November, 2007

At IT Forum this week, I ran into an old friend, Neil Williams, Head of IT and eLearning Development at the University of Derby. It was a great opportunity to discuss some of the issues raised throughout the week with somebody facing issues at the business end of IT. We've spent a week looking at IT products and features, and meeting Neil gave me the chance to discuss how this relates to the real world challenges faced in a typical university.

I started our conversation by asking about the title of one of our sessions this week:

Be secure OR get work done?

In Neil's experience, this question gets right to the heart of the issue - it highlights a source of conflict between IT people and users - in Neil's case, the academic community of the university.

• The IT people are driven by the need to enforce security and compliance - ensuring that they meet statutory needs such as data protection and Freedom of Information.
  So they will want to lock down everything. In Derby, if you're not a student or member of staff, you can't access IT resources - things like e-learning content, electronic library materials. One of the problems this creates is "grey users" - associate lecturer, visiting lecturers - who don't exist in the HR system, and therefore don't exist in the connected directory.
• The academics want to engage with students with new social networking tools, they want to share information, they want to develop blogs and wikis. And so, if they don't have the flexibility they need delivered by the IT systems, they will go and create what they want on personal websites and social networking websites.
  The end result could be that intellectual property that belongs to the university - for example, course content - or personal data is published outside of the control of the university. Or essential information to the running of a course is not managed and recorded within the university's IT system. For example, if a discussion group is run on a personal website, and that discussion forms part of course assessment decision, then the danger for the university is that it may not be able to access the information at a later point when it might need it - and so that needs to be available to the university on an on-going basis.

Neil's view on this dilemma?

"Well, it puts me in a difficult position - because they are both right. It's unlike the corporate world - where you say 'this is the way it will be, live with it'. Whereas in HE the role of the academic is to explore new ideas, and to push the boundaries. But sometimes we just can't move the IT infrastructure fast enough to keep up."

Derby's Research and Innovation Group

Neil's response was to create a Research and Innovation Group within his team. Their role is to engage with the academic community in the university, to trial new technologies in partnership. In the last year, they have been looking at blogs, wikis, video streaming and podcasting - all technologies which the lecturers wanted to adopt, or were adopting within their courses. Creating the group has helped, not least because the academics feel more listened to, and that they have somewhere to go with their needs. The other positive outcome is that by working more closely together helps both sides understand the needs of the other. For example, Neil sees a greater understanding from the academics about way that the IT Team work. For example, the IT team have to make decisions within a framework that allows for scalability and resilience in their solutions, which may not concern an individual user.

One of the contrasts that Neil has found since moving to HE, from the commercial sector, is that many people in the academic world have strong opinions about specific technologies. This is partly led by the computing departments, who are looking at technology all of the time. And partly because there is so much inter-institution collaboration, they see more examples of what is happening elsewhere, and want to adopt those ideas within their work. This kind of collaboration doesn't happen so often in the business world, because of the element of competition between companies. The result is that people will see a specific technology product, and ask for it, rather than have the functional requirement as the starting point ("I want Moodle version 1.6" rather than "I want a way of delivering structured content to my students which allows them to pace their own learning, and helps me with assessment"). People are coming with the solution, not the requirement. The situation that leads to is difficult for the IT team to manage. There may be 10 academics who want to use blogging, but they all have their own strong views of which blogging tool they want to use - and the IT support can't suddenly adopt 10 - they have to pick a single platform which meets most users' needs.

What have been the tangible benefits?

Neil sees that the group have delivered faster deployment of new technology. And the academic community who are involved have a growing recognition of the value of integration with the corporate IT systems. For example, integration between the student record system and the VLE means that academics don't need to create student lists, staff lists or course lists. But if they put it on an external system or website, then they have to manage the issue of granting access for appropriate users.

There has also been a change in the way that the IT team think about service delivery. Rather than a traditional approach of controlling the whole end-to-end process of an IT system, there's more allowance for individual flexibility and contribution. For example, the IT team recognise that they shouldn't define the whole start-to-finish design and structure of the corporate SharePoint, without allowing users to add their own content and data sources. It allows users to add their own value to the work.

Be secure AND get work done?

So I asked Neil, to deliver these, where have compromises been made - have costs risen or security reduced?

Neil's honest answer was that costs have risen.

"We've delivered more flexibility and innovation. But that's sometimes difficult to explain, because it's tricky to describe some of the nuances of the flexibility that is being delivered. At a higher level, they look at the big blocks - the Student Record System, the VLE etc. But what is happening is within those blocks. How do you explain at a strategic level the investment benefit of enabling the VLE to allow branded course delivery, which a particular faculty may be passionate about."

Neil recognises that from a security perspective, they system is still more locked down than the users may want. But there's an imperative to contain the environment in order to contain the cost of running the whole IT system. Part of the move to the latest Microsoft solutions is to allow better policy-driven management, and increased virtualisation. The aim is to allow more flexibility without having to compromise on security or quality of service delivery.

As Neil puts it

"Vista migration planning is happening now. It is a large investment, but some of the technologies that it will enable, like virtualisation, will help in carrying the argument to the budget holders of the value of the investment."

What next?

One of the issues for all HE institutions is that more and more students are turning up with laptops. What does that mean for your IT?

"We don't see a big demand for connections for laptops within the IT system on campus, but there is massive demand for connectivity in halls of residence. Currently we don't allow non-university equipment to connect to the network, except in the halls. We'd like to change that because it will provide a better service to students, and perhaps provide better support for other devices, like PDAs. We plan to have the network infrastructure upgrades in place to allow this to happen, which will then allow the IT team to connect non-university equipment in a controlled manner. So we can detect a newly-connected device and check that is has up-to-date anti-virus etc. It's not something students are currently loudly demanding, but by doing it now, we're enabling more flexibility and we'll be ready when the demand appears."

A bigger issue for students is the lack 24x7 support - for example, if they cannot access the VLE at the weekend, they can't get immediate support. This is a growing issue, because more of the academic courses are moving to online delivery, assessment and workflow. Neil's team are looking at ways to resolve this, but it could have significant cost implications for the university. However, it's an issue that affects other institutions, so there may be a way to work across institutions to resolve this.

"Another student-centric issue is how much do we engage with the students lifestyle in their places - their Facebook, their other social networking sites. The implications for the university affect many things. For example, how the email systems is run and managed for students. Can we assume that students are using your email? Or do you need to go to where they are, and use their personal email?"

And the end result?

My final question for Neil was about the future - where does he think the current plans will get them?

"In one or two year's time, I expect that we'll have a number of interesting emergeing technologies - virtual classrooms, blogs, wikis, audio, video - in place. And they will be understood and used by a significant proportion of the academics, who value it because of the pedagogical benefit. Moving the passion for these tools out from the small core of academics who are at the leading edge and allowing a culture change."

Questions? Comments? Add them below, and either Neil or I will have a go at helping...

During the recent Microsoft IT Forum in Barcelona my colleague Dan attended a panel discussion on the green data centre. The panel featured many of the key industry influencers (AMD, Dell, HP, Intel, Microsoft, and Citigroup), whose research and product development has implications for the implementations of data centres worldwide.

The first discussion focused on the actual buildings themselves, with the “green factor” a big consideration when commissioning new data centres. Typically, building a ‘green’ data centre incurs higher upfront costs than traditional ones but there are long term energy-efficiency benefits, and the associated cost savings, to be realised. Considerations included the types of building material to be used and the location (i.e. would it be better to have a Data Centre in a cold environmental location to lower cooling costs?), while other ideas concentrated on requirements for recycling and re-using energy. With power consumption one of the main considerations when planning a data centre, re-usable energy would be a massive advantage.    

The next topic was the virtualisation and consolidation of applications and services. There was some difference of opinion on whether running more than one application or service on one server was the way forward when, traditionally, vendor recommendations have always been to have dedicated servers. I guess the answer to this question depends on the situation and how critical the service is that is being provided. In conclusion, the agreement was that virtualisation has only just started to demonstrate its benefits.

Other subjects discussed included changes in storage, server (e.g. blades versus rack or stand alone) and chip technologies (new chips require less power but process more).

For further details on what the industry is doing around Green IT, click on the links above or visit: http://www.thegreengrid.org/home

This afternoon at IT Forum, we ran two specific sessions for UK education customers. Brad Tipp, from our worldwide Education team kicked off talking about the Live @ Edu service - something that is currently going through a metamorphosis. What started as an email service for students (similar to Hotmail, but linked to your institution's email domain), is growing into a wider range of student online services, which supplement or replace services that you are delivering to students through your own infrastructure. The benefit is that you can deliver new services at no or low cost to you.

We're moving to a "software plus services" world, where we are developing a mix of software on a device, supplemented by Internet-based services. It changes the way that you can think about providing services, and the scope and reach of them. For example, research shows that 85%+ of students arrive in the first year at University with a computer. And despite the fact that the majority are laptops, they remain in the students' bedrooms - they don't get brought onto campus. What our research shows is that your students put their critical work files on a memory stick, and carry that around campus with them - plugging it into your terminals. What happens if they lose that memory stick? Or it corrupts? Or if it has a virus on it?

The basic features of Live @ Edu are:

• Email - hosted through the same way as Hotmail, students receive a mailbox using your university's email domain (name@youruniversity.ac.uk). The mailbox is accessible through webmail, on a mobile phone, and all of the normal ways that they are already accessing Hotmail today. The other differences - there's no advertising; you control the allocation to students; and it is branded with your university identity. Oh, and a 5GB mailbox (which is about 100x larger than many uni mailboxes today)
• Calendar - the student has their own individual calendar, to allow them to manage their schedule.
• Messenger - because the email is created through a Windows Live ID, the student automatically gets an additional Messenger account - allowing them to separate their use of IM for their social life and learning. (The latest TechTribe survey shows that over 60% of 16-25 year-olds use Instant Messenger every day).
• Spaces - Again, because of the Windows Live ID, they also get a Spaces account - for photo sharing, blogging etc

What has now been added are the storage options - SkyDrive and Office Live Workspace - plus a computer sharing option called Shared View.

• SkyDrive - allows users to store and share files and folders. It's a password protected 1GB virtual hard drive.
• Office Live Workspace - a document workspace, for sharing any type of Office content - documents, spreadsheets, presentations, meeting invitations and schedules. Imagine a "SharePoint Light". The storage limit on this is a maximum of 1,000 concurrent documents per student. Users can view documents online (without needing Office), or download for editing and use. One neat thing it does is allow easy creation of lists - which can be exported to Excel. This kind of thing is great for groups of students working on projects and tasks. Students can also annotate documents online (without needing Office) - which means one user can create a document, and then share it for peer review, and others can add their comments and notes online, through the workspace.
• SharedView - allow students to collaborate in real-time - they can simultaneously edit documents and share their desktop in real time. Up to 15 users can all work on the same screen - and can have their own mouse control. (Is it me, or will this be quite confusing the first time? It'll be a bit like a bunch of students in front of a telly, all with their own remote control!)

Brad summarised by telling us that there are over 5 million university students using Live @ Edu, across 30 countries. In the UK, there are around a dozen universities signed up to us it. And gave key reasons for exploring the service:

• Reliable, supported and configurable for the needs of IT Services
• Reduce the cost of running your IT and storage services
• Increase on-campus collaboration, communication and storage to enhance learning
• Improve student service delivery

Find out more at edu.live.com

We regularly get involved with events for education with our partners, and one of the ones coming up is from SCC, who are hosting an event at our offices in Central London on the 3rd December 2007.

SCC, Europe’s largest privately owned IT company, is working in partnership with Microsoft to demonstrate to you the benefits of upgrading to Exchange 2007 - and the future beyond. For the first time unifi ed messaging is delivering true business benefit - and your portal, email, and mobile solutions are converging into one seamless user experience. Let SCC and Microsoft show you the benefits of working together in partnership to deliver this groundbreaking new technology. Join us on Monday 3rd December for a half day seminar specifically aimed at the higher education sector.

What will I learn?
• Find out about the “anywhere” workplace – bringing mobility and versatility to the education sector
• Discover how you can have a single identity for email, IM, voice, video, telephone and conferencing
• Hear the business case for upgrading to Exchange 2007 – reducing costs and risks, whilst improving performance and productivity

Register by email groupmarketing@scc.com or by telephone on: 0845 351 1157

There's a phrase - "Enterprise Search" - which summarises the next step in effective use of technologies for collaboration, data sharing and making your institutional memory more accessible. By this I mean, when anybody in your institutions publishes a piece of information that they want to share, you need to make that information available to other people in an easy way - a way that doesn't require them to remember where that information is stored. Another step in journey towards improved information availability is the expanding range of options available to help you to search your internal IT systems. 

I wonder how many people know about our Search story for the enterprise? It seems that it's mostly the SharePoint enthusiasts and not many others.  This is likely to change following our recent launch of our new Microsoft Search Server (MSS) 2008 - there's plenty of information on this at: www.microsoft.com/enterprisesearch

At IT Forum today Richard Riley talked us through the two flavours of search available, which are:

• Microsoft Search Server (MSS), which has a cost associated, and MSS Express (MSSX) which is free.  Both only take less than an hour to install and configure and then away they go and trawl your information resources to create a full, enterprise aware search capability that your users can start getting the benefits of immediately.
• MSS 2008 is built on WSS 3.0 (Windows SharePoint Services 2007)

The big area of investment in MSS 2008 is Federation.  This means that it will display the results from other search engines or applications displayed alongside local results.  MSS will send a query to other search engines or data query services and format them for the user.

• It uses OpenSearch 1.0/1.1
• To add a new federated search location is remarkably simple.  For instance to add a new location like Yahoo simply take the URL from a search on Yahoo and for the search term simply edit the URL and insert {searchTerm} and away you go. Richard did this live in the event and it did look incredibly simple.  Although the demo gods were having some fun!
• And there are ways to search sites which don't support OpenSearch - like Wikipedia - that uses another search engine (eg Live Search) as the intermediary.
• If the search locations is not supported by MSS out of the box then build or buy a connector - and we've created a forum to share connectors others build.
• Authentication is integral to MSS which means that you can enable the search to recognise users' authentication settings to access pools of information be they file based or application, such as database, related.

The benefit of Federated search is that you can anticipate that users may be intending to find a wide range of information. Somebody searching within your institution for "wi fi" could be looking for information on how to connect to your wi fi on campus (likely to be on your internal portal), or they could simply be trying to understand what wi fi means. You can also use this method to search your internal SharePoint and your own public-facing website, which may be hosted on a completely different IT system.

Some of the launch partners with connectors are OpenText, Business Objects, Cognos and Symantec plus around 10+ others.

"The value in virtualisation technology moving forward will be in the management and the operating system rather than in the virtualisation stack."

I attended an interesting session at IT Forum today from Guillaume Field, from Dell.  He started the session off by saying something along the lines of "you are all buying way too many servers and we want you to stop".  Controversial stuff to hear from a guy at Dell.  However, he then went on to say that that all these servers people are buying are doing the wrong thing and virtualisation is the way to get them back on track.

It seems that of all the power put into a data centre, only 4% of it is actually turned into compute power.  Match this with the fact that most servers are only at around 5-15% utilisation you can see what Guillaume is getting at with his opening statement.  By continuing with the traditional model of 'new application=new physical server', we are seeing compute power increase and utilisation decrease.  Dell's data centres are so full that they are only allowed to implement a new server if they remove one.  Without virtualisation this would limit their ability to grow their business.

The power of the new x86 servers is still growing according to Moore's law, so theoretically as Dell does replace servers in its data centre with a strategy to virtualise, they will see utilisation increase as compute power increases.

The point about the value being in the management is absolutely crucial to this and Guillaume's outlined Microsoft's strategy to have one Management interface for all its virtualisation products (Terminal Services, SoftGrid, Virtual PC and Virtual Server).  Naturally the Management Interface to do this is Microsoft System Centre which is also the tool you are using to manage the rest of the estate.  Simple!

In a recent survey, 70% of (male) drivers said that their driving skills were "above average". Which tells you that most people think that they are better drivers than the others on the road. Well, PC security is probably like this - most users think that they know more about making the right decisions than the "average user". Which means they are likely to think that security features are there to protect others from their own mistakes - whereas they themselves, surely, don't need security measures because they know what they are doing. Of course, you know this isn't true (except, of course, in your case!)

So this morning at IT Forum, I joined a security session with Rafal Lukawiecki & Steve Lamb, subtitled "How to do more business with less risk". I was interested to hear their perspective, because my main experience of IT is as a user, and security always seems to be designed to get in my way and is designed to stop me doing things I need to do (okay, I'm realistic, and do recognise sometimes that it's there for my benefit)

Rafal and Steve's perspective was that while there are many new areas of security that are built-in to Windows Vista, there are 3 or 4 key features which everybody should be looking at, and thinking how it will help them to manage their IT infrastructure.

Here are those key security features:

• User Account Control (UAC) - For me, this is definitely contentious, because along with the upside of enhanced security, comes the downside of more frequent warning messages, and the user being asked to allow applications to run. One of the unfortunate side effects of UAC is that it tends to be quite intrusive in the first few weeks of a new PC. This means, as you're getting used to Windows Vista, you get a pile of messages popping up saying Are you sure you want to install this software? Do you really want to add a printer?  Defragment your drive - are you sure? It's a classic case of security versus ease of use. The ease of use view (ie the one from your users) argues for switching it off - to stop them being interrupted as they work and install programmes. The security argument (ie yours!) is to leave it enabled, so that your users have the safest settings.
  
  The really important message that came out, from both the speakers and those IT administrators in the audience, is that after a couple of weeks, the level of interruptions reduce dramatically, so don't rush to disable UAC in the first few days, but live with it for a fortnight, by when it will be a lot less intrusive. By leaving it on, you get enhanced security, and you, and your users, will have more protection.

• BitLocker - Rafal counted this as one of the key security elements of Windows Vista, specifically because it's a "set and forget" security technology. Once you have enabled BitLocker encryption, all of the data on your hard drive is secured against unauthorised access. For any organisation when IT users may have personal data on laptops (and education definitely fits into that category, especially given the amount of sensitive student data that sits outside of the core database), it's something to explore and implement (did you know that worldwide, 350,000 laptops were stolen or lost in 2006?)
  
  The important thing to remember when you enable BitLocker is to make sure the access key is stored away somewhere you can get it - perhaps in your Active Directory - so that you can recover the data if the user forgets their logon credentials. Rafal talked about an unnamed customer, where they had a requirement that any attempt to access the data would destroy it - even a system administrator inside the organisation. So for them, the recovery keys were not stored - if the user lost their logon credentials, that would be the end of the data on the hard drive!

• Network Access Protection - this is the ability to set connection policies for devices - checking they've got up-to-date anti-virus signatures, the latest security updates etc. Education is potentially quite a different scenario to business, so I'm going to interview Steve Lamb later, and write more about this for you.

• USB controls - there was a discussion about the use of USB controls, to stop users adding memory keys and potentially introducing viruses, unauthorised software and allowing the removal of critical data. One of the points that came across was to think at a higher level - because if you block USB, you simply move the problem to another place (eg my laptop has an SD Card slot  - so I could do all of the above through that instead). The recommendation was to start by looking at what you are trying to prevent - looking at the behaviour - and then addressing that through better policy management and more proactive management of your data and users.
  

Two excellent security nuggets from Rafal and Steve:

• Passwords - At the office, I have to use strong passwords - which means at least 8 letters, including upper and lower case, and non-alphabetic characters. As you can imagine, this is a bit of a pain to remember, every time I have to change my password. The recommendation from Steve & Rafal was for teach users about "pass phrases", to help them to create and remember strong passwords. It's good because it works for students and staff. The basic idea of a pass phrase is that you encourage the user to create and remember a phrase (like "This Week Is Get Safe Online Week 2007"), and from that I create a strong password using the first letter of each word ("Twigsow2"). The password is more memorable to me - I remember the phrase, but unintelligible to anybody trying to guess my password, because it makes no sense.

• Keyboards - Always used a wired keyboard if you are worried about security. I know it's cool and trendy to use wireless (either bluetooth or RF wireless) keyboards, but did you know it is possible to pick up a signal from a specific RF keyboard from a satellite in space! Think about it next time you type in your strong & secure password!

The overarching message was:

- You need tight security to make your systems reliable, and keep your data secure

- Your users want ease-of-use, and security gets in the way of that sometimes

The answer is to find the right compromise, because too much security will encourage users to find ways around your security; too little security might make your users happy but give an unacceptable risk for your business systems.

One recommended way to get your users on your side is to show them what the implications are if they don't pay attention. For example, if a user leaves a computer logged on, and leaves their desk, what information could another person see? Or who could be emailed from their Contacts list? Simple examples help to reinforce the message that a simple step like locking your machine (Windows Key + "L") is simple and improves security significantly.

Steve's blog is a good source for further information on this subject, and to explore the subject further.

Yes, I know you might still think of SQL 2005 as a new product, but SQL 2008 is nearly with us and there are many reasons why people are looking to upgrade.  Here are a few notes I took during a session yesterday afternoon at IT Forum.
Some of the main points of the session were:

• Managing massive amounts of data on multiple devices
• Bringing Business Insight to more users and making this simpler
  • There's a fantastic new report writer tool, with excellent visualisation.
• Spatial data management (at no additional cost)
• Transparent data encryption
• Sight and sound data types

Here are the notes I took during the session:

IT Forum SQL 2008

• In the last 4 years Microsoft has issued zero critical security vulnerabilities compared with another database vendor that has issued around 100 in the same period. So who has the most secure database?
• The price for SQL 2008 will be the same as SQL 2005.
• The upgrade experience from 2005 to 2008 will be as seamless as we can hope to make it and certainly better than in previous experiences. Customers should still consider upgrading from 2000 to 2005 as part of a migration journey.
• Data is everywhere and needs managing. Consider the fact that many laptops can have around 1 TB of storage. How do you manage that type of distributed data model?
• Transparent data encryption: the application, e.g. SAP, Blackboard or Agresso, does not need any changes for the database to be encrypted.
• 2008 has enhanced database mirroring to improve performance, thereby resulting in improved resilience. And also has optimised and predictable performance.
• Connect data from any device such as PC, laptop or phone
• Beyond relational
  • This means beyond words and numbers to sight and sound - a new data type has been added. This allows documents to be stored in a more cost effective manner. Then users can access these documents as data with full text search, query across relational and text data.
• New spatial data type
  • Location aware applications to help visualise location information.
    • By the way, this spatial ability is built into all flavours (including the free SQL) at no additional cost.
  • A great example used was how many coffee stores are within 1 km from the route to work? The answer is spatial and not traditional SQL. So the simple thing is to use long/lat as the storage type but when combined with a simple map and http://maps.live.com it's really powerful.
• Pervasive Insight.
  • What's this? Well, it's the ability to get the data out in a way that makes it useful to the right user communities/individuals in the organisation - to get more value out of their Business Intelligence.
  • Every user with actionable insight - delivers information via MS office with better integration between Word and Excel to bring data mining to a much broader audience
  • New report designer that gives significant ease of use to those every day users.

Vinny Guloto, General Manager for the Malware Protection Centre, presented today on the work that the centre is putting into the world of threat research, and both reactive and proactive response.

One of the interesting slides that Vinny used was about the history of development of industry standards in anti-virus development, and how the anti-virus marketplace has grown. It was broken down into:

• 1986 - 1990
  Very few viruses existed, and researchers in virus protection worked alone within their individual companies.
• 1990-1995
  Anti-virus organisations started to share information, and formed groups to build a common language, and started effective sharing across the industry. The AVPD created the "wildlist" and "wildcore" - starting to share standard signatures across the 20,000 viruses that were loose around the world at that time. This was pretty important to everybody - if you don't have all the viruses available, how can you develop detection and defence against it? (And, you don't want your AV software to rely on you being infected before they can work out how to prevent it!)
• 1995-2005
  All certified Anti-Virus software has to be able to detect all wildcore samples - a list which is expanding by 20-30 categories every month.
  By this time, the virus distributions (ie the virus signatures shared between anti-virus companies) exceeds the gigabyte mark for the first time.
• 2005-2007
  The Anti-Virus Coalition was formed. One of the shifts much more visible now, is that developing countries tend to be harder-hit by viruses as they come online. In India, China etc, the level of infections tend to be higher, because they are going through the learning experience we all went through before (When did you realise that you couldn't run a machine without virus protection?).
  Today there are 225,000 - 300,000 viruses in circulation.

More than 3,400 new software vulnerabilities were reported in the first 6 months of this year (please note, this isn't 3,400 vulnerabilities in MS software, but across the whole software marketplace that could threaten your PC or data). Seemed like a lot to me, until Vinny explained this is actually a decrease in a six month period for the first time since 2000.

Windows Defender is a piece of free software from MS which looks for things like adware and spyware, rather than specifically "malicious" software - it isn't anti-virus software. Using Windows Defender as an example, he shared some statistics:

• In the first six months of 2007, it detected 50 million pieces of potentially unwanted software
  • 16 million items of Adware
  • 7 million items of "potentially unwanted software"
  • 6.5 million Trojans
  • 3 millions items of "remote control" software

After the presentation, it is often the Q&A which contains a startling revelation. And this session was no different. Following a question about how things are changing, he threw in a statistic that was almost a throwaway - that the Malware Protection Centre have found that with Defender, Windows Vista machines have 3 times less "potentially unwanted" software than other Windows machines. Which provides a real life example of the way that the security built into Windows Vista is delivering (silently!) benefits to both the end user and the IT team running their networks.

To read more about the work that Vinny's team do, check out their Microsoft Malware Protection Center Portal

I'm at the IT Forum event this week - it's a week long tech-fest about current and future technologies from Microsoft. This year's event has 5,200 delegates and we're all sitting in a conference centre on the shores of Mediterranean in Barcelona (not quite as wonderful as it sounds - it was 10-degrees when we got here, and I didn't even think I needed a coat...brrrr). We're joined this year by around 80 IT support staff from universities around the UK, all here for the same thing - to get a behind-the-scenes, and in-depth look at the software that runs their services, and to see how new releases can help to improve your service delivery. 

I'm going to do my best to bring you some of the headlines of the event, and their relevance to education.

Windows Server 2008

The opening keynote focused on Windows Server 2008 - the first of a launch wave of products due to be launched on 27th February. It will bring a wide range of new features and functionality which will be useful for education, such as:

• Network Access Protection - allowing you to build policy based protection for devices connected via wired connections, wireless or VPN to your network. With this, you can set a quarantine mechanism, where newly connected devices are automatically quarantined until they have run through a security policy check, and that allows you to enforce your policies (eg, all Windows devices must have the latest security updates installed and up-to-date anti-virus definitions). The ability to differentiate between policies for wired and wireless is useful - for example, it could help you to minimise inconvenience to wired staff, whilst maximising security for wireless student users.
• Security by design - the core idea of Windows Server 2008 is that you only install the components you need, and not the reverse (today's model installs virtually everything on the server, and expects you to switch things off). This will provide better base-line security, and mean you will need to spend less time patching your servers with the latest updates. The outcome? Improved up-time, and less time spent fire-fighting.
• PHP applications will run in Native mode on Windows Server 2008.  So what does this mean for your learning applications like Moodle?  Well, a while ago we announced database neutrality for Moodle, which is the M part of the LAMP stack. You can already run Moodle on MS SQL Server 2005.  Now it seems organisations will be able to run their entire Moodle Learning Environment on a Microsoft platform - clearly this is something that you might want to investigate further, especially if your VLE environment sits alongside your core systems.

More detail on the Windows Server 2008 and Hyper-V announcements

Virtualization*

This has been the buzzword of the afternoon. And what's available helps meet some of the the unique challenges of education IT systems - the expectation from users that they can run whatever applications they want, at the drop of the hat. Oh, and that you'll keep the IT Services up and running whenever they need access.

We've got virtualization technologies coming out of our ears at the moment - Applications virtualization (through SoftGrid/Microsoft Desktop Optimisation Pack); Presentation virtualization (through Terminal Services); Desktop virtualization; and enhanced Server virtualization (through Windows Server 2008).

• Server virtualization under Windows Server 2008 has been officially called "Hyper-V" - an enhanced way of running and managing virtual servers, with an enhanced set of services through System Centre (System Centre Virtual Machine Manager & Data Protection Manager were announced today), designed to better integrate the management of your physical and virtual IT services. On the stage here at IT Forum, Bryon Surace showed us a server hosting 4 flavours of Windows Server 2008 (including the 32-bit and 64-bit versions) running alongside a full Suse Linux server, in a single virtual environment. He also announced new tools to integrate Linux servers onto the Windows Server 2008 platform.
• Application virtualization options seem to be expanding rapidly at the moment. Although there are not a wave of new product announcements (although Beta 1 of the Microsoft Application Virtualization was announced), it has become clearer how the different approaches can allow you to enhance your service delivery, and give your users a little more flexibility without having to compromise your core service delivery.

More info on the System Center announcements

* Which is it? Virtualisation or Virtualization? Normally, I go for UK spellings, but the latest versions of the Oxford dictionary seem to be shifting to a more agnostic approach on Americanised spellings - on this occasion, I'm going to go with it, because we've got product names in here too. Does it really matter? Do you care? I've know that some of the online training providers find they get a lower completion rate on versions using American spellings - sometimes 50% of the normal rate. Does that mean I've lost half of you half-way through this article? Discuss.