 2010

Presentation Material from SMBNation

Did you manage to make it to SMBNation 2010?  Were you in the jammed packed rooms for “Aurora” or “SBS7”.  Now that we have full product names, pricing and estimated release dates, it’s time to start talking about these great products.


While the names in the decks are unchanged, I am now making the SMBNation decks available to you for both sessions:

Windows Small Business Server 2011 Essentials (known at SMBNation as “Aurora”), and

Windows Small Business Server 2011 Standard (known at SMBNation as “SBS7”).

Click on the above links to download the decks presented.

Monday, November 08, 2010

Announcing Windows Storage Server 2008 R2 Essentials

Now that Kinect has stopped stealing all of our thunder around announcements (although I have to admit I can’t wait for mine, it looks awesome!), we can continue rolling out announcements in the Small Business space. This morning, building on the Windows Small Business Server 2011 Announcement, we are announcing a new edition targeted at Small Business called Windows Storage Server 2008 R2 Essentials.

What is this Windows Storage Server 2008 R2 Essentials? It’s an answer to what the community have been begging for. Today we see a lot of partners put WHS v1 into small business for the PC Backup integration. WHS v1 only backs up 10 of those computers, and is a stand-alone machine you have to manage on it’s own. Breckenridge fills this gap for businesses allowing you to Domain Join Breckenridge to your SBS 2008/SBS 2011 Standard domains to allow backup for up to 25 computers, and additional storage for up to 25 users.

Home Console of BreckenridgeDomain Joinpicture 3

As you can see, it looks a lot like the Windows Home Server Codename “Vail” Edition and the Windows Small Business Server 2011 Essentials Edition. That’s because it is! It shares the same underlying architecture, which means all the same add-ins work on WSS 2008 R2 Essentials, as they do on the other products.

So what is the differences?

Home Server “Vail” WSS 2008 R2 Essentials SBS 2011 Essentials
10 user limit 25 users limit 25 users limit
10 computer limit 25 computer limit 25 computer limit
1 CPU Socket 1 CPU socket 2 CPU sockets
8GB RAM Maximum 8GB RAM Maximum 32GB RAM Maximum
No Domain Join Domain Join Domain Controller

Aside from the ability to Domain Join, and the user limit increase, there are some subtle differences you’ll notice throughout the product that have more of a business “tint”, like if you choose to use WSS 2008 R2 Essentials for Remote Web Access, you’ll notice the same defaults you see in SBS 2011 Essentials, instead of what you see in Home Server. There are also some changes to HomeGroup defaults as well. The last thing to note is while you can install WSS 2008 R2 into an SBS 2011 Essentials, or WHS Vail environment, the client connector from each of these products cannot be installed on the same PC.

So why should you consider WSS 2008 R2 Essentials for your small business or customer?

  • PC Backup for up to 25 PCs in your SBS 2008, 2011 Standard network. And yes, you can run multiple devices in the same network, and choose who has access via a domain group
  • Server backup – backup those PC Backups and other critical data on the WSS 2008 R2 Essentials server. (no, you can’t include the backup of this into your SBS backup)
  • Similar console management as our other products. But if you domain join, you don’t manage users from this console, and the password policy is inherited from the domain (even for local users left on the WSS 2008 R2 Essentials box)
  • If you are installing it into a standard server environment, enjoy the Remote Web Access functionality
  • Additionally, monitor the health of computers in your network
  • Media streaming in the business (training videos, etc)

Windows Storage Server 2008 R2 essentials should be released in the first half (H1) of next year (2011). While it can work as a stand alone NAS device, it’s primarily targeted at Small Businesses with an Active Directory in place and the need for PC Backup and media streaming functionality. When it’s released, it will be available through multiple OEM channels with multiple form factors.

To see the official announcement on the SBS Blog, navigate here.

To learn more about Windows Storage Server, and the new addition, navigate to their blog.

Specifically if you want to read more from the Storage Server Family on WSS 2008 R2 Essentials, they have published a post here.

Tuesday, November 02, 2010

Aurora and SBS7 have a new name! Announcing SBS 2011 Standard & Essentials

This morning over on the Official SBS blog, we announced the names of both Aurora, SBS7 and the Premium add-on.  Both products have been hammered on pretty hard in the current beta, having been downloaded more than 9000 times to both partner and consumer community testers.  So what are the final names?

Aurora shall be known as Windows Small Business Server 2011 Essentials.  This product is perfect as a first server for small businesses, giving them a cost-effective/easy-to-use solution to help protect, organize and access their data.  As you already know, this product will connect up to Office365.  SBS11 Essentials can be used by up to 25 users and requires no CALs for access to this server (CALs still apply if you add a TS-in-app-sharing server though!).  Pricing for SBS11E is still to come, but we expect to release this in the first half of 2011.  To learn more about Windows Small Business Server 2011 Essentials, download the datasheet.

SBS7 shall be known as Windows Small Business Server 2011 Standard. This is designed and priced for small businesses with up to 75 users, delivering that familiar SBS 2008 Standard, enterprise class server technology as an affordable all-in-one solution.  SBS7 helps protect information with server backups and more on-site features like email, SharePoint, and WSUS.  Licensing is consistent with SBS2008 where CALs are required.  Estimated costs are at the official SBS blog, but today state ~$1096 with CALs at $72 (all in USD).  Again, this will be released in the first half of 2011.  To learn more about Windows Small Business Server 2011 Standard, download the datasheet.

I also wanted to announce the Windows Small Business Server 2011 Premium Add-on. This add-on can be applied to both SBS11e or SBS11s and includes access to another copy of Windows Server 2008 R2 Standard and SQL Server 2008 R2 for the small business.  The secondary server can be used for many different purposes, including LOB applications, roll-based such as TS-in-app-sharing (with additional CALs), a BDC, virtualization through Hyper-V, etc.  Again, estimated costs for this sku are at the official SBS blog. but today state ~$1604 with CALs at approximately $92 (all in USD). 

To learn more about the Windows Small Business Server Family, download the family overview brochure.

To download previews of Windows SBS 2011 Standard and Essentials you can visit here.

To read the official SBS blog post, visit here.

Tuesday, October 26, 2010

SBS Diva talks about not being afraid of the cloud

Susan Bradley talks about how partners shouldn’t be afraid of the cloud, but yet embrace it. Video courtesy of VarVid.

Aaron Booker of Varvid had a nice sit-down with Susan Bradley, known as the SBS Diva, at Microsoft’s Worldwide Partner Conference 2010. Susan made a point to emphasize how important it is for VARs to upgrade their SBS Competency in order to stay attractive to customers and hopes that partners will not overreact to some of the comments on the cloud frenzy… Susan and Aaron talked about Aurora, SBS v7, and lots more.

For what it’s worth, Susan updates her blog from a laptop seemingly from the 1920s, an an extinct Cingular wireless card:


Tuesday, October 19, 2010

Simplify your Client Story with Windows MultiPoint Server 2011!


Back in February of 2010, Microsoft launched a new product, called Windows MultiPoint Server 2010, which is designed primarily for the education market to help schools increase computing access to more students for a lower total cost. Today the public beta of 2011 is available for you to try.

As an IT Consultant, why should you care?

If you look at the solution, MultiPoint can actually reduce the TCO (Total Cost of Ownership) of clients in a small business.  Much of the hard work of running products like Windows Small Business Server Codename “Aurora” and Windows Small Business Server Codename “SBS7” is dealing with client computers, keeping them patched and secure.  Typically in a small business each employee might have one sometimes two computers to manage.  With the release of MultiPoint Server 2011, you can reduce the number of clients in your infrastructure that need maintaining, while keeping (or if you choose, increasing) the number of virtual workstations via terminal services.  Using Terminal Services in App Sharing mode, and normal clients takes some of the risk away, but you still have to worry about patching those “thin” clients.  With MultiPoint server, you simply just patch the server and you’re done.  Simply join it to your “Aurora” or “SBS7” domain, and let your users log in to the MultiPoint server.

So what’s new with Windows MultiPoint Server 2011? We’ve been listening to customer and partner feedback and here are some of the new things you’ll find:

  1. Desktop thumbnails that make it easier for teachers to orchestrate activities across the classroom, see what students are working on, and interact with student sessions.
  2. Support for connecting thin clients over the LAN. This allows for virtually unlimited distances between stations.
  3. The ability to string multiple MultiPoint Server “pods” and manage them from a unified MultiPoint Manager console. Great for labs and libraries where there are a large number of stations in a single place.
  4. Split screen capabilities at each user station. Turn one screen into two separate stations for a new way of collaborative learning between students.
  5. An ISV extensibility model based on a common SDK with the next versions of Windows Small Business Server and Windows Home Server, which enables ISVs such as learning and classroom management providers to integrate with MultiPoint Server.
  6. Support for domain join to integrate Windows MultiPoint Server with your existing Active Directory infrastructure.

If your organization is struggling with providing enough computers for your users, decreasing technology budgets, limited technical support and outdated hardware and software, I encourage you to check out Windows MultiPoint Server 2010 today and to take a look at the enhancements we are thinking about for through the now available Windows MultiPoint Server 2011 beta.

You can read the official public blog post here, on the SBS blog.  Or if you’d rather jump right in, try out the Beta!

Friday, October 08, 2010

Windows Server Codename Aurora–Demo

Yours truly , sitting in my office at Redmond, talk about the differences between “Aurora” and “SBS7” as well as provide a 5 minute demo of Aurora. We’ll be going more in depth at SMBNation, as we have a whole 90 minutes just for Aurora!

To comment on the TechNet Edge video, point your browser here.

You can download the Aurora Tech Preview here.

Thursday, October 07, 2010

Customizing what is an e-mail alert on Aurora and Vail

[This post comes courtesy of Adrian Maziak, our System Health PM]

Windows Server “Aurora” is currently in Beta (You can download it from Connect, or read about the beta announcement). You’ve had it for a few months, and have probably run out of things to try on this beta. Well, I wanted to get you back involved with some customization goodies for the health and monitoring alerts that are built both into the Aurora and the Vail products that will carry into the final release.

In previous versions of Home Server, Monitoring could only be done without an add-in in the local console, or from the system tray icon on a local client. You needed something like @WHSTweet to get the alerts off the box (which by the way was a wicked application, I use it for my V1), or perhaps another add-in that I’m not aware of. Also, in previous versions of Small Business Server, there was an Exchange mail server locally to send the alert. But in Aurora there is no exchange server, that’s saved for SBS7.

With Aurora or Vail we provide the ability to insert a “SmartHost” email server that you can send mail through. This can be an email server that lives out on the Internet that you have access to, or the one at your ISP that you simply have access to simply by being part of their network.

Set up email notification for alerts

However, not all alerts will generate e-mail. The health team took a hard look at all the alerts and have made a call on which ones might be critical for the admin to know immediately, and which ones that can wait until the admin is on the network. But while we optimize this for certain scenarios, we may have missed yours. This is where customization comes in.

Each health alert is defined in a health definition file. These definition files are stored in C:\Program Files\Windows Server\Bin\FeatureDefinitions\Microsoft Base\definition.xml.config.

For example, if you were to scroll down in this file to the “AutoStartServicesVistaWin7Client” for the alert about auto started services on clients that aren’t running. This doesn’t alert by default via email, but if you wanted it to, you can add a line to the XML file <Escalate>true</Escalate>.

<HealthDefinitionConfiguration Name="AutoStartServicesVistaWin7Client">
<Argument Name="Description">don’t touch this stuff</Argument>

Likewise, if you are getting an alert via email that you really don’t care about, then simply open up the definition xml file and remove the <Escalate> line.

Important Tip: Make sure you back-up the definition.xml.config file before you change it. You never know when you’re going to need to revert back to the default version!

Some Known SmartHosts

SMTP Server SSL? Auth? Port Logon Information Yes Yes 587 Full LiveID username & Password Yes No 587 Must be in Comcast’s Network Yes Yes 587 Full GMail username & password No Yes 25 Email Name and password

*Subject to change without notice

SMTP Settings

Example using the Live Smart Host

Wednesday, October 06, 2010

I’m headed to SMB Nation, are you?

SMB Nation

So this year SMB Nation is in Las Vegas, NV, and I have the pleasure of flying down from my home office here in Victoria, BC to demo and show the Windows Server Codename “Aurora” product, and a co-worker of mine, Michael Leworthy will be doing the demo of Windows Server codename “SBS7”

Aurora will debut at 9:15am on Friday morning, grab a cup of coffee and head on over to my session where I will demo and present the Aurora product.  I’ll also be answering many of your questions about the Aurora product.  Later on the same day, at 3pm, Michael will be presenting the many features and answering your questions on SBS7.

Michael and I will also be passing through the Microsoft booth from time to time on both Friday and Saturday, so if you miss a session or have follow-up questions, you can find us there.

Hopefully I’ll see you at my Aurora session, if not at the booth.

Tuesday, October 05, 2010

Small Business Server 7–Interview with Björn Levidow

Björn Levidow, Group Program Manager for SBS, tells us about some of the new enhancements in the next version of Windows Small Business Server 2008 (SBS 2008), currently called "SBS 7" for short. You can download the SBS 7 Preview by going to this Connect site.

Full video & comments on Technet Edge.

Tuesday, September 21, 2010

Windows Small Business Server “7” Released to Public Beta

This morning Microsoft released the Windows Small Business Server “7” release to Beta.  This marks yet another major milestone for the Windows Server Solutions Team, now releasing both the Windows Home Server “Vail”, and Windows Small Business Server Hybrid Edition “Aurora” into beta.

SBS 7 marks a major release in the *next* set of all-on-premise solutions.  Updates include:

  • Base OS is updated to Windows Server 2008 R2
  • Exchange is updated to Exchange 2010 SP1
  • SharePoint is updated to Microsoft SharePoint Foundation 2010
  • Windows Software Update Services is updated
  • The new Remote Web Access (RWA) experience is newer (and matches Aurora!)
  • Bug fixes
  • etc

You can try out the new SBS “7” beta by pointing your favorite browser to the SBS Connect site, or jump straight to the downloads page.  Don’t forget if you need help, or find an issue to give us feedback, or talk about it in the Newsgroups.

More details can be found on the Official SBS blog.

Thursday, August 19, 2010

Our first Aurora add-in, which also works on Vail

Looks like our first Aurora add-in has shown its head!  the AWIECO RemoteLauncher.  If you want to try add-ins, then go ahead and try this one out.

The AWIECO RemoteLauncher add-in for Small Business Server "Aurora" and Windows Home Server "Vail" Beta Refresh is a free and useful add-in, which gives you more administrative possibilities to manage your SBS or WHS remotely. With this add-in you have access to predefined System Tools like


  • Windows Explorer
  • Command line
  • Event Viewer
  • Services
  • Control Panel
  • Computer Manager
  • Device Manager
  • Registry Editor
  • Task Manager
on your Small Business or Home Server directly over the Dashboard. If you need other tools and applications to run over the Dashboard, you can simply add them by a right mouse click. Through this add-in, you can start applications installed on your Server from your client.

Dana Epp – SBS MVP and Security Expert talks about Remote Access and security precautions to take

Dana Epp on Five by 5–Securing Remote Access

Dana covers important topics about what you can do to give your employees remote access, while at the same time ensuring the security to your network is maintained.  Learn more about Dana’s AuthAnvil program at Scorpion Software.

Monday, August 16, 2010

Try out Windows Server Codename “Aurora” and a new version of Windows Server Codename “Vail”

Today is a special day, because not one, but TWO products make it to public beta.  The Small Business Server mystery sku known as “Aurora” and the next public beta of the Home Server sku, known as “Vail”.  It’s official once it’s on the official blog!

Vail, you’re probably familiar with (if not just a little bit) as it’s been in public beta for a while, but this version has more stuff!  For example, you can now change users passwords, or set a password policy, or even change the password of the home server!  An a lot of the bugs and reports that you, our beta testers have submitted, are now fixed

Aurora is the new server, you’re probably not familiar with

Windows Server Code Name "Aurora"

Aurora is a light weight version that provides the essentials of what a business needs.  You know, data security, protection, backup, access.  All that good stuff.  You might notice that Vail and Aurora have similar consoles, that’s on purpose.  The base platform of the system is similar in nature, but Aurora uses the Active Directory to store it’s users so you can have that single sign-on and user management experience you’ve become familiar with in a business.  It also has shares, and PC backup, and the familiar remote access webpage, now coined “Remote Web Access”.

I’m planning on a series of posts over the next week to get you acquainted with “Aurora”, but for now, you should get started!

As always, Aurora is available over on the Microsoft Connect Website, and so is Vail.  Remember to test it out, beat it up, and file those bugs.  Now’s the time to make sure your business or customer’s business can be fully operational on Aurora, so let us know if it’s not, we want to hear from you!

More details about Vail public preview 2

More details about Aurora public preview

Monday, July 19, 2010

Discovering Windows Server Codename “Aurora”

HP has teamed up with Becky Och’s, one of our Senior Program managers on the team to talk about what’s in Windows Server Codename ”Aurora”, the new cloud integrated version of Small Business Server.  Becky recorded a short video with the HP Coffee Coaching team to get you up to speed.  As with all Coffee Coaching videos, this one is 4 minutes, which makes it a great video to get up to speed on “Aurora” while you’re wolfing down your morning coffee.

Jump into Coffee Coaching and get more great videos from HP and Microsoft on “Aurora” and other Small Business Products:

Thursday, July 15, 2010

Guy Haycock discusses the SMB Announcements at WPC 2010

Up on, Aaron managed to get our Product Planner, Guy Haycock, on camera talking about the announcements of “Aurora” and “SBS7”.

Source Video:

Windows Server Codename “Aurora” Video Walkthrough

Wow, over on WeGotServed, Terry found an awesome video that talks about Aurora from our very own Michael Leworthy, product planner for SBS. He talks about the differences between “SBS7” and “Aurora”, and why you might want Aurora over SBS7

Get Microsoft Silverlight

Source is We Got Served.

Monday, July 12, 2010

Announcing the next releases of Windows Small Business Server

Today we (as in our fearless leader Kevin Kean) pulled the lid off what our team has been working on for the past few years. Two new versions of Windows Small Business Server. That’s right. TWO new versions.

From a traditional standpoint, we’ve continued the single-server mantra with Windows Small Business Server “SBS7”. This version includes updates to all the major products in SBS, such as Windows Server 2008 R2, Exchange Server 2010 SP1, SharePoint 2010 Foundation, WSUS 3.0, and SQL 2008 R2 (with Premium edition). These new versions provide our customers with security and management. We also included a brand-spanking new version of Remote Web Workplace! This version of SBS will continue to support the familiar 75 users

The second version, code named Windows Small Business Server “Aurora” is the new edition of SBS. It’s cheaper than SBS7, and is even a lighter weight “first server” option for small businesses as is a hybrid server delivering both on premise services, as well integrates with the cloud. It also includes PC Backup, and server backup/restore capabilities. The same new version of Remote Web Workplace! This version of SBS will support up to 25 users.


“Aurora” also brings a key new functionality of add-ins to drive integration between new and existing on-line services with Aurora. Developers can find the SDK on Connect. We have been working with a lot of partners with SBS Aurora such as Symantec, Level Platforms and Disk Keeper are all making statements this week around plans to integrate products with SBS Aurora. HP is not only showing SBS Aurora in their booth at the Microsoft Worldwide Partner Conference, but has a sneak peek at And you’re sure to hear more as we get closer to releasing the preview.

You can sign-up to be notified when the Preview of these servers are available over on the SBS Connect website.

It’s nice to finally be able to talk about the products I’ve been working on for the last number of years!

[Official Blog Post on the Official SBS Blog]

[First discovered review of SBS7 and Aurora, by Paul Thurrott]

Friday, July 09, 2010

Windows Home Server “Vail” Remote Web Access Extensibility

The 3rd in a series of blog posts on Vail extensibility went live today, teaching the developer in you how to extend the Remote Web Access website.  The full article can be found on the Windows Home Server blog - “Vail” Remote Web Access and Its Extensibility

What is new in Remote Web Access site of Vail?

Let’s check out the latest look & feel of Remote Web Access site first (RWA site for short). Pretty, hah? Do you like it? :-)


When we designed this new RWA site, we had two visions to guide our engineering team. First, we want to provide an easy, reliable way for users to access their data and computers from anywhere, anytime, on any device. Second, we want to provide an extensible platform for OEM and ISV partners/developers to add tightly integrated remote web access value. The second vision maps exactly to the extensibility framework of RWA site.

Basically, every built-in feature you are looking at (i.e. Computers, Shared Folders, Media Library, etc) is built on top of the extensibility framework. All the APIs we used are public to you (our favorite developers) as well. We can build it, you can build it.

Besides the look & feel and extra functionalities, the extensibility framework is the key difference comparing the new and old Remote Web Access sites.

For reference, here are the previous posts:

Happy Development!

Thursday, July 01, 2010

How to Stay Safe on Public Wi-Fi Networks

Over on, one of my favorite sites, they talk a bit about how to stay safe on Public, or even those looming “open” networks that you might discover in an apartment building.  It’s important to consider these because network traffic, when not encrypted, bounces off other computers or is just visible to snooping computers and can leave you compromised.  In fact, this is one reason I refuse to use straight-up POP3 (without SSL), because back in University, my roommate showed me how he was just getting usernames and passwords to email addresses on Rogers ISP.  Kind of scary when you see that.

Browse on over to LifeHacker to get details, but I’ll copy the essentials here for easy reading.  Lifehacker also provides both Windows 7 and MAC UI and instructions.  I’ll copy the Windows ones here

Turn off File & Printer Sharing

Enable Your Firewall

Use SSL Where Possible

Consider using VPN

Turn it off when you’re done

Change to the Public Profile

Some other things I’d recommend above and beyond are:

  1. Make sure you have an Anti-Virus/Anti-Malware solution installed.  If you don’t have one, there is a few free ones, such as Microsoft Security Essentials, which is what I use.
  2. Make sure the password you use for your PC is a strong one.
  3. Don’t save standard SSIDs such as “DLink” or “Linksys” or “Netgear” into your saved networks to prevent accidental connections to bad networks.
  4. Opt into Microsoft Update to keep all your software up to date.  And ensure it’s all up to date.
  5. Ensure your Bluetooth network adapter isn’t discoverable (although this is more of a personal area network, instead of a WiFi network)

As it turns out, that little “unsecure lock” you see on those public Wi-Fi networks is there for a reason, to give you extra warnings to head, as mentioned above.

It’s a zoo out there, stay safe!

Saturday, June 05, 2010

Yours Truly at Worldwide Partner Conference 2009

Hey folks,  I just found this video that I did at Worldwide Partner Conference 2009.  Aaron Booker stopped by the booth with his VarVid camera and captured about 2 minutes of time with me.  I’ve been waiting to see this video, and I guess I just found it.  Pretty late. 

Sean Daniel–Senior Program Manager Windows SBS 2008

Monday, May 31, 2010

How Developers “Extended” the Vail Launchpad

Vail LaunchpadIf you’re a developer and you’re interested in writing something for Windows sHome Server, our Lead Developer Dileep has another tip for you on how to extend the Vail launch pad.  Dileep has had a previous post on the location of the SDK for Vail and how you can get involved.

Most recently, Dileep appeared back on the Home Server blog with how to extend the launchpad, and when you should extend the Launchpad.  You can read that blog post here.

If you haven’t been on the forums already, I did a forum post on why we created the Launchpad, with feedback from you, the customer.  Dileep extended on this, copied here for your reading convenience.

What is Launchpad?

Launchpad is a light weight and extensible client-based user interface that we built for Vail. It was born out of a couple of pain points that our customers experienced from Home Server v1. While Home Server v1 provided the ability for developers to add what we call ‘administrative’ or ‘server management’ tasks to the Admin console, it did not provide any means by which a day-to-day or non-administrative task could be presented to users in a coherent manner that resonates its association with Home Server. As a result we started seeing add-ins for day-to-day consumption of home server capabilities that were deployed to Admin Console, but did not belong there since they were not administrative tasks. We realized that there is a need for providing a coherent and consistent grouping as well as entry point for home server related tasks that everyone in the household can perform from their client PCs. This was the first pain point.

The second one, and perhaps the more significant one of the two, was the limitation around having matching usernames and passwords on the server and the PCs. If you recall, in Home Server v1 we require users to create user accounts on the server that had the same username and password as that of the client PCs so that they can seamlessly access the shared folders on the server as soon as they login to their PCs. This generated lot of confusion with consumers, as was evident from the feedback that we got. With Vail, Launchpad acts as the login UI for signing the user onto the server, thereby granting them access to the Server shares and other platform services exposed via the SDK. We no longer have the requirement to have the user accounts matching on server and client, instead users can use Launchpad to ‘sign-in’ to the server with any user account and password combination that was set up in Dashboard!

In short, Launchpad serves the following purposes:

  1. It is the entry point for the day-to-day tasks related to Windows Home Server from the client PCs.

  2. It eliminates the need for matching usernames and passwords setup between server and client, and eliminates the password sync dialogs.

  3. It Provides a logical and centralized location where all home server related tasks are exposed, resulting in much better awareness of home server and its capabilities.

  4. It allows everyone in the household to have visibility to developers' add-ins, than just home server administrators.

So, if you’re a developer, head on over to Dileep’s full post, and start coding up some cool apps that will make users love your add-in, and increase the value of Vail.  I know I’ll appreciate it when we ship!

Monday, May 17, 2010

Understanding SSL Certificates for client to server encryption

Back in January I made a post, which I called Part 1 of Understanding Certificates.  In this post I talked primarily about how the server is authenticated to the client by using a “root” certificate that the client already trusts, thus establishing a trust relationship with a website you are at without actually having been there before.  If you haven’t read it, it’s a good overview on how that works.

In this Part 2, I want to talk about the encryption between client and server.

Part 1 was all about authentication of the server, this part (2) is going to talk about the encryption portion.  Encryption is important on many networks to prevent prying eyes from seeing the data being sent.  The larger and/or more un-trusted the network, the greater the need for encryption.  The Internet of course being the largest of all public and un-trusted networks.

First the easy stuff, when you go to an SSL based website, you’re using the prefix of HTTPS in your browser.  Additionally, many mainstream browsers such as Internet Explorer or Firefox will show a “Lock” symbol to show that your connection is locked, and safe:

Internet Explorer

(Internet Explorer)

(Fire Fox)

Each browser will show it differently, but I think most of the mainstream one will use a little lock icon.  You might also see different colours (Red means bad, white or Green mean good).  While we’re on the subject of colours.  Some SSL certificate providers will provide you with extra security and extra validation, which will make the address bar go green.  In the captures above it’s important to note that Firefox and Internet Explorer use a completely different certificate store.  Internet Explorer uses the built-in Windows Certificate store, while Firefox manages its own.  There are pros and cons to each approach, but both are just as secure.

So how secure are you?

Well, in the details of the certificate, you can check out the encryption level of the certificate by looking at the public key:

Public Key


This certificate used here for passport is a 1024-bit encryption level.  This means that the keys used to encrypt or decrypt this traffic uses a 1,024 character key length.  That means that in order to decrypt this network traffic, you need 1,024 ASCII based characters in exactly the right order.  That’s a tall order to boot!!  Anything less than 1024 at the time of this printing is not considered industry standard encryption.  Hackers have horse-power to crack 512-bit certificates in just a few weeks, this isn’t new news, this has been done back in 2002!  It also states that even 1024 can be cracked, but it would take a lot longer, given the cracking method used is “Brute Force”. It would take a large number of years to crack this, and you’ll notice if you review your certificates, they are only used for 1 year, and then the key is changed with a new certificate, forcing your hacker to start over.

However, with the introduction of this, 2048-bit certificates are already shipping today.  The bigger the number, the harder it will be to decrypt. What’s the hold up?  Processor power.  Not necessarily in your PC, but on your phone, in your router, even on the server processor!!.  Using higher-level encryption, means that each packet sent over the internet needs to be encrypted on one side, and decrypted on the other.  Does your phone have the processor to deal with higher level of encryption? what about servers that process millions of requests per second, that would double the CPU load for decryption/encryption!  So don’t be surprised if you see 1024-bit for a while longer: it’s still considered industry standard.

You may notice that root or chaining certificates last longer.  This is because their public key is typically not out in the open for all to see, and potentially use to hack.  So it’s generally accepted for these higher certificates to have a longer lifespan.

But how does it work Technically?

Let’s dive into how it works.  When you buy a certificate from a 3rd party, they ask for a CSR (Certificate Signing Request).  The website generating the CSR generates two pieces of information:

  1. The Public Key
  2. The Private Key

The public key is encoded in this request, along with the final public public certificate.  The certificate provider validates that this is in fact the server it’s issuing a certificate for (the more expensive the certificate, the more validation is done).  The private key NEVER EVER leaves the website generating the certificate.  Think of a mailbox that the post office runs that sites outside the convenience store.  the public key is the slot in the top.  Anyone can get access to that to send stuff into the post office, but the key to open and get access to all this sent mail, only the post office has, and never leaves around anywhere.

Once the certificate request is signed, the public key is placed right on the website for all the world to see, and the private key is kept safe inside the certificate store, hidden from view and access only to administrators!

The private key is used to decrypt everything encrypted with the public key, and vice versa.  Additionally, a per-session key is established and everything is encrypted using that as well.  This prevents when the server sends something to the client encrypted with the private key, any listening clients from decrypting it with the very public “public key”. If you want to go deeper,  you can dive into the nitty-gritty details over on Wikipedia on Transport Layer Security.

What if something goes wrong?

If something goes wrong, or something changes, a certificate is revoked.  A client will check the CRL (Certificate Revoke List) embedded in the certificate to see if the current one is still valid.  If a website cert has been compromised, or a name changed, or anything changed, the certificate is revoked and another one issued.  Clients will know which one to use simply by checking the CRL distribution point.


Here we see that Verisign has their CRL hosted up online that anyone can go and see if this cert is revoked or not.  Clients will known not to trust or use a revoked certificate.

imageRemember, if you end up at a site that has a certificate that you don’t trust and your address bar in Internet Explorer is red (after you mistakenly continued onto the website), you’ll still get the encryption between the server and the client, BUT you won’t know for sure you’re talking to the right server.  So you should ALWAYS make sure you do not continue onto these types of servers.  Even if you *think* it’s going to the right place.  Imagine if it’s not, and you logged in with your username and password.  You just gave your username and password to some random site! 

Be careful out there, look for the lock icon (image), look for the https:// in the address-bar, and be  weary sending personal information anywhere!!

Friday, May 07, 2010

Calling All Developers–Windows Home Server “Vail” needs you!

Do moreA few weeks ago, we released the Home Server codename “Vail” public preview.  Along with that came a software development kit.  Like Windows Home Server version 1, the product is extensible, and we need add-in developers!!  We’ve put a great deal of effort into the improvement of the extensibility of the product. 

Over on the Home Server blog, Dileep, our Development Lead talks about how to jump in and get engaged.  Keep your eye on the official blog for updates as it is a planned series to help you get involved.  If you want to jump straight to the SDK, you can download the complete set of information here (You will have to sign in to Microsoft Connect site).  Any questions can be posted in the developer forum.

UPDATE: See what others are saying about the SDK.

Tuesday, April 27, 2010

Windows Home Server “Vail” Drive Extender V2–New Features

Mark Vayman, a lead program manager on the Home and Small Business Server team just tossed out all the new features in Windows Home Server Drive Extender, version 2.  The information and discussion can be found in the Microsoft Forums, and I urge you to surf on over there and jump into the conversation with questions and comments.

Drive Extender is a storage technology first introduced in Windows Home Server's first release. The 1st generation of the technology was file based, and worked on top of "vanilla" NTFS volumes using reparse points. To address the customer feedback we have received and improve the system's resiliency to partial drive failures (seen many times by our support), the Drive Extender technology was updated to use block based storage below the file system similar to software RAID systems.

The following isn't an exhaustive list, but does try to enumerate the major new features as well as features which are no longer supported in the “Vail” version of Drive Extender:

Features carried over from the previous release:

  • Duplication can be turned on/off per folder.
  • Duplicated folders can survive a single hard drive failure.
  • Storage pool can be easily expanded using different drive types and various sizes.
  • Graphical representation of storage usage (AKA the pie chart) - isn't present in the beta, but is planned for the next milestone.

New/Improved features:

  • For duplicated folders, data is duplicated in real time to two separate drives - there is no hourly migration pass.
  • File system level encryption (EFS) and compression are now supported for Drive Extender folders.
  • File conflicts are gone, duplication works as intended for files in use as it is performed at the block level now.
  • The remaining amount of data to synchronize/duplicate is reported per storage pool.
  • All storage operations are executed in the background without blocking other server operations. Specifically, drive removal can be issued without impacting the online state of shares.
  • Drives in a storage pool can be named with a custom description to enable physical identification of the drive in the server.
  • Drive serial number and exact connection type is reported for each drive.
  • Drives which are bigger than 2TB can be added  to a storage pool.
  • iSCSI storage devices can be added to the a storage pool.
  • The system drive can be excluded from the storage pool.
  • A new low-level storage check and repair diagnostic operation was added.
  • All storage operations are performed with very low I/O priority to ensure they don't interfere with media streaming.
  • A new "folder repair" operation is available which runs “chkdsk” on the folder's volume.
  • To protect against silent storage errors (bit flips, misdirected writes, torn writes), additional information is appended to each 512-byte sector stored on drive. In particular, each sector is protected by a CRC checksum, which enables Drive Extender to detect data read errors, perform real-time error correction and self-healing (up to 2 bit errors per sector if duplication is disabled, and any number of bit errors if duplication is enabled) and report the errors back to the user and application. The overhead for this additional data is roughly 12% of drive space.
  • Data drives in storage pools can be migrated between servers, and appear as a non-default pool.  A non-default pool can be promoted to a default pool if no default pool exists.

Deprecated features:

  • A data drive from a storage pool cannot be read on machine not running the “Vail” server software.
  • Data isn't rebalanced across drives to ensure even distribution. The data allocation attempts to keep drives evenly used. A periodic rebalance operation is considered for the next version.

Known inter-op/support issues with the Beta

  • As with other software RAID solutions, Drive Extender isn't supported with BitLocker.
  • Drive Extender cannot share the same drive with other software based RAID systems (such as Microsoft Dynamic Drives)
  • Running low-level software storage tools—for example, defragmentation, full drive encryption, or volume imaging—on server folders may cause issues. These tools have not been fully tested in this release. Please avoid running these tools on the server.
  • Internally, the “Vail” software has been tested with up to 16 hard drives and with up to 16 TB of total storage capacity. We’re aware of a number of bugs that occur beyond these limits, so please keep your beta installations under 16 drives and 16 TB total drive space.

Monday, April 26, 2010

Windows Home Server Codename “Vail” Public Beta Available Today!

Today is an exciting day for me.  As you know, one of the products I work on is Windows Home Server.  Today we’re excited to announce that the next version of Windows Home Server (codename “Vail”) is available for you to try.  This is a BETA release, and while it may seem like you want to switch to it as your actual home server, we want to remind you that it’s still not sanctioned for production usage, because it just hasn’t gone through the hours of testing needed for us to feel confident that it’s rock solid.  Plus we’re still adding features!


What we do want to do with the Beta release, is get the public pounding away on all of our features, but most importanly our PC Backup and our new version of Drive Extender! We invite everyone to check it out by downloading the software from the Microsoft Connect site. (English language builds are available now).  If you don’t have extra hardware, Vail installs flawlessly into Hyper-V based environments and one of our MVPS already has a blog post on how to install it into VMWare.

What’s new?

  • Extending media streaming outside the home or office
  • Multi-PC backup and restore
  • Simplified setup and user experience
  • Expanded development and customization tools for partners

A Short Demo of the new features is available on Youtube

Before we go too much further, however, we want to pass along a couple of very important hardware-related tips on installing the Vail Beta:

  1. In Vail, we’re moving to a new underlying server platform that will only run as a 64-bit OS. We do not recommend running Vail on a 32-bit PC or existing Windows Home Server systems (even 64-bit Home Server systems) because there may be compatibility issues with some OEM drivers.
  2. Since it is still in ‘beta,’ please install the Vail code on a secondary computer as opposed to existing Windows Home Server v1 OEM systems (not even 64-bit systems) If you do install the beta on an existing system, you may experience a number of problems, including the inability to run WHS v1 add-in applications (even those provided by OEMs). Installing on a secondary machine will help ensure the best possible user experience, and we would like your feedback on what this scenario is like.
  3. Installation of the Vail OS on a PC will also require users to wipe all data from that PC or device.
  4. The hardware requirements for Vail call for a 1.4 GHz x64 processor, 1 GB RAM, and at least one160 GB hard drive. Full details and additional requirements will be posted on the Microsoft Connect download site.

Also, if you are a developer, this beta includes a new software development kit (SDK) that gives developers and partners even more ways to customize the OS and add new functionality and services to Windows Home Servers. Download the SDK here.

Finally, before you start filing bugs, some features yet to come are:

  • Changing a users password
  • Changing your home server password

Please refer to the official home server blog for the official announcement.

We look forward to hearing your feedback.  Please open issues and discuss on the Connect Website.

Wednesday, April 21, 2010

McAfee Update Shuts Down XP Machines

McAfee corporate customers across the globe using Windows XP experienced massive shutdowns today as an update to McAfee's security suite deleted svchost.exe—a very common Windows process—causing machines to reboot continuously. McAfee has confirmed the problem and removed the faulty virus definition file from the update. Only McAfee's corporate users were affected.

If you or your workplace were affected, Twitter user scratchfury offers this (unverified) tip:

boot to safe mode, rename mcshield.exe, reboot, run Virus Console, pick Tools -> Rollback DAT, name back to mcshield, reboot

We don't have a machine to test it on, so follow his tip at your own risk, and only if you know what you're doing. If you've fixed it already, let's hear how you did it in the comments.

Courtesy of LifeHacker

The Next Wave of Productivity – Office 2010

Microsoft keynote speaker Stephen Elop talks about Office 2010 & SharePoint 2010

Wow, it’s hard to believe that Office 2010 is here already.  I’ve been running different forms of beta for just shy of a year!  In fact, I can’t even consider running Outlook 2007 anymore, as the new Outlook 2010 makes me sooo productive.  The new Outlook ribbon, the detailed calendar views, the ability to import my Facebook internet calendar directly into Outlook (2007 did it, but one-time only, 2010 will continuously do it, keeping me up to date). 

I’ve been using it exclusively for work, and the features are amazing, but I hear (and can’t wait to try) that it has some social connectivity for personal use.  Can’t wait to get it on my home PC!

Join Microsoft & Steven Elop at the virtual launch!

Click the graphic above, to add to your calendar, then watch Stephen Elop, President of the Microsoft Business Division, announce the launch of Office 2010 and SharePoint 2010 on May 12, 2010 at 11 a.m. EST. The live Microsoft keynote focuses on the next wave of productivity that delivers:

  • End user productivity across the PC, phone and browser
  • IT choice and flexibility
  • A platform for developers to build innovative solutions

Join the virtual launch event with Microsoft executives, product developers, partners and customers to:

  • Find out how peers and partners are already seeing benefits to their business by leveraging the next wave of productivity.
  • Submit your questions through live Q&A.
  • Participate via blogs, tweets, social media networks, commenting, and more.

View on-demand breakout sessions showing how Office 2010 and SharePoint 2010 meet the unique challenges people and businesses are faced with today, and provide the solutions they need for tomorrow.

Tuesday, April 13, 2010

Create SUPER complex passwords with touch typing skills

I found this awesome tip on LifeHacker, one of my favorite blogs… Shift your fingers one key for easy to remember, super complex passwords!


You're constantly told how easy it would be to hack your weak passwords, but complicated passwords just aren't something our brains get excited about memorizing.

His clever solution: Stick with your weak, dictionary password if you must; just move your fingers over a space on the keyboard.

If you want a secure password without having to remember anything complex, try shifting your fingers one set of keys to the right. It will make your password look like gibberish, will often add in punctuation marks, and is quick and simple.

When John Pozadzides showed us how he'd hack our weak passwords, he listed his top 10 choices for getting started hacking away at your weak passwords. Let's take a look at how a few of those popular passwords fare when finger shifting to the right:

  • password => [sddeptf
  • letmein => ;ry,rom
  • money => .pmru
  • love => ;pbr

Something longer but still really lame, like, say, "topsecretpassword", becomes "yp[drvtry[sddeptf". These may not be perfect compared to secure password generators, but they're likely orders of magnitude better than a lot of people's go-to passwords.

Monday, April 12, 2010

Windows Media Player 12 Streams Your Media Library over the Internet

Windows Media Player 12 Streams Your Media Library over the 

Here's a new one to us: Linking your Windows Live ID to Windows Media Player 12 in Windows 7 allows you to stream your entire music library to any computer. Even better: no need to install third-party software with this method.

There are many, many ways to stream your music collection over the internet—but there's something appealing about using the built-in software that Microsoft bundled with Windows 7. If you're already using Windows Media Player 12, you can listen to your home music collection from any Windows computer through the internet. What's more, it actually should work with all your media, not just your music.

In order to use this feature, you'll need a Windows Live ID then you've got to link your Windows Live ID to your media collection. In Windows Media Player, navigate to the Stream menu and choose "Allow Internet access to home media." You'll want to "Link an online ID." If you see "Add an online ID provider" in the next box, click it because you'll need to download some software depending what version of Windows 7 you're running.

Windows Media Player 12 Streams Your Media Library over the 

Enter your Windows Live email address and password to link your media collection. Go back to the Stream menu, and click "Allow Internet access to home media." In order to enable another Windows 7 PC access, you'll need to repeat these steps. After you're finished, your library will show up in the Other Libraries category of the left-side pane in Windows Media 7.

We don't know a lot of people who actually use Windows Media Player, but this awesome feature could convince some—and it's something that would be great to see in more tight-fisted media players. (Ahem, iTunes, we're looking at you.)

Post courtesy of Lifehacker

Friday, April 09, 2010

Best of Bing – Windows 7 Themes

Are you on Windows 7 and like the Bing homepage images? You can have the best of them as wallpapers for your desktop! The first Bing’s Best theme pack was so popular, the team decided to release a second Bing theme pack: Bing’s Best 2.

In case you missed out on number one, I’ve listed them both below:

image BingBest2

You can also download both of them from here. Enjoy!

Post courtesy of

Monday, March 08, 2010

Start your day with sip of coffee and byte of technology

Coffee Coaching  Microsoft-HPMicrosoft and HP have been bringing technology solutions to small business customers since before most people ever heard of a latte. Things change fast in our industry. Coffee Coaching’s Mission is to help you stay on top of current technologies. If you’re already in the habit of checking your Facebook page over coffee in the morning, now you can use it to stay on top of your business as well.

We’ve created a place where you can easily find video overviews of products and technologies, information on opportunities for prospecting, interact with Microsoft and HP product managers, and talk with your peers in the Coffee Coaching community.

Go to the source! Hear about Windows Small Business Server 2008 directly from the product group at Microsoft. Learn about HP’s Small business offerings directly from the engineers at HP. We have a collection of short videos on all of the Windows Server family of products and HP hardware solutions.

Click here to become a Fan of Microsoft and HP Coffee Coaching!

· Throughout the day on March 8th, as you explore the site, we will have Microsoft and HP experts available for online discussions.

Grab a cup of coffee and join us for a session of Coffee Coaching.

You Tube | Facebook | Twitter

Brought to you by:

HP | Microsoft

Monday, March 01, 2010

MVPs are Dressing my dog – that’s just weird.

Two weeks ago, Microsoft hosted the worlds MVP’s at our 2010 Summit.  SBS and Home Server MVPs are the best MVPs at Microsoft (I may be biased, but that’s what I think), followed of course only by EBS MVPs (who are mostly ex-SBS MVPs anyways!).  Ok, who am I kidding.  All MVPs are awesome, I just happen to have many of the SBS and Home Server ones as my buddies.

Microsoft does it’s best to make the MVPs welcome in the Seattle area, which includes dinners, parties, get-togethers, lunches, coffee breaks, etc.  All in the name of geek speak between MVPs and Microsoft! 

If you’re not familiar with what a Microsoft MVP is, they are community voted professionals that go above and beyond the normal to help out the general public with their issues with specific products.  Most MVPs dedicated a lot of time and energy to this cause, and as such we reward them. 

In this particular instance, the tables were turned.  The MVPs rewarded us!!  Taking advantage of the fact they were on campus they decided to dress up my mascot in appropriate attire.

Ask Chico about Windows Small Business Server!

Now, I’m not normally into dressing my dog, primarily because we are both men and we don’t do that.  In addition to that fact, if you put anything on Chico, he freezes.  But, for this blog, he’s willing to don the clothing and answer your questions.  Simply click in the search box and type your search.  I’m sure Chico will have a blog post for you.  If you don’t find it here, you can also check over at the official SBS blog.  If you don’t find it there, shoot me an email and I’ll see what I can do to write one up for you (no promises on timing though, Steve Balmer keeps us pretty busy over here.

Last and most importantly, I want to publicly thank all of the MVPs for their support and the wonderful gift they gave me.  I don’t have to email this to them, because being MVPs, they are so plugged in, they will find it.