I'm sitting at Vancouver airport in the Air Canada business class lounge waiting for my flight back to Tokyo. I really lucked out on weather this week, dry and mostly sunny the whole time. It's raining at a solid, seady downpour at the moment but I really don't have to care about that since I'm inside.
Noon must be a popular departure time for Air Canada because the lounge is packed. I know this isn't all for my plane since buisness class isn't that big. Since I wasn't sure about the traffic and the boarder, I got here quite early. It gave me a chance to catch up on work related stuff.
It was a fun break and I had a chance to meet everyone. Not sure when my next trip is but hopefully not too long from now.
Friday, November 21, 2008
Sunday, November 16, 2008
PowerShell profiles
Powershell has one oddity that is both useful but somewhat wierd. when you first launch PowerShell, it looks for "profile scripts" and if they are found, they are launched automatically. That's useful, but the location and filename of this setup script is hard-coded and fixed. The script located at [All Users]\[All Users Documents]\WindowsPowerShell\Microsoft.PowerShell_Profile.PS1 and [Current User]\[My Documents]\WindowsPowerShell\Microsoft.PowerShell_Profile.PS1 are run. This allows you to pre-load and preconfigure a variety of stuff, which is nice. Why they are in a hard coded place under My Documents with such a long name, I don't know.
As a side note, PowerShell will only run digitally signed scripts so you might need change that setting to create scripts of your own. You should probably just make an internal CA for signing scripts, though.
Another interesting thing is the transcript function. The transcript will record to text file all of the contents of the shell window. Whatever you type and whatever is reported to the screen will be recorded. I think that is very useful, so I've come up with a profile script that will start the transcript automatically. Of course, that's a lot of text files, so I have the script clean that up for me, too.
Here is my script, colored and highlighted by PowerGUI (an open source PowerShell tool). I may have to experiment with the formatting to get it work correctly in the blog screen.
The $TimeStamp variable is a date time formatted YYYYMMDD at HHDDSS so that the transcript that gets created has a unique, useful name.
The $MaxAge is how long I want to keep the transcripts. Date comparisions in PowerShell work completely differently than VBScript so you have to create a new date-time object for comparisons. It took a lot of experiments to get that working the way I wanted it to.
I read the location of My Documents from registry. I picked the registry so that I can be sure to grab the path of a relocated My Documents folder. I haven't tested this with a network-relocated My Documents folder, yet. One thing about reading the registry from PowerShell, you grab the key (the folder), then you retrive each value as a property. So, you'll notice that I grab the "Shell Folders" as $MyDocsPath and then get the value for the entry "Personal" by requesting the $MyDocsPath.Personal value. That is definately different than VBScript.
The $LaunchPath variable is just where I happen to keep my scripts, you would need to change this or delete this to match your preferences.
The script than purges any *Transcript.txt files that are older than the max age variable, starts the transcript for the current session, and changes the current directory to what I put into the $LaunchPath variable.
Let me know what you think...
As a side note, PowerShell will only run digitally signed scripts so you might need change that setting to create scripts of your own. You should probably just make an internal CA for signing scripts, though.
Another interesting thing is the transcript function. The transcript will record to text file all of the contents of the shell window. Whatever you type and whatever is reported to the screen will be recorded. I think that is very useful, so I've come up with a profile script that will start the transcript automatically. Of course, that's a lot of text files, so I have the script clean that up for me, too.
Here is my script, colored and highlighted by PowerGUI (an open source PowerShell tool). I may have to experiment with the formatting to get it work correctly in the blog screen.
[string]$TimeStamp= get-date -uformat "%Y-%m-%d at %H%M%S"
$MaxAge = New-TimeSpan -days 7
$LaunchTime = Get-Date
$MyDocsPath = Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders"
$TranscriptFolder = $MyDocsPath.Personal + "\WindowsPowerShell"
[string]$TranscriptPath = $MyDocsPath.Personal + "\WindowsPowerShell\" + $TimeStamp + " Transcript.txt"
[string]$LaunchPath = $MyDocsPath.Personal + "\Script Experiments"
start-transcript $TranscriptPath
get-childitem -Path $TranscriptFolder -Filter *.txt | where { ($LaunchTime - $_.CreationTime ) -gt $MaxAge } | Remove-Item
cd $LaunchPath
The $TimeStamp variable is a date time formatted YYYYMMDD at HHDDSS so that the transcript that gets created has a unique, useful name.
The $MaxAge is how long I want to keep the transcripts. Date comparisions in PowerShell work completely differently than VBScript so you have to create a new date-time object for comparisons. It took a lot of experiments to get that working the way I wanted it to.
I read the location of My Documents from registry. I picked the registry so that I can be sure to grab the path of a relocated My Documents folder. I haven't tested this with a network-relocated My Documents folder, yet. One thing about reading the registry from PowerShell, you grab the key (the folder), then you retrive each value as a property. So, you'll notice that I grab the "Shell Folders" as $MyDocsPath and then get the value for the entry "Personal" by requesting the $MyDocsPath.Personal value. That is definately different than VBScript.
The $LaunchPath variable is just where I happen to keep my scripts, you would need to change this or delete this to match your preferences.
The script than purges any *Transcript.txt files that are older than the max age variable, starts the transcript for the current session, and changes the current directory to what I put into the $LaunchPath variable.
Let me know what you think...
Back in Seattle...
...well, Anacortes at least.
Flew in from Las Vegas to Vancouver BC and then rented a car to drive down to Washington. Amazingly, there was only one car in front of me in line at the border. For all intents and purposes, I only waited one minute (maybe two) for a border crossing on a Friday. That's never happened before.
Flew in from Las Vegas to Vancouver BC and then rented a car to drive down to Washington. Amazingly, there was only one car in front of me in line at the border. For all intents and purposes, I only waited one minute (maybe two) for a border crossing on a Friday. That's never happened before.
Saturday, November 15, 2008
Airport wireless
I'm sitting in Las Vegas airport and they offer free wireless throughout the terminal. The Vancouver BC airport offers free wireless, too, and it got me thinking - why do so many airports only have as a paid service? With DSL costs and equipment costs dropping all of the time, I have a hard time understanding why an airport can't provide it. If you were to take one of the satelite terminals at Sea-Tac as an example, I think you could cover that with two Cisco 1200 series access points with high gain antennas. Add a NetScreen or WatchGuard firewall and a DSL line, you could support 200+ users. Upfront costs would be about $3,000 (probably less), monthly costs for the connection would run less than a $100 per month, and warrantee support would cost less than $300 per year.
Isn't that a small investment for traveler convenience?
Isn't that a small investment for traveler convenience?
Friday, November 14, 2008
ILM from Microsft
I attended a session on Identity Lifecycle Management(ILM) for SharePoint and we walked through the process of configuring ILM and it is a pretty complicated system. Unfortunately, this is a mission critical service for my current company that controls everything about Active Directory. I wonder if I should be trying to learn that system or if I should stick with Exchange and SharePoint...
Thursday, November 13, 2008
Cirque du Soliel show
Last night, I went to the Cirque du Soliel show at the MGM Grand called KA. It was really a good show but I was surprised at how short it was, however. I have been to several traveling shows and they were all two act, two-hour plus shows whereas KA was only 90 minutes long. It was still a $90 ticket, though.
Still, the show was worth the ticket price.
Still, the show was worth the ticket price.
Presentation on how Microsoft deployed Exchange 2007
Harold Wong presented a seminar on how Microsoft deployed Exchange 2007 internally and it was an interesting presentation. They have 150,000 users worldwide so the scale is quite large but they took the time to do some price/performance/benefit experiments that produced some surprising conclusions. The ones that seemed unusual to me are:
- Exchange 2007 mailbox servers are typically 2 CPU / dual core servers, 24 gigs of RAM, and large Direct Attached SCSI arrays with 2.5 inch SFF, 10,000 RPM, 146 gigabyte disks.
- They are not Window clustered servers. Each server is part of an Exchange 2007 CCR cluster but the server itself is not a “classic” cluster.
- There is no SAN and no shared storage.
- With 10 terabytes of raw disk space, they have one server support between 4,000 and 6,500 users with 1gig and 2 gig mailbox limits
- Site to site replication via an SCR cluster is only partially implemented.
- They have chosen not to split CCRs across a WAN because of the way CAS servers and hub servers load balance. Both parts of the CCR need sit on the same subnet and AD site and their associated hub servers need to do the same. Since the CAS servers load balance automatically, roughly half of your clients will always be crossing the WAN to get from the CAS server to the mailbox server.
- Tests with 5400 RPM SATA arrays showed that Exchange could easily run on very slow hardware. They felt that they still kept the 10,000 rpm SCSI because of they could support a higher number of users at their preferred minimum response time for lower cost per user with the SCSI compared to the SATA. However, for environments with less than a thousand mailboxes, SATA would be perfectly acceptable for most organizations. These tests were run several years ago so newer SATA drives are probably even better values now.
I also attended a session on deploying large mailboxes in an economical way. This presentation referenced a lot of statistics produced by Microsoft and Dell about costs and impacts. Based on that data, the cost per user for 2 gigabyte mailboxes was only 25% higher than the cost per mailbox at 250 megabytes. The Microsoft design team is currently testing with 10 gigabyte mailbox limits to see what the impacts are to operations. They brought up some interesting points about large mailboxes that I hadn’t thought of:
- If you give them a large mailbox, there is no archive, everything is live. If everything is “live”, then everything is reachable from every access medium (OWA, Outlook, OMA, etc.)
- Server side data is backed up, local data is not
- Server side data is discoverable in a lawsuit, local data is not
- Server side data is access protected, local data is not.
I think I will propose a 10 gigabyte structure for my current company just to see what the cost impacts really are.
First impression of conference
The Devconnections conference seems to be really well organized. It is also quite a bit larger than I thought it would be. I took one of the preconference sessions for PowerShell scripting. It was actually a two full-day classes with a lot of hands on labs. I use VBScript for a lot of administrative tasks but all of my experience is self taught – I really didn’t want to redo all of that plain for PowerShell. The instructor was Don Jones, a Microsoft MVP and author of several books, and he was a really good teacher.
The class used a Windows 2008 Active Directory domain controller in a virtual machine for the PowerShell lessons. One oddity with the current version of PowerShell is that there are no commandlets from Microsoft for manipulating Active Directory. However, Quest Software has developed a set that they distribute for free that are pretty good. They were also smart enough to use names at are unlikely to conflict with the versions that Microsoft are bound to release eventually.
One of the best things that I learned about PowerShell is that you can call any existing command line command, program, or other executable from inside PowerShell. You can use PowerShell to grab a whole bunch of information, shove that into PowerShell variables, and then pass those variables as arguments to other programs. That should make it a lot more flexible then I originally thought.
PowerShell is almost too flexible, however. Since you can do almost anything, you have a hard time getting it to do what you actually want it to do.
The class used a Windows 2008 Active Directory domain controller in a virtual machine for the PowerShell lessons. One oddity with the current version of PowerShell is that there are no commandlets from Microsoft for manipulating Active Directory. However, Quest Software has developed a set that they distribute for free that are pretty good. They were also smart enough to use names at are unlikely to conflict with the versions that Microsoft are bound to release eventually.
One of the best things that I learned about PowerShell is that you can call any existing command line command, program, or other executable from inside PowerShell. You can use PowerShell to grab a whole bunch of information, shove that into PowerShell variables, and then pass those variables as arguments to other programs. That should make it a lot more flexible then I originally thought.
PowerShell is almost too flexible, however. Since you can do almost anything, you have a hard time getting it to do what you actually want it to do.
Wednesday, November 05, 2008
Heading to Las Vegas
I will be heading out to Las Vegas for the www.Devconnections.com seminars on Friday, November 7th, at about 5pm (Tokyo time). The conference lasts for a full week since I added a two-day course in Power Shell scripting. Since Microsoft intends that to replace VBScript for day to day administration work, I figured I had better learn more about it. I learned about VBScript through simple experimentation - that was painful, so I wanted to get some class time for the replacement. If I learn anything good, I'll try to post it here or my www.SBWorks.com site.
I will be in Seattle from November 14th through the 20th and I hope to have lunch or dinner with as many people as possible. Let me know if want to meet.
I will be in Seattle from November 14th through the 20th and I hope to have lunch or dinner with as many people as possible. Let me know if want to meet.
Tuesday, October 28, 2008
SharePoint training next week
My company HQ recently contracted with Microsoft to run a three day training course for a bunch of people on SharePoint. We're actually flying people in from India, China, and Korea for this. I haven't seen the full training syllabus, yet, so I hope this is worth it. They recently ran it in the US, though, and I heard from a few people that is was pretty good. If I learn any new tricks, I'll add them to my site.
Speaking of techno tricks, I've redesigned my www.sbworks.com site to list my posts in rough categories. It's a bit sparse right now but I'm going to try and add more things there, including script samples. Keep an eye on in the future as I'll try to add more.
Speaking of techno tricks, I've redesigned my www.sbworks.com site to list my posts in rough categories. It's a bit sparse right now but I'm going to try and add more things there, including script samples. Keep an eye on in the future as I'll try to add more.
Monday, October 27, 2008
Halloween
Halloween is slowly, slowly trickling into Japan. It looks like some of the schools and stores in Makuhari decided to have a tick or treat time over the weekend. At the office, we're doing a "geeks night out" at a restaurant in Odaiba.
Found a couple of interesting blogs
I'm sure everyone has thier own favorites but I think I found a couple of good IT related blogs that I've been reading. They seem to post pretty slow (almost as slow as me):
Bruce F. Webster - Seems to be a real long-term IT programmer and project manager and his posts seem to be pretty good for big picture management stuff. His posts on Baseline are pretty decent, even if you have wade through a bunch of ads to see the content.
Ken Sharpe - Another big-picture writer, mainly about the politics of IT management but still a good read.
Bruce F. Webster - Seems to be a real long-term IT programmer and project manager and his posts seem to be pretty good for big picture management stuff. His posts on Baseline are pretty decent, even if you have wade through a bunch of ads to see the content.
Ken Sharpe - Another big-picture writer, mainly about the politics of IT management but still a good read.
Tuesday, October 21, 2008
Finally found a useful SharePoint book
I've been buying a lot of books lately looking for good, solid advice on how to manage SharePoint and I've found a lot of fluff. There are a lot of books that talk about install and configure details, a good dozen books that talk about possible big-picture scenarios, but I hadn't found a single book giving advice about to really use SharePoint in a company. A book of what works and what doesn't not what you "could" do or "might" do.
I found one that is relatively small, well written, and packed with useful information: Real World SharePoint 2007: Indispensable Experiences From 16 MOSS and WSS MVPs (Programmer to Programmer) (Paperback). ISBN-10: 0470168358, ISBN-13: 978-0470168356.
The title says "programmer to programmer" but could really be labeled "techie to techie" because it does a good job of distilling information about the decisions you need to make and presenting them in a clear fashion. The chapter on branding a SharePoint site is a perfect example of this. It walks through the four or five options and tells you how much effort it takes for each option and what situations make sense to use each option. As a consultant or project manager, this will give you the information you need to really start planning and testing.
I found one that is relatively small, well written, and packed with useful information: Real World SharePoint 2007: Indispensable Experiences From 16 MOSS and WSS MVPs (Programmer to Programmer) (Paperback). ISBN-10: 0470168358, ISBN-13: 978-0470168356.
The title says "programmer to programmer" but could really be labeled "techie to techie" because it does a good job of distilling information about the decisions you need to make and presenting them in a clear fashion. The chapter on branding a SharePoint site is a perfect example of this. It walks through the four or five options and tells you how much effort it takes for each option and what situations make sense to use each option. As a consultant or project manager, this will give you the information you need to really start planning and testing.
Wednesday, October 15, 2008
SharePoint - the Second Commandment
II. Thou shalt learn the Publishing Feature
The Publishing Feature in Microsoft Office SharePoint Server 2007 is the best part of the whole damn package. Publishing is a the system that allows you create web pages on the fly instead of using SharePoint as a web based file system. If you combine it with Dynamic Content Web Parts, you can create site that shows links, a nice roll up icon, with a nice look and feel.
If you deploy a site collection with the Enterprise Publishing Portal template, you get all kinds of useful workflows, document libraries, and tools that really quite useful. You can still use document libraries and things to your hearts content but if you turn on publishing first, you will make your life a lot easier.
The Publishing Feature in Microsoft Office SharePoint Server 2007 is the best part of the whole damn package. Publishing is a the system that allows you create web pages on the fly instead of using SharePoint as a web based file system. If you combine it with Dynamic Content Web Parts, you can create site that shows links, a nice roll up icon, with a nice look and feel.
If you deploy a site collection with the Enterprise Publishing Portal template, you get all kinds of useful workflows, document libraries, and tools that really quite useful. You can still use document libraries and things to your hearts content but if you turn on publishing first, you will make your life a lot easier.
Oops - 2+ weeks
So much for trying to keeping things up to date. I could claim that I was busy (which I was) but I should have taken the time anyway. I've finalized my trip to Las Vegas for the Devconnections training seminar. I will be leaving Japan on November 7th, I will be in Las Vegas through the morning of November 14th, and then be in Seattle from November 14th through the 20th. My connecting flight is Narita - Vancouver BC - Las Vegas so I am just adding a layover in BC and driving down to Seattle.
As a side note, I finally got around to recreating my SBWorks website. I'll try to build that up some more, too.
As a side note, I finally got around to recreating my SBWorks website. I'll try to build that up some more, too.
Saturday, September 27, 2008
SharePoint - the First Commandment
I - Thou shalt use SSL for all SharePoint sites
Like a I said a couple of posts ago, I've been spending a lot of time with SharePoint lately. One of the things that I have decided is important is that all SharePoint sites should start out at the very beginning with SSL encryption. SharePoint suffers from a couple of irritations and one of the big ones is that sites don't want to be renamed much. There are too many things that default to hard coded links so you need to pick the right URL to use from the start. And, since you are logging on with your network credentials, why pass them in plain text? At least make a malicious user work for it.
So, what is the best way to set this up? When you run the MOSS 2007 installer, you are really just installing the basic SharePoint infrastructure and you are not installing a specific site. Once you install the software, it sets up the Central Administration website (and no other site) and from there you configure things like e-mail settings, search settings, and so on. After all of that is done, you then create a Web Application that will actually host the site. The terminology in v3.0 and MOSS 2007 is different than previous versions but a web application was referred to as virtual server in previos versions. You create a new web application and the options are there to use SSL for and port 443.
You can create this web application before you install a certificate. Once IIS is restarted, you can go to the IIS console, select the new SharePoint website, and walk through the SSL certification steps to get the certificate installed.
There will be no site to see on the Web Application until after you create a Site Collection on the new web application. You can't test your site, certificate, or anything like that until after you create the site collection.
For once, the MOSS 2007 / SharePoint installer does not overwrite the Default Website so after you create a new web application, it will sit next to the Default Website instead of overwriting it. This will be really, really useful. From the IIS console, open the default website. Go to the Home Directory tab. Change the radio button to redirect traffic and enter in the full URL of the SSL site you created. If you do that, IIS will redirect all traffic from the default, port 80, non SSL site to the new SSL site you created so that when people forget to put in HTTPS, they still go to the right place.
which are the one thing that an attacker really wants, you should make them work for it.
Like a I said a couple of posts ago, I've been spending a lot of time with SharePoint lately. One of the things that I have decided is important is that all SharePoint sites should start out at the very beginning with SSL encryption. SharePoint suffers from a couple of irritations and one of the big ones is that sites don't want to be renamed much. There are too many things that default to hard coded links so you need to pick the right URL to use from the start. And, since you are logging on with your network credentials, why pass them in plain text? At least make a malicious user work for it.
So, what is the best way to set this up? When you run the MOSS 2007 installer, you are really just installing the basic SharePoint infrastructure and you are not installing a specific site. Once you install the software, it sets up the Central Administration website (and no other site) and from there you configure things like e-mail settings, search settings, and so on. After all of that is done, you then create a Web Application that will actually host the site. The terminology in v3.0 and MOSS 2007 is different than previous versions but a web application was referred to as virtual server in previos versions. You create a new web application and the options are there to use SSL for and port 443.
You can create this web application before you install a certificate. Once IIS is restarted, you can go to the IIS console, select the new SharePoint website, and walk through the SSL certification steps to get the certificate installed.
There will be no site to see on the Web Application until after you create a Site Collection on the new web application. You can't test your site, certificate, or anything like that until after you create the site collection.
For once, the MOSS 2007 / SharePoint installer does not overwrite the Default Website so after you create a new web application, it will sit next to the Default Website instead of overwriting it. This will be really, really useful. From the IIS console, open the default website. Go to the Home Directory tab. Change the radio button to redirect traffic and enter in the full URL of the SSL site you created. If you do that, IIS will redirect all traffic from the default, port 80, non SSL site to the new SSL site you created so that when people forget to put in HTTPS, they still go to the right place.
which are the one thing that an attacker really wants, you should make them work for it.
For anyone who's lived in Japan...
You have to see this site: http://www.engrish.com. It's a collection of odd signs, t-shirts, and more that have odd, not quite right, English slogans written on them. Normally by a marketing person and probably by someone without a lot of language skill.
Friday, September 26, 2008
DevConnection conference in November
It look slike I'm going to be able to attend a Microsoft-centric seminar/trade show in Vegas in November. The DevConnection company is hosting a triple-combo seminar on Windows 2008, Exchange 2007, and SharePoint. When you register for one conference, you can attend sessions in any of the other conferences freely - kind of a mix and match thing. I'm going to try and tack on some vacation at the end of it, too, but not that many. I want to horde my vacation days a bit since I haven't racked up that many, yet.
I don't know the company much but there are reviews of past events floating around on the Internet that sound pretty positive. I'll try to blog about it while I'm there.
I don't know the company much but there are reviews of past events floating around on the Internet that sound pretty positive. I'll try to blog about it while I'm there.
Wednesday, September 24, 2008
WebEx and SharePoint
WebEx offers corporations a free Active Directory plug in that uses Active Directory Application Mode (ADAM) to allow your active directory to talk to WebEx. When you look at the WebEx site, it looks pretty easy. Install the SharePoint system, add some web parts, configure ADAM, run the batch import, and all of your users are ready to go with WebEx accounts.
This is totally, completely, and utterly FALSE. The WebEx integration tools are UTTER CRAP.
The ADAM component will not read any user account that is not the in default "user" container. So, if you use any intelligent Active Directory design, then the WebEx components will not import users.
The ADAM component and built in batch import have different restrictions than the WebEx site. There are different user name requirements, password requirements, and e-mail address requirements are different from the WebEx site.
If WebEx tries to sell you this as solution, tell them to take a hike.
This is totally, completely, and utterly FALSE. The WebEx integration tools are UTTER CRAP.
The ADAM component will not read any user account that is not the in default "user" container. So, if you use any intelligent Active Directory design, then the WebEx components will not import users.
The ADAM component and built in batch import have different restrictions than the WebEx site. There are different user name requirements, password requirements, and e-mail address requirements are different from the WebEx site.
If WebEx tries to sell you this as solution, tell them to take a hike.
Friday, September 19, 2008
MOSS 2007 - You REALLY want the Enterprise version
Like I mentioned before, I've started a project that is pretty SharePoint heavy. Since we have a very flexible license with Microsoft, I could pretty much run whatever version I thought was best, a luxury that a smaller company doesn't have. However, if you are a Microsoft partner, you do have access to both version of MOSS as part of your partner benefit.
There is no reason to purchase and install the standard version, in my opinion. The additional search features, site publishing features, InfoPath support, Business Intelligence (BI) web parts, and default site types in the Enterprise version are extremely useful. If you have access to both, pick the Enterprise version.
I would strongly recommend that you look long and hard at the Publishing feature that is included with MOSS 2007. Rather than using the SharePoint site as a web-enabled file share, the publishing features lets you create documents as webpages directly. Since web pages are smaller, load quicker, and can be displayed on a wide variety of devices (cell phones, Macs, etc.) without special plug ins, it really simplifies the long-term life of the documents you are creating.
And, you get a multi-lingual option called Variations that can be quite useful... and amazingly irritating at the same time...
There is no reason to purchase and install the standard version, in my opinion. The additional search features, site publishing features, InfoPath support, Business Intelligence (BI) web parts, and default site types in the Enterprise version are extremely useful. If you have access to both, pick the Enterprise version.
I would strongly recommend that you look long and hard at the Publishing feature that is included with MOSS 2007. Rather than using the SharePoint site as a web-enabled file share, the publishing features lets you create documents as webpages directly. Since web pages are smaller, load quicker, and can be displayed on a wide variety of devices (cell phones, Macs, etc.) without special plug ins, it really simplifies the long-term life of the documents you are creating.
And, you get a multi-lingual option called Variations that can be quite useful... and amazingly irritating at the same time...
Subscribe to:
Posts (Atom)