hello...  just as Stephen, Matt and David return from TechEd in Barcelona, Cobweb are off to Barca again :-)   
(BTW it sounds like they had a great time and they have literally dozens of ideas for new services, improvements and recommendations to make things better!)

Shelley and I are fortunate enough to be going to the EMEA Hosting Club in early December.  This is a two day get together of execs from the leading and best hosting companies across EMEA to discuss and share experiences, look at market opportunities, and network with like-minded individuals.

This is the 7th event, I think we've been to them all, including the opening event atop the Eiffel Tower, and they are a very worthwhile event.    Although it's supported and organised by Microsoft, it's an open even where general hosting and various subjects can be discussed.   Naturally much of the content, round-table discussions and networking are about HMC and WBH, but there are other agenda items - SaaS, innovations, operational best practices etc. which provide valuable content and discussion.

For us it's a great networking event and that's where we get the most value.  We also get to spend time with the Microsoft UK Hosting Team, who are always good to talk to and facilitate discussions among hosters.   Often these events reinforce our thinking about our business and industry - it's good to hear others with similar ideas or problems.

If you're going, we'll see you there.

Hello

So TechEd is over for another year and I thought I would share some of the figures from the week.

No of delegates - 5200 approx
No of delegate access PC's - 1300
Wireless Access Points - 90
Cisco switches - 40
Kilometres of copper cable used - 20
Kilometres of fibre used - 6
No of unique wireless devices seen - 4590
No of viruses detected - 0
Peak Internet bandwidth - 60Mb/sec

I have been very excited this week by what I have seen from Windows Server 2008 and IIS 7.0, they are both maturing into very capable products with many new features that will make my job as a Windows Administrator a lot easier and I look forward to start investigating how the new features can benefit Cobweb and our customers.

I will keep blogging over the coming months with updates on how things are going.

David

Dear all,

Sorry for the slightly strange title, I’m sure some of you get it. If not, click here. Today is the last day of TechEd and I am happy to say that it has been brilliant. An absolutely fantastic session by Laura Chappell this morning on network forensics and then a follow up security panel discussion with Laura and more top MS and non-MS security professionals. This was my biggest shock of the day:

During a routine threat analysis of anti-virus programs, some open source Trojan source code was downloaded from the web. It was then compiled and several scan engines were used on the binary. None of the engines picked up the Trojan, even though it was a well known threat.

The reason?

This binary had been compiled with Delphi 2005 and the original virus writer had used a previous version. Therefore the signature didn’t match.

I’ll leave you with that, and finish by saying goodbye for now and I hope to see a bit of Barcelona tonight as we finish early at 4:30pm and it will still be light.

21:00 It's Thursday night, and its the last day of TechEd tomorrow - and we've covered a mass of subjects and overviews which has made the whole event just fly by.  Today I've been following some of the security tracks, and got some useful insight - as well as attending the best named sessions so far.

The first session looked at Wireless networking security - "The Black Arts of Wireless Security and White-Magic Countermeasures".  The presenter, from Microsoft, went through a number of the methodologies that hackers use for getting in to - and then disrupting - wireless networking.  So we started off talking about a site called www.wigle.net, a growing database (13mln and counting) of wireless networks available, whether they are open/free, what their SSIDs are, MAC addresses, channel etc.  While this is a mostly US based utility, the world maps are worth a look if nothing else.  Looking at the results of some searches, most users are still using the default settings for their devices - something like an SSID of "Linksys".  This gives a hacker a great start - if the SSID hasn't changed, I would doubt the default password has either...  This was proven in a great example from the lecturer - he was working in a hotel, and the wireless was a bit slow.  So he connected to the router - used the default settings (widely available on manufacturer websites), logged in and increased the broadcast power.  If you haven't already, log in and get them changed.

The second session covered some Windows OS security - "How the Evolution of Military Strategy can be applied to Information Security Strategies in the Enterprise".  For this session I was perhaps expecting Sun Tzu's art of war (here), and while the grand title didn't deliver this it had some great advice for actively protecting your OS.  One that stuck for example was many viruses/trojans - for example Blaster and Sasser - use the cmd.exe file to deliver their service and infect a computer.  This was demonstrated by gaining access to remote machine through an hacking utility (an RPC exploit) which presented a cmd shell with system privileges.  Next, on the targetted machine, we changed the file security to Interactive access only (file can only be executed locally) and ran the same hack.  And it didn't work.  So this then would have been protection against these viruses, and potentially many others too.  Simple when you know.

Good morning,

It is now Thursday and it is amazing how these three days have rushed by.  I just wanted to give people an idea of the organisation that has gone into this event.

There are PCs everywhere, from the highly restricted 'feedback terminals' to the work terminals that you sign in with your MS events web site login.  Furthermore, they have an exchange server here so you can email any delegate and search by name / company.  When you launch outlook on one of these work PCs it will autodiscover your identity and set up your MAPI profile, there is full roaming profile support and you always print to the nearest printer.

Of course none of this is really rocket science, however it is still mightily impressive.  There is a session on Friday that describes how MSIT (the Microsoft internal IT department) created the infrastructure we have here.  I might go along.

All this is an IT perspective but to be honest the way that the lunch is organised is just as impressive, this is really the feeding of the 5000.  In an hour and a half.

Adiós

Hello

As I am now half way through TechEd 2007 I thought I would share some of my thoughts and discovereies on what I have seen so far.

My main focus of the past couple of days has been around web hosting and Sharepoint. I have been very impressed by what I have seen from IIS7.0. There have been some big improvements in IIS particularly relating to the administration of the service. It will be much easier to deploy multi-server web farms due to the new shard config files. No more configuring one server then copying the config to all the other servers in the farm. It is also possible to delegate permissions down to the site level which offers some new opportunities in the way that administrators and users interact with IIS7.0.

Of course IIS7.0 wouldn't be possible without a Server Operating System to run on and Windows Server 2008 is looking like a good offering from Microsoft. Whilst things could still change before it is released next year there is plenty that has matured nicely since Server 2003. I am looking forward to getting some proper hands on with the software to really try it out.

David

Hello again. This is my second report from Barcelona and much has happened since Monday afternoon.

I have got a session this afternoon on the Microsoft version of application virtualisation. This is something that could be really good for Cobweb and though it is nothing new (citrix) it’ll be great to see what it can do.

As for what I have been up to - a session by Mark Minasi on name resolution and the future of WINS was really good.  It also confirmed what I had always maintained...  That GUI administration is far less impressive than command line stuff. ;)  Check out www.minasi.com

Other subjects of interest are Server 2008 – this seems like a massive improvement in so many ways. The maturing ADFS technology may be of use to us too.

On a non Microsoft note for a moment VMware have some excellent products in the form of VDI and lab manager, I am a bit of a VMware fan so this is very interesting for me.  Also I have seen at least five Apple mac laptops here that are bucking the trend....

10:00 Good morning from TechEd Barcelona.  I finished yesterday's sessions with an overview of Microsoft's Business Productivity Infrastructure Optimisation (BPIO) and a Q&A of the IT Management speakers.  Microsoft's BPIO (http://www.microsoft.com/business/peopleready/bizinfra/default.mspx) is a maturity model and there is a short evaluation exercise on the site that can help to identify - in business optimisation terms - how mature services are in your organisation with advice on how to improve.  It's worth running through the exercise, though as with all such exercises get some of your team or your peers to fill it in too as some questions are open to interpretation!

The Q&A session was quite informative and eye-opening; not about the subjects we discussed directly, but more the state of the IT industry itself.  Indeed, the majority of the Q&A was dominated by questions in two areas - either "My business is trying to outsource my services, what can I do?" or "The tool you've just presented looks good, but have you got another tool that will set it up for me?".  The Gartner research is proved out really - the industry is changing - has changed - and business wants to know what we're here for.  IT groups that are still working on the principle that "We're IT, so we're important - we'll tell the business what to do" are going to have to change themselves before more radical action is taken on their behalf.  And I think that can only ever be a good thing.  I'll close on a quote:

When a great team loses through complacency, it will constantly search for new and more intricate explanations to explain away defeat.  Pat Riley

10:30 Today I'm attending a specific IT manager's track today at TechEd, and this has started with a great talk from Brian Gammage, vice president at Gartner research about the future direction of infrastructure and operations.  The session reinforced the need for IT individuals, teams, and companies to focus on the business output - the actual value of what they do in their environment as we go forward.  I'll share one slide here with you, being the current top 10 CIO concerns, according to Gartner:

• Delivering projects that enable the growth of a business
• Linking business with IT strategies and plan
• Improving the quality of IS service delivery
• Demonstrate the business value of IT
• Attracting, Developing and Retaining people
• Provide new information (analytics)
• Provide a flexible technical infrastructure
• Building business skills into the IS organisation
• Leading change initiatives (both IT and wider business)
• Improve IT governance

Very business biased and notably absent is security - and in a world where including consumers, IT spend is now breaching $3 trillion annually.  The reason?  Security is no longer a strategic priority.  It is simply expected.

14:45  I've been through two further sessions since my first post - about desktop management in the enterprise and how to build the datacentre of the future.  Of course - since this is TechEd, we're talking about how to do this with Microsoft's technologies (http://www.microsoft.com/systemcenter).

And Microsoft have got some challenges themselves  - currently supporting some 80,000 servers with growth expected to reach 400,000 servers by 2011.  Supporting such an infrastructure is almost unimaginable, and this makes no reference to any clients connecting to those services, expecting it to be available, 24x7.  So I'm quite excited about the services being offered and what they can mean for me and my teams - it is quite refreshing to see a powerful tool for SME companies that don't want to rollout of a huge system like HP OpenView's System Manager (here) - whether for cost or value.  The Microsoft service will in the future also include change, problem and incident management tools as well as a CMDB solution, similar to these solutions and we've been speaking to a host of companies working to include plugins for non-Microsoft technologies.  One specific feature that I can absolutely see value in is that the Configuration Manager service has built in content to help you with the attainment of compliance standards - for example to check that all servers have the same local security restrictions applied.

Hello

As this is my first entry onto the Cobweb Blog I thought I'd better start by introducing myself. My name is David and I am a member of the Windows Admin Team here at Cobweb Solutions.

Along with my two colleagues I am lucky to be attending TechEd 2007 in Barcelona this week. My primary focus for this week is to find out about the new products and services coming up from Microsoft particularly relating to hosting, be it Web or Sharepoint and how these new technologies can be applied at Cobweb in the future.

I will report back soon with my intial thoughts from the week.

David

Hello everyone.

I have just finished my first (ever) 'proper' session at Tech Ed and immediately I am thinking of how we can start to implement some of the ideas at Cobweb. My session was called "Notes from teh field: Defending web applications". I won't bore you with the detail but this stark statement stuck in my mind more than any of the others...

Attackers do not generally hack into systems now to crash or deface them, they want the data on those systems to make a profit.

This was especially interesting since these attacks get around all of the usuall security precautions and are very difficult to trace in the logs (since they look alot like normal activity). Solution: Secure development lifecycle, threat analysis _before_ the code goes live, code review and continuous monitoting.

I am now starting an Exchange 2007 deployment session - This will conclude my first day here and I am shattered but already looking forward to tomorrow. I will sleep well tonight.

Over the weekend while recovering from the Friday night festivities (Live bands and karoake competitions, don't ask!) I was browsing around some of the more interesting groups on Facebook and happened upon one that took my interest. The website is http://www.freerice.com/ and the basic idea is that you answer some questions, for each question you get right, some rice is donated to a third world country. It also tallies up how much rice you've managed to contribute too.

I think it's a fantastic idea and if enough people do it then the good things that come from it could be immense. So, here's me doing my little bit and putting it here for anyone to read. Please pass it on to as many people as possible and then all our little bits of help will tally up in to something much bigger.

One of the things that I mentioned about two months ago was around social networking sites and the access to information that people had on there. I make a point of not putting any pictures on there, no date of birth and definitely no contact details at all. Even putting status updates such as 'Mark is away on holiday for two weeks' could be translated into something completely different TO a thief such as 'Mark is away so please burgle his house!'

Sometimes putting less on social networking sites means that you get more out of them. The more things that are put in there the more risk you place yourself under. Read an article here - http://news.bbc.co.uk/1/hi/technology/7090096.stm

Mark

11:00 CET  ...as promised, this is my first entry to the blog from TechEd 2007.  We've arrived, registered and have begun to get a feel for what this week is going to entail.  We've been here for about three hours, and putting to one side the free food and drinks (tea and coffee, of course, but various croissants, bottles of Coke, sprite etc.) this place is huge, and very impressive.  The lunch areas have to seat about 5000 people, after all...

Having already gone through three virtual labs for Microsoft Performance Point Server (something that will appeal to those with an interest in BI and with exposure to dashboards, scorecards and business modelling) I've found my way to the "Communications Network" area - an approach and use area of about 200 PCs with Vista and Office 2007.  I logged in and of course, the logon that I was provided before the event for the TechEd website is the same for this PC, and my event calendar, email and all my settings are here.  I know Microsoft have been "eventing" for some time, but this is well organised to say the least.

17:30 CET  A busy few hours with more virtual labs, the keynote speeches and a session on SOA - Service Oriented Architecture.  The keynote speeches were kicked off with a group of drummers on the main stage and each of us with a differently pitched 'tube' on our seats as we went in.  A few exercises in timing later, the group was warmed up for the speeches and these were aimed squarely at the new wave of products - Windows 2008, SQL 2008 and Visual Studio 2008 - all of which have new features and services that will add value to most enterprises.  I'll try and add some photos later on of what we've seen so far.

My next session is aimed at IT lifecycle management helping to enable continuous improvement.  The session links closely with the SOA talk and looks a little more at what we can work on now - rather than in the future.

Just a short post to say that myself and two of my team are lucky enough to be at TechEd Europe this week!  http://www.mseventseurope.com/teched/07/itforum/content/Pages/Default.aspx

I'll update the blog as the week progresses with what we've been up to, and looking at the line up there are some fascinating things going on.  If anyone is also going to the event, drop me an email and I may well see you here.

Of course we love Hosted Exchange and this article does a great of explaing the benefits - have a look here

Mark

Why is it so hard to keep people motivated in delivering actions that achieve an outcome?  I am finding that it is extremely easy for people to get lost in the land of task management and lose sight of the purpose of the tasks.

I am an activist so it is extremely frustrating for me, but I understand that people have different approaches and styles, I also know that we need the difference to exist in order to achieve.

I would welcome suggestions on how you have successfully motivated people to achieve successful outcomes.  What is the secret?

All the best

Shelley

Since this is my first entry into Cobweb’s blog since we’ve started this, so I’d like to introduce myself a little first:  I am the Technical Manager at Cobweb, responsible for the Technical Team and the systems that they support.  I joined about one year ago (just coming up...) coming previously from mostly large corporate organisations.  Going from a company where I was one of 75,000 others to a company where I know something about everyone who works at Cobweb was certainly a change to what I’m familiar with!  I’ve really enjoyed the difference though and if I cannot believe that I’ve been working with Cobweb that long it goes some way to explain how exciting the last year has been.  So for my first entry I thought I’d write about a subject close to the heart of my role at Cobweb – availability.

According to the Compact Oxford English Dictionary, ‘available’ describes a thing “able to be used or obtained” and for us of course that means our systems able to be used by our customers.  If you’re interested in the numbers, in a 30-day month there are 43200 minutes, and therefore to meet an availability of 99.5%, unplanned downtime must not exceed 217 minutes, or 3.6 hours.  99.9% must not exceed 43.2 minutes, and 99.99% must not exceed 4.32 minutes.

The last three months at Cobweb have been a journey as far as this is concerned, with a heavy month in August followed by the best result for the year in September, and a very good service in October – 99.78%, 99.99% and 99.95% respectively as averages for Hosted Exchange services.  In August we suffered a hardware issue on one Exchange platform – the first in my eleven months at Cobweb, and on another Exchange platform, repeated problems with non-paged pool memory.  The former required an engineer to resolve the issue and restore redundancy, and the non-paged pool memory an initial reduction in mailbox numbers that night to bring the service within limits.

Both of these events in August served as a significant alert to me and the operational teams of Cobweb – especially speaking first hand with customers impacted and disappointed by both outages.  So what have we been doing since these events?  Well, we have made a number of changes to process and service content, from simple items such as getting up-to-date availability information centre stage in front of the Technical Team, to work with Microsoft and our own lab-research on how our platforms behave.  Last week on one platform for example, further to lab-testing, we replaced network cards in an HP server with Intel equipment to gain an immediate reduction in non-paged pool memory usage – something we know impacts stability when it increases. 

Based on the figures, this activity has paid off in September and October with improvements across all systems and these issues not repeated.  And we haven’t finished yet.  The change to network cards for example we will achieve across the other clusters, and I’m confident that there’s always going to be something else that we can do to benefit this.  And I think that this is the greatest lesson of availability, as it is in business, that no matter how good you are today, you need to be better and sharper tomorrow to stay ahead.