Adventures in home working

I have decided to try again with MSN spaces rather than mix up my business and personal blogs.  If you want my personal blog,  which will be much more of a photo blog then have a look at:

http://spaces.msn.com/members/seasidelife/

All too often as an Infrastructure Architect I found myself subject to lobbying by security professionals and product vendors to provide ever stronger security counter measures into my solutions.  Inevitably these counter measures had a detrimental effect on end user experience so I was always keen to see evidence of the types and level of threat that could be fed into a risk assessment.  Unfortunately I rarely got to see this threat analysis and almost never saw it in a form that would allow me to do a meaningful risk analysis, so I was often in the uneasy position of following “policies”,  rather than doing analysis.  I was never happy that the policies had a good risk analysis to support them either.  So it’s nice once in a while to come across an article that includes some description of the threat.

To give you some idea as to why I worry about the automatic application of policy as a substitute for analysis, here are a few of my personal experiences:

• I have only ever had one virus in my 20 years of using computers, and I would not describe myself as risk averse in my usage. 
• That virus was the result of a network attack from a device on my companies network on a Virtual Machine that was in the process of down-loading its first set of security patches from Microsoft Windows Update
• I don’t get very much spam
• The spyware tools on my PCs have only ever found false positives
• I have always felt that the biggest security risk by orders of magnitude on a reasonably secure corporate network is people leaving a company to go and work for a competitor, combined by a USB mass storage device like an IPOD
• The next biggest security risk is a wireless access point hidden under a desk or similar, and rarely ever detected
• The biggest virus outbreaks I have seen have always bypassed all of the specialist defensive tools,  but all could have been stopped by a combination of software execution restrictions policies in XP,  the ability to rapidly deploy simple agents to every PC, the ability to immediately make all network drives read-only, the presence of a local firewall on all PCs and servers.  These are all general purpose tools to have in the kit bag.

Monad is the next generation of the Windows Shell,  I was expecting it to ship in Windows Vista but there seems some doubt about that now.  However it is expected to ship as part of Exchange 12.  The Exchange team have taken Monad the engine and more importantly the “concept of use” and implemented the entire Exchange 12 UI on top of Monad cmdlets,  this means that anything you can do from the UI you can do from the shell.  Imagine how powerful the Windows environment will be if every element of the Windows and application Admin UI’s becomes not just automatable but discoverable in this way.  You can find out more about Monad and Exchange here and my posts on Monad here.

Of course Monad goes way beyond the capabilities provided in a UI as these Exchange 12 examples show:

# Set the send quota for ALL mail enabled users in the DL called “RemoteUsers” to 1000 KB
Get-DistributionGroup “RemoteUsers” | Get-DistributionGroupMember | Set-Mailbox –ProhibitSendQuota 1000

# Mount all mailbox databases on server HONGKONG1
Get-MailboxDatabase –server HONGKONG1 | Mount-Database

# Only remove storage groups that contain the word “temp”, with confirmation support
Get-StorageGroup | where { $_.Name –imatch “temp” } | Remove-StorageGroup –confirm

# move ALL users from server PORTLAND to the TUCSON server, database “DB1”
Get-Mailbox –server PORTLAND | move-mailbox –targetDatabase “TUCSON\DB1”

Wondering why there have been no blog posts for the last two weeks?  Well in fact there have been lots,  on Office 12 and Office System but they are covered by a non disclosure agreement and so won’t appear until the PDC next month.  That’s one of the best features of blogware as a blog host,  it lets me post to a secure category and then make that category public at some point in the future and the posts will all appear (although I will probably re-post so I can tag the posts appropriately).  I have also been on holiday for a week.

Main themes:

• Reduce cost, including travel and communications expenses
• Time to market, how to get breakthrough ideas to market faster
• Distributed teams, how do I get a global organisation to act in concert
• Connect people, especially customers and suppliers
• Access to information and people

4 key capability areas, which are very interconnected:

• Integrated communications
• Collaborative workplaces
• People driven processes
• Access to information and people

RTC is nearly 1000 people grown from 30 several years ago, it is one of the largest investment areas for information worker.  In Microsoft telephone is hardly used now, its all IM and Email,  this must say something about geek personalities!

The vision:

1. Peoples roles and identity
2. Policy, presence, relationships, context
3. Calendar, data, conference, voice, video, IM, SMS, Email
4. iWorker application integration, spaces, consumer application integration, information agents
5. Across devices, across networks, across home and work, real-time and non-real-time, trustworthy, hosted, on premises and P2P

Products today:

• Office communicator, Presence, IM, Voice, Video, Web conferencing, Phone, Office applications
• Live communications server, presence, IM, federated
• Live meeting, hosted web conferencing

New products coming

• Live Server,  Office 12 time frame,  same functions as LCS + non hosted version of Live Meeting.  
  • 250 people in a data meeting
  • multi-party audio, video and data < 10.
  • multi-party video support in Office communicator, full screen video as well
  • Extranet access 
  • Support for group IM – synchronised from AD.  1000 people in a group, 100 people per message
  • Server of choice for round-table.
• Live meeting 8
  • Quicker time to join meeting
  • toolbars for most common tasks
  • eLearning enhancements, break-out room support
  • in meeting file transfer
  • full duplex VOIP and PSTN integration
  • web cam support
  • Active presenter video
  • share multi media content for example flash and windows media files
• Round table, multi-media comms platforms, includes HW, for conference rooms, 360 video, who’s talking, includes data conferencing.  currently in alpha, meeting recording
• Communicator web access,  same UI look and feel as Office communicator but available via the web – 2–4 months
• Communicator mobile, SIP based, Microsoft and RIM creating LCS clients, 6 months

Summary

• Office 12 and RTC one unified roll-out has a lot of advantages
• RTC lights up Office
• 12 products in the RTC family
• kids “email is the way they communicate with adults”  real-time is the future
• Great video that I should try and get hold of “RTC futures video”

TAP

• Must test in production
• 2000 users minimum on communicator
• PBX integration
• Live meeting 8
• Project manager
• Executive sponsor
• Server engineer, networks engineer, telcom engineer, 4–6 server
• Project budget
• Nominations open now
• kick off event is November 05
• Beta 2 Q2 CY06
• RTM H2 CY06

Mac Olsen is the Group Program Manager for Groove integration

Key points about Groove:

• Best for people who need to work with each other when they don’t share a common infrastructure
• Need to work off-line
• Need robust security

A few extra services have been created to make Groove more acceptable to corporate IT,  but it is still frowned upon in many enterprises because it is client centric, stores data locally and allows uncontrolled leakage of information outside of the firewall, (although email does this too).  The Audit server provides some additional control

Most of the functional gaps that differentiate WSS and SharePoint have been addressed by the Office 12 WSS and Outlook integration for off-line working.  The main area that still differentiates is that WSS/Outlook still depends on all parties having access to a WSS server infrastructure.  Although Outlook does not provide an integrated workspace view in the same way as Groove for the off-line content.

This is the positioning, that Microsoft used:

• Small groups of people
• Small amount of time
• Information published outside of groove at the end of the project
• Participants in different companies
• Participants need to work off-line
• Participants don’t share a common infrastructure, maybe don’t even have access to a common server, ie only have reliable peer to peer access, for example a team may only have access to an ad-hoc wireless network with no access to the Internet.

Groove 4:

• Core focus,  ad-hoc, secure, cross-enterprise collaboration for mobile workgroups
• packaged as part of one of the Office bundles
• continue to make available stand-alone for some customer scenarios
• improved usability on multiple customers
• increased server capacity, performance and scalability
• localised in 17 European languages and Japanese
• improved integration with WSS, focus on document libraries in groove 4, including integration with check-in/out functionality.  This is less integration than currently provided between v3.1 and WSS v2
• integration with InfoPath,  InfoPath will be able to create forms for Groove data collection, although the existing forms tool will still be supported
• Integration with LCS etc, so that other presence providers can be integrated into groove

Project Standard improvements are very uninspiring basically it is focussed on the following areas:

• Easy to get started
• Great looking reports
• Connected to your business,  eg integrate with accounting system

Enterprise Project Management seems more driven around issues with previous product:

• Resolve existing pain points
• Scale up to programmes, shared dependencies, resources etc
• Support all types of work, 30–50% of the work is project work, so how do we manage the rest of the work, so we get a complete view of the work in the organisation
• Connected to your teams,  better integration with WSS
• Connected to your business, integration with SAP etc and the different views of WBS and Cost collection

Project Standard, includes some minor usability improvements

• Multi-level undo, lets project managers try different ideas and easily
• Task drivers, let you see everything that is driving the state of a task, for example calendars, predecessors
• Recalc change highlighting, ie when you change a cell all other cells that were affected also change, and indicators flag major impacts
• Calendar view will be improved so it looks like Outlook calendar

and some simple reporting improvements:

• Gantt view improvements
• Excel and Visio reports provided as standard, can be customised
• These reports are for an executive review audience

and some simple financial reporting changes

• Budgets can be allocated for different activity types, for example HW, SW, labour
• Tasks can have their costs allocated according to these budget types

Enterprise Project Management

• EPM is about meeting the needs of different stake-holders.
  • Functional Managers
  • Team members
  • Project managers
  • Executives
• Project server interfaces:
  • Visual Studio
  • Outlook
  • Project
  • Project Web access
  • Project server – web interface
• Project now works better in on-line and off-line mode,  like Outlook cache model, ie Office Pro thinks it is always online, sync is asynchronous.  All traffic is encrypted and over http
• Project server can now run on the same servers as other Windows SharePoint servers,  allowing portals to be built that contain features from all of the server types
• A new reporting database is provided that allows thousands of projects to be reported against
• OLAP cubes are also improved, and risks and issues data from WSS is promoted into the cube as well

EPM areas

• Much better reporting over collections of projects,  eg show me all late tasks on all projects
• Much better roll-ups across sites that map to projects in a programme for example roll up risks, issues, changes etc
• Commitments have been added that are a high level abstraction above the level of tasks,  these commitments are a Windows SharePoint list.  All of the commitments in a programme can be rolled up.
• As projects get started, you can start to link tasks to commitments
• Commitments from one project can be associated with tasks in other projects.  You can be warned when a commitment you depend on changes.  Commitments upon which you depend do not automatically cause slips in other projects, but under the project managers control they can do
• Resources working on your project are not available 100% of the time on project work.  However you can list the activities that these people are working on even though these are not being managed in a project.  These activities are visible in EPM and can be included in reports etc,  but they don’t need project client and the UI is much simpler
• Resource plans can also be created that provide a high level way to reserve resources for different types of activity
• A new time sheet application has been created, that allows you to report time on particular activities that are important to financial systems,  this data can flow through to task reporting
• Tasks in project can flow into outlook either as tasks or as appointments
• Better support for the life-cycle,  for example resource management and allocation, project management, task management

Personally I think the most relevant work will be the support for real change, issue and risk management list templates in WSS (hopefully these will be extensible) and the ability to aggregate these and the ability to model the programme at a high level as a set of commitments which I like a lot! 

Four main areas:

• Inspect the document, to make sure comments, review, meta-data etc is not left in by accident
• Mark as final
• Signatures
• Digital rights management

Document inspector,  replaces the “remove hidden document” tool which is a free add-on and optionally removes the following:

• Comments and revisions
• Document information, document properties etc
• Headers and footers
• Hidden text

Finalise document:

• Sets the document to read-only mode
• Switches off all editing capabilities in the UI
• Switches off spell and grammar check
• The “final mode” can be switched off later,  if you or others want to edit it, it is not a security feature, it is a usability feature

Signatures:

• “In document signing”.  Inserts a Signature line, that specifies who needs to sign the document, the visual experience looks like a paper signature area.  The document can be crypto-graphically signed, and then the only change that can be made is that the signatories can sign the document.  The signatories have a visual representation of their signature as well as a cryptographic one.
• When people open the document,  the “business pane” shows the fact that the document has been finalised and is waiting for signature.
• Every element of the above is pluggable, ie can be replaced by third parties
• This is clever,  because it lets the author finalise and sign the document and then send it to other parties, the only changes these other signatories can make is to sign the document.
• It is now a reality to sign documents electronically
• This capability is provided in Word, Excel and PowerPoint (Infopath? – need to check)
• In older versions of Office the signing line still appears and can be printed but the document can not be signed in Office

Protecting documents:

• Builds on Office 2003 Information Rights Management
• SharePoint document libraries can now implement IRM policies – wow this is really powerful
• Because IRM gets applied during download,  the documents on SharePoint can be indexed and archived in un-encrypted form
• The IRM policy can time out, for example for documents that are only sensitive until a particular date
• The IRM policy for a document library can prevent a user from uploading a document type that can not be rights managed if desired
• Password protection is still available and the encryption is now strong,  in fact the same as IRM.  Use password protection for sharing documents securely between third parties where Internet facing IRM is not available, but remember once you know the password you can do anything you like with the document
• If IRM is available its best to turn passwords off
• Infopath now supports IRM.  The IRM policy applies to the Infopath form template
• Outlook now supports IRM protection of email threads, ie the reply gets the same IRM protection as the initial message
• No desktop search of IRM protected documents

This post is being written as it happens at the Office System conference

Workflow was essentially un-usable in WSS v2, for most real world business scenarios, so this session is key to positioning the role of Office System 12.

This is the process they are trying to support:

• Create
• Edit/review
• Ready to publish, sign off and approve
• Publish
• Archive

Key points

• Workflow is at the item  level,  it works for any list items, for example it could be used for a change request, a risk, a purchase order, a document review
• Items have a workflow view, which lists competed and active workflows for the item
• Infopath forms are used for workflow forms,  web rendered for the browser or native InfoPath for office 12 client
• Workflow actions are sent via email, and are also available from the Tasks view in the SharePoint web UI
• when you open a document that has a workflow associated to it,  it displays the “business bar” in Office client.  If you click Edit Task from the business bar in say Word then you can approve, reject etc, directly from Office.
• A status page is available for each active workflow
• Reports are available to provide workflow metrics,  for example reports to analyse duration, errors, conditional branches etc
• Workflows automatically appear on task lists,  for example a team could use a common task list for all activities including workflows that are associated with the team

Four roles

• The participants in the workflow
• The initiator of the workflow
• The observer, who is tracking status and performance
• The process owner who is designing workflows.  Sometimes a developer might be needed to translate the process owners requirement into SharePoint

Lists are all over workflow:

• List items that have workflows associated with them
• Lists of workflow tasks
• History lists that store information about previous workflows
• Custom lists that contain items generated by workflows, for example a calendar entry

Email is key:

• When workflow tasks are assigned or changed
• When workflows start or end
• If errors occur

Reports:

• Web reports
• Access reports that allow you to Join together multiple SharePoint lists to create more complex reports

Custom stuff:

• More complex workflows can be created using FrontPage and Visual Studio

Admin and management:

• Old tasks can be cleaned up
• Instrumentation data is captured
• Tracking active workflows
• Reporting of metrics for completed workflows