Month: July 2007

Anyone who knows me knows that I’m a big American Football fan and an avid follower of the San Francisco 49ers.  Part of why I started following the Niners was the way they played.  Not only were they trying to do the usual physical stuff but they outsmarted their opponents.  They were organised, prepared and educated.

This was all down to the efforts of one of the best coaching lineages in the game, founded by "The Genius" Bill Walsh.  In 3 years, he turned a hapless 2 win team into a Super Bowl champion that would win the big one 4 more times in the following 15 years.  Walsh is famous for finding hidden gems in players such as Joe Montana, Steve Young and Jerry Rice.  The so called West Coast Offense that he created revolutionised the sport.  He made huge strides in creating opportunities for black coaches.  But his book, Finding The Winning Edge, clearly shows that Walsh entered the Niners campus with a plan in mind for every little detail and minute of the day.  He did something that I preach, he saw the bigger picture.  Everything thing he did had a purpose.  Whether it was firing a player while on the practice field and having him escorted away without having a chance for a shower or planning a meeting, everything had a purpose even if it wasn’t immediately evident.  What’s more, Walsh was a teacher.  He taught his players, his co workers and his coaches.  This is something that seems to be lost in the IT business.

His genius transcended sports.  Many corporate types used his lessons for themselves.  I like to think that I learned a few lessons from his book.  I’ve tried to recruit based not on CV’s but based on intelligence and potential.  I’ve tried to teach and to share my knowledge with those people so that they could improve their careers – and make my day easier too 🙂

On Monday, Bill Walsh lost his battle with leukemia at the age of 75.  The hall of famer made a difference and will be missed by Niners fans everywhere.

A release candidate version of System Center Configuration Manager 2007 (SMS V4) has been made available on Microsoft’s TechNet website.

I really like this product.  I’m a huge fan of SMS 2003.  SCCM 2007 is an evolution that features a new underlying architecture (mutual authentication), more deployment options (Branch Distribution Point), integration of an improvement of old feature packs (desired configuration management, update deployment) and a whole new OS deployment feature (which I had to mention separately because of the alleged amount of work invested in it).  All this change, but the core functionality that you do on a day to day basis hasn’t changed.  Check it out!

I’m not going to spend much time talking about this new server product from Microsoft.  It’s a small, low end server that is intended for the home market.  It makes single data storage, backups, etc easier for homes with multiple computers.  MS has release some quick start guides which you can use to get going.

Bink has a report on the scheduled release date for "Windows 7".  7 is expected to be the next major release to succeed Windows Vista.  It’s expected to be released in 2010.  That would imply that we get a Vista R2 in 2008/2009 – to keep the SA customers form rioting.  7 is expected to be released on x86 and x64 architectures.  My gut feeling is that this isn’t for hardware compatibility … by 2010 the x86 architecture will be a hard thing to find on or under desks (unless it’s being used as a foot rest).  I’m thinking that software not being ported is probably the main driver for retaining x86 support.

Credit: Bink.

One of the features of Windows 2008 that you are going to hear a lot about is Network Access Protection.  NAP is a policy enforcement solution that allows you to isolate or disconnect computers that do not meet certain compliance requirements.  What do I mean?  You can force clients to check their firewall, patch status, etc and if they don’t meet certain criteria then they won’t have access to your network.

There’s loads of ways to use this … you can integrate it into DHCP, tie it in with IPsec AH and an enterprise PKI, RAS/VPN, etc.  You can totally prevent a client from connecting to your network or force a client onto a limited access network so that they can resolve their issues (download updates).  Some 70 odd partners are working with MS on this including AV developers and Cisco.  AV vendors will plug in so that their products will ensure that they will ensure that the product is up to date and running correctly.  NAP will integrate with Cisco NAC.  NAP will enforce policy and NAC will ensure that only authorized machines can connect to a network port.  And System Center Configuration Manager will also tie into it so that you can (a) ensure that updates are present before allowing a machine to connect to your network and (b) resolve any software update issues on non-compliance computers.

This is a pretty complex solution.  You can find an introduction to it on the MS site.  There is documentation on the architecture.   And there is documentation on policies.

There’s one thing to get clear.  NAP is not a security solution.  It cannot prevent an unauthorised machine from getting on your network.  You need Cisco NAC or similar for that.  However, NAP is a policy enforcement solution.  Only machines that comply with your policies will be allowed full access to your network.  This will drastically reduce the risk of infected machines from targeting your network.  Check it out and see what you think.

There is a set of guides available to help IT professionals get to know Windows 2008.  They can either be read online or downloaded.