Our first Aurora add-in, which also works on Vail

Looks like our first Aurora add-in has shown its head!  the AWIECO RemoteLauncher.  If you want to try add-ins, then go ahead and try this one out.

The AWIECO RemoteLauncher add-in for Small Business Server "Aurora" and Windows Home Server "Vail" Beta Refresh is a free and useful add-in, which gives you more administrative possibilities to manage your SBS or WHS remotely. With this add-in you have access to predefined System Tools like

• Windows Explorer
• Command line
• Event Viewer
• Services
• Control Panel
• Computer Manager
• Device Manager
• Registry Editor
• Task Manager

on your Small Business or Home Server directly over the Dashboard. If you need other tools and applications to run over the Dashboard, you can simply add them by a right mouse click. Through this add-in, you can start applications installed on your Server from your client.

Read More

Dana Epp – SBS MVP and Security Expert talks about Remote Access and security precautions to take

Dana Epp on Five by 5–Securing Remote Access

Dana covers important topics about what you can do to give your employees remote access, while at the same time ensuring the security to your network is maintained.  Learn more about Dana’s AuthAnvil program at Scorpion Software.

Read More

Try out Windows Server Codename “Aurora” and a new version of Windows Server Codename “Vail”

Today is a special day, because not one, but TWO products make it to public beta.  The Small Business Server mystery sku known as “Aurora” and the next public beta of the Home Server sku, known as “Vail”.  It’s official once it’s on the official blog!

Vail, you’re probably familiar with (if not just a little bit) as it’s been in public beta for a while, but this version has more stuff!  For example, you can now change users passwords, or set a password policy, or even change the password of the home server!  An a lot of the bugs and reports that you, our beta testers have submitted, are now fixed

Aurora is the new server, you’re probably not familiar with

Aurora is a light weight version that provides the essentials of what a business needs.  You know, data security, protection, backup, access.  All that good stuff.  You might notice that Vail and Aurora have similar consoles, that’s on purpose.  The base platform of the system is similar in nature, but Aurora uses the Active Directory to store it’s users so you can have that single sign-on and user management experience you’ve become familiar with in a business.  It also has shares, and PC backup, and the familiar remote access webpage, now coined “Remote Web Access”.

I’m planning on a series of posts over the next week to get you acquainted with “Aurora”, but for now, you should get started!

As always, Aurora is available over on the Microsoft Connect Website, and so is Vail.  Remember to test it out, beat it up, and file those bugs.  Now’s the time to make sure your business or customer’s business can be fully operational on Aurora, so let us know if it’s not, we want to hear from you!

More details about Vail public preview 2

More details about Aurora public preview

Read More

Discovering Windows Server Codename “Aurora”

HP has teamed up with Becky Och’s, one of our Senior Program managers on the team to talk about what’s in Windows Server Codename ”Aurora”, the new cloud integrated version of Small Business Server.  Becky recorded a short video with the HP Coffee Coaching team to get you up to speed.  As with all Coffee Coaching videos, this one is 4 minutes, which makes it a great video to get up to speed on “Aurora” while you’re wolfing down your morning coffee.

Jump into Coffee Coaching and get more great videos from HP and Microsoft on “Aurora” and other Small Business Products: http://www.facebook.com/CoffeeCoaching

Read More

Guy Haycock discusses the SMB Announcements at WPC 2010

Up on VarVid.tv, Aaron managed to get our Product Planner, Guy Haycock, on camera talking about the announcements of “Aurora” and “SBS7”.

Source Video: http://varvid.tv/2010/microsofts-guy-haycock-discusses-the-smb-announcements-at-wpc-2010/#ooid=puNDRrMTrKPQKyx6UJhYGs_eUWh4s8sn

Read More

Windows Server Codename “Aurora” Video Walkthrough

Wow, over on WeGotServed, Terry found an awesome video that talks about Aurora from our very own Michael Leworthy, product planner for SBS. He talks about the differences between “SBS7” and “Aurora”, and why you might want Aurora over SBS7

Source is We Got Served.

Read More

Announcing the next releases of Windows Small Business Server

Today we (as in our fearless leader Kevin Kean) pulled the lid off what our team has been working on for the past few years. Two new versions of Windows Small Business Server. That’s right. TWO new versions.

From a traditional standpoint, we’ve continued the single-server mantra with Windows Small Business Server “SBS7”. This version includes updates to all the major products in SBS, such as Windows Server 2008 R2, Exchange Server 2010 SP1, SharePoint 2010 Foundation, WSUS 3.0, and SQL 2008 R2 (with Premium edition). These new versions provide our customers with security and management. We also included a brand-spanking new version of Remote Web Workplace! This version of SBS will continue to support the familiar 75 users

The second version, code named Windows Small Business Server “Aurora” is the new edition of SBS. It’s cheaper than SBS7, and is even a lighter weight “first server” option for small businesses as is a hybrid server delivering both on premise services, as well integrates with the cloud. It also includes PC Backup, and server backup/restore capabilities. The same new version of Remote Web Workplace! This version of SBS will support up to 25 users.

“Aurora” also brings a key new functionality of add-ins to drive integration between new and existing on-line services with Aurora. Developers can find the SDK on Connect. We have been working with a lot of partners with SBS Aurora such as Symantec, Level Platforms and Disk Keeper are all making statements this week around plans to integrate products with SBS Aurora. HP is not only showing SBS Aurora in their booth at the Microsoft Worldwide Partner Conference, but has a sneak peek at http://www.facebook.com/CoffeeCoaching. And you’re sure to hear more as we get closer to releasing the preview.

You can sign-up to be notified when the Preview of these servers are available over on the SBS Connect website.

It’s nice to finally be able to talk about the products I’ve been working on for the last number of years!

[Official Blog Post on the Official SBS Blog]

[First discovered review of SBS7 and Aurora, by Paul Thurrott]

Read More

Windows Home Server “Vail” Remote Web Access Extensibility

The 3rd in a series of blog posts on Vail extensibility went live today, teaching the developer in you how to extend the Remote Web Access website.  The full article can be found on the Windows Home Server blog - “Vail” Remote Web Access and Its Extensibility

What is new in Remote Web Access site of Vail?

Let’s check out the latest look & feel of Remote Web Access site first (RWA site for short). Pretty, hah? Do you like it? :-)

When we designed this new RWA site, we had two visions to guide our engineering team. First, we want to provide an easy, reliable way for users to access their data and computers from anywhere, anytime, on any device. Second, we want to provide an extensible platform for OEM and ISV partners/developers to add tightly integrated remote web access value. The second vision maps exactly to the extensibility framework of RWA site.

Basically, every built-in feature you are looking at (i.e. Computers, Shared Folders, Media Library, etc) is built on top of the extensibility framework. All the APIs we used are public to you (our favorite developers) as well. We can build it, you can build it.

Besides the look & feel and extra functionalities, the extensibility framework is the key difference comparing the new and old Remote Web Access sites.

For reference, here are the previous posts:

• Vail Launchpad Extensibility
• Links to the SDK

Happy Development!

Read More

How to Stay Safe on Public Wi-Fi Networks

Over on Lifehacker.com, one of my favorite sites, they talk a bit about how to stay safe on Public, or even those looming “open” networks that you might discover in an apartment building.  It’s important to consider these because network traffic, when not encrypted, bounces off other computers or is just visible to snooping computers and can leave you compromised.  In fact, this is one reason I refuse to use straight-up POP3 (without SSL), because back in University, my roommate showed me how he was just getting usernames and passwords to email addresses on Rogers ISP.  Kind of scary when you see that.

Browse on over to LifeHacker to get details, but I’ll copy the essentials here for easy reading.  Lifehacker also provides both Windows 7 and MAC UI and instructions.  I’ll copy the Windows ones here

Turn off File & Printer Sharing	Enable Your Firewall
Use SSL Where Possible	Consider using VPN
Turn it off when you’re done	Change to the Public Profile

Some other things I’d recommend above and beyond are:

1. Make sure you have an Anti-Virus/Anti-Malware solution installed.  If you don’t have one, there is a few free ones, such as Microsoft Security Essentials, which is what I use.
2. Make sure the password you use for your PC is a strong one.
3. Don’t save standard SSIDs such as “DLink” or “Linksys” or “Netgear” into your saved networks to prevent accidental connections to bad networks.
4. Opt into Microsoft Update to keep all your software up to date.  And ensure it’s all up to date.
5. Ensure your Bluetooth network adapter isn’t discoverable (although this is more of a personal area network, instead of a WiFi network)

As it turns out, that little “unsecure lock” you see on those public Wi-Fi networks is there for a reason, to give you extra warnings to head, as mentioned above.

It’s a zoo out there, stay safe!

Read More

Dean Paron at Worldwide Partner Conference

Another video from WPC 2009 that comes courtesy of VarVid is Dean Paron, the (now former) Principle Architect of Windows SBS 2008.  You can watch his video from WPC below.

Dean Paron–Principle Architect Windows Server Solutions Group

Read More

Yours Truly at Worldwide Partner Conference 2009

Hey folks,  I just found this video that I did at Worldwide Partner Conference 2009.  Aaron Booker stopped by the booth with his VarVid camera and captured about 2 minutes of time with me.  I’ve been waiting to see this video, and I guess I just found it.  Pretty late. 

Sean Daniel–Senior Program Manager Windows SBS 2008

Read More

How Developers “Extended” the Vail Launchpad

If you’re a developer and you’re interested in writing something for Windows sHome Server, our Lead Developer Dileep has another tip for you on how to extend the Vail launch pad.  Dileep has had a previous post on the location of the SDK for Vail and how you can get involved.

Most recently, Dileep appeared back on the Home Server blog with how to extend the launchpad, and when you should extend the Launchpad.  You can read that blog post here.

If you haven’t been on the forums already, I did a forum post on why we created the Launchpad, with feedback from you, the customer.  Dileep extended on this, copied here for your reading convenience.

What is Launchpad?

Launchpad is a light weight and extensible client-based user interface that we built for Vail. It was born out of a couple of pain points that our customers experienced from Home Server v1. While Home Server v1 provided the ability for developers to add what we call ‘administrative’ or ‘server management’ tasks to the Admin console, it did not provide any means by which a day-to-day or non-administrative task could be presented to users in a coherent manner that resonates its association with Home Server. As a result we started seeing add-ins for day-to-day consumption of home server capabilities that were deployed to Admin Console, but did not belong there since they were not administrative tasks. We realized that there is a need for providing a coherent and consistent grouping as well as entry point for home server related tasks that everyone in the household can perform from their client PCs. This was the first pain point.

The second one, and perhaps the more significant one of the two, was the limitation around having matching usernames and passwords on the server and the PCs. If you recall, in Home Server v1 we require users to create user accounts on the server that had the same username and password as that of the client PCs so that they can seamlessly access the shared folders on the server as soon as they login to their PCs. This generated lot of confusion with consumers, as was evident from the feedback that we got. With Vail, Launchpad acts as the login UI for signing the user onto the server, thereby granting them access to the Server shares and other platform services exposed via the SDK. We no longer have the requirement to have the user accounts matching on server and client, instead users can use Launchpad to ‘sign-in’ to the server with any user account and password combination that was set up in Dashboard!

In short, Launchpad serves the following purposes:

1. It is the entry point for the day-to-day tasks related to Windows Home Server from the client PCs.

2. It eliminates the need for matching usernames and passwords setup between server and client, and eliminates the password sync dialogs.

3. It Provides a logical and centralized location where all home server related tasks are exposed, resulting in much better awareness of home server and its capabilities.

4. It allows everyone in the household to have visibility to developers' add-ins, than just home server administrators.

So, if you’re a developer, head on over to Dileep’s full post, and start coding up some cool apps that will make users love your add-in, and increase the value of Vail.  I know I’ll appreciate it when we ship!

Read More

Understanding SSL Certificates for client to server encryption

Back in January I made a post, which I called Part 1 of Understanding Certificates.  In this post I talked primarily about how the server is authenticated to the client by using a “root” certificate that the client already trusts, thus establishing a trust relationship with a website you are at without actually having been there before.  If you haven’t read it, it’s a good overview on how that works.

In this Part 2, I want to talk about the encryption between client and server.

Part 1 was all about authentication of the server, this part (2) is going to talk about the encryption portion.  Encryption is important on many networks to prevent prying eyes from seeing the data being sent.  The larger and/or more un-trusted the network, the greater the need for encryption.  The Internet of course being the largest of all public and un-trusted networks.

First the easy stuff, when you go to an SSL based website, you’re using the prefix of HTTPS in your browser.  Additionally, many mainstream browsers such as Internet Explorer or Firefox will show a “Lock” symbol to show that your connection is locked, and safe:

(Internet Explorer)

(Fire Fox)

Each browser will show it differently, but I think most of the mainstream one will use a little lock icon.  You might also see different colours (Red means bad, white or Green mean good).  While we’re on the subject of colours.  Some SSL certificate providers will provide you with extra security and extra validation, which will make the address bar go green.  In the captures above it’s important to note that Firefox and Internet Explorer use a completely different certificate store.  Internet Explorer uses the built-in Windows Certificate store, while Firefox manages its own.  There are pros and cons to each approach, but both are just as secure.

So how secure are you?

Well, in the details of the certificate, you can check out the encryption level of the certificate by looking at the public key:

 

This certificate used here for passport is a 1024-bit encryption level.  This means that the keys used to encrypt or decrypt this traffic uses a 1,024 character key length.  That means that in order to decrypt this network traffic, you need 1,024 ASCII based characters in exactly the right order.  That’s a tall order to boot!!  Anything less than 1024 at the time of this printing is not considered industry standard encryption.  Hackers have horse-power to crack 512-bit certificates in just a few weeks, this isn’t new news, this has been done back in 2002!  It also states that even 1024 can be cracked, but it would take a lot longer, given the cracking method used is “Brute Force”. It would take a large number of years to crack this, and you’ll notice if you review your certificates, they are only used for 1 year, and then the key is changed with a new certificate, forcing your hacker to start over.

However, with the introduction of this, 2048-bit certificates are already shipping today.  The bigger the number, the harder it will be to decrypt. What’s the hold up?  Processor power.  Not necessarily in your PC, but on your phone, in your router, even on the server processor!!.  Using higher-level encryption, means that each packet sent over the internet needs to be encrypted on one side, and decrypted on the other.  Does your phone have the processor to deal with higher level of encryption? what about servers that process millions of requests per second, that would double the CPU load for decryption/encryption!  So don’t be surprised if you see 1024-bit for a while longer: it’s still considered industry standard.

You may notice that root or chaining certificates last longer.  This is because their public key is typically not out in the open for all to see, and potentially use to hack.  So it’s generally accepted for these higher certificates to have a longer lifespan.

But how does it work Technically?

Let’s dive into how it works.  When you buy a certificate from a 3rd party, they ask for a CSR (Certificate Signing Request).  The website generating the CSR generates two pieces of information:

1. The Public Key
2. The Private Key

The public key is encoded in this request, along with the final public public certificate.  The certificate provider validates that this is in fact the server it’s issuing a certificate for (the more expensive the certificate, the more validation is done).  The private key NEVER EVER leaves the website generating the certificate.  Think of a mailbox that the post office runs that sites outside the convenience store.  the public key is the slot in the top.  Anyone can get access to that to send stuff into the post office, but the key to open and get access to all this sent mail, only the post office has, and never leaves around anywhere.

Once the certificate request is signed, the public key is placed right on the website for all the world to see, and the private key is kept safe inside the certificate store, hidden from view and access only to administrators!

The private key is used to decrypt everything encrypted with the public key, and vice versa.  Additionally, a per-session key is established and everything is encrypted using that as well.  This prevents when the server sends something to the client encrypted with the private key, any listening clients from decrypting it with the very public “public key”. If you want to go deeper,  you can dive into the nitty-gritty details over on Wikipedia on Transport Layer Security.

What if something goes wrong?

If something goes wrong, or something changes, a certificate is revoked.  A client will check the CRL (Certificate Revoke List) embedded in the certificate to see if the current one is still valid.  If a website cert has been compromised, or a name changed, or anything changed, the certificate is revoked and another one issued.  Clients will know which one to use simply by checking the CRL distribution point.

Here we see that Verisign has their CRL hosted up online that anyone can go and see if this cert is revoked or not.  Clients will known not to trust or use a revoked certificate.

Remember, if you end up at a site that has a certificate that you don’t trust and your address bar in Internet Explorer is red (after you mistakenly continued onto the website), you’ll still get the encryption between the server and the client, BUT you won’t know for sure you’re talking to the right server.  So you should ALWAYS make sure you do not continue onto these types of servers.  Even if you *think* it’s going to the right place.  Imagine if it’s not, and you logged in with your username and password.  You just gave your username and password to some random site! 

Be careful out there, look for the lock icon (), look for the https:// in the address-bar, and be  weary sending personal information anywhere!!

Read More

Calling All Developers–Windows Home Server “Vail” needs you!

A few weeks ago, we released the Home Server codename “Vail” public preview.  Along with that came a software development kit.  Like Windows Home Server version 1, the product is extensible, and we need add-in developers!!  We’ve put a great deal of effort into the improvement of the extensibility of the product. 

Over on the Home Server blog, Dileep, our Development Lead talks about how to jump in and get engaged.  Keep your eye on the official blog for updates as it is a planned series to help you get involved.  If you want to jump straight to the SDK, you can download the complete set of information here (You will have to sign in to Microsoft Connect site).  Any questions can be posted in the developer forum.

UPDATE: See what others are saying about the SDK.

Read More