My Thoughts On IT…

Brian Lewis's Thoughts on all things Information Technology related

heartbleedThe Heartbleed bug is a big deal. This flaw affected TOR and about two-thirds of internet websites. The flaw was uncovered by researchers from Google and Codenomicon. It is expected that the big sites will be fixed quickly but that all the different devices and sites effected will not all be updated for months. The open source programmer, based in Germany, who inadvertently introduced this bug has come forward and admitted his mistake. PcMag.com has this info here:
http://www.pcmag.com/article2/0,2817,2456415,00.asp

You can test a website to see if it has the bug at this webpage here:
http://filippo.io/Heartbleed/

For more information on the Heartbleed bug here are a few articles. Smile 

-Brian

The Heartbleed Bug
Codenomicon (the researchers who found and disclosed the flaw)
http://heartbleed.com/

How to recover from Heartbleed
Steven J. Vaughan-Nichols/ZDNet
http://www.zdnet.com/how-to-recover-from-heartbleed-7000028253/

There’s little web users can do to thwart ‘Heartbleed’ threat
Jim Finkle/Reuters
http://www.reuters.com/article/2014/04/09/cybersecurity-internet-bug-idUSL2N0N11HC20140409

After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset
Robert McMillan/Wired
http://www.wired.com/2014/04/heartbleed/

Website Security Flaw Spurring Calls to Change Passwords
Jordan Robertson/Bloomberg
http://www.bloomberg.com/news/2014-04-09/heartbleed-security-flaw-found-in-websites-spurring-fix.html

Heartbleed Flaw Leads Security Experts to Urge Password Changes
Jordan Robertson/Bloomberg
http://www.businessweek.com/news/2014-04-09/heartbleed-flaw-leads-security-experts-to-urge-password-changes

Heartbleed Is The Massive Security Flaw That Could Affect Up To Two-Thirds Of The Internet
Charlie Warzei/BuzzFeed
http://www.buzzfeed.com/charliewarzel/heartbleed-is-the-massive-security-flaw-that-could-affect-up

Heartbleed Bug puts encrypted online transactions at risk, here’s what you should know
Paranjay Dutt/BGR
http://www.bgr.in/news/heartbleed-bug-puts-encrypted-online-transactions-at-risk-heres-what-you-should-know/

Millions of passwords exposed
Staff Writer/Associated Press
http://www.politico.com/story/2014/04/internet-heartbleed-millions-of-passwords-exposed-105510.html

Which sites have patched the Heartbleed bug
Jason Cipriani/CNET
http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

Heartbleed bug: What you need to know
Jose Pagliery/CNN
http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/

The Security Bug That Affects Most Of The Internet, Explained
Jeremy Bowers/NPR
http://www.npr.org/blogs/alltechconsidered/2014/04/08/300602785/the-security-bug-that-affects-most-of-the-internet-explained

Q. and A. on Heartbleed: A Flaw Missed by the Masses
Brian X. Chen/New York Times
http://bits.blogs.nytimes.com/2014/04/09/qa-on-heartbleed-a-flaw-missed-by-the-masses/?_php=true&_type=blogs&_r=0

Heartbeat Heartbleed Bug Breaks Worldwide Internet Security Again (And Yahoo)
James Lyne/Forbes
http://www.forbes.com/sites/jameslyne/2014/04/08/heartbeat-heartbleed-bug-breaks-worldwide-internet-security-again-and-yahoo/

Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
Dan Goodin/Ars Technica
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

‘Heartbleed’ Bug: OpenSSL Flaw Rips Open The Encrypted Internet
Michael Rundle/Huffington Post
http://www.huffingtonpost.co.uk/2014/04/08/heartbleed-bug-openssl_n_5109087.html?utm_hp_ref=uk

Common Web Encryption Tool Is Flawed, Analysts Say
Danny Yadron/Wall Street Journal
http://online.wsj.com/news/articles/SB10001424052702304819004579489813056799076?KEYWORDS=Heartbleed&mg=reno64-wsj

IT Camp: Windows 8

As IT professionals, it’s your job to keep up with the latest demands – ensuring your organization has the fastest, most intuitive technology and uninterrupted services, while giving people the freedom to work anywhere, anytime, on a variety of devices.

Join us for the upcoming IT Camp, “Empowering People-Centric IT with Windows 8.1 for IT Professionals,” and learn about the new features in Windows 8.1. These capabilities simplify the migration, deployment, and management of tomorrow’s IT environments, while tangibly improving the end-user experience.

At this IT Camp, you’ll get hands-on experience with Windows 8.1 and Windows Server 2012 R2 in the enterprise. Explore the new Windows 8.1 feature set while you dive deep into key enterprise scenarios around System Center Configuration Manager 2012 R2 and Windows Intune management, deployment, security, desktop virtualization, side-loading apps, and mobility.

Session Requirements

  • Be sure to bring a modern laptop that can run the following prerequisites.
  • Modern operating system, including Windows 7, Windows 8, Linux or Mac OS X
  • Modern web browser supporting HTML5 and Javascript, including IE 9 or later, Chrome, Firefox and Safari
    Remote desktop (RDP) client – included with Windows platforms.  Mac and Linux RDP clients can be downloaded for free at http://www.2x.com/rdp-client/

Visit http://www.technetevents.com to learn more or register by clicking on the city closest to you.

Date

City

State

4/29/2014

Milwaukee (Waukesha)

WI

4/29/2014

Austin

TX

4/29/2014

Jacksonville

FL

4/30/2014

Detroit (Southfield)

MI

4/30/2014

New York

NY

4/30/2014

Los Angeles

CA

5/1/2014

Chicago (Downers Grove)

IL

5/1/2014

Ft. Lauderdale

FL

5/6/2014

Minneapolis (Edina)

MN

5/6/2014

New York

NY

5/7/2014

Cincinnati

OH

5/7/2014

Atlanta (Alpharetta)

GA

5/7/2014

Philadelphia (Malvern)

PA

5/7/2014

Denver

CO

5/7/2014

San Francisco

CA

5/8/2014

Kansas City (Overland Park)

KS

5/9/2014

Tampa

FL

5/20/2014

Columbus

OH

5/20/2014

Reston

VA

5/20/2014

Chicago (downtown)

IL

5/21/2014

Dallas (Irving)

TX

5/21/2014

Cambridge

MA

5/21/2014

Charlotte

NC

5/22/2014

Seattle

WA

5/22/2014

St. Louis

MO

5/22/2014

Tempe

AZ

5/28/2014

Houston

TX

6/4/2014

Los Angeles

CA

image

The Windows 8.1 Update is available on MSDN as of yesterday and will be available on Windows update April 8th. Click the image on the right to see a full size screenshot of the update on MSDN.

It is available for ARM, X86, and X64. I am pulling it down now and will be installing to several Surface devices and several Intel laptops. I will update this post with those experiences.

*** Insert update here ***

 

For more information about the Windows 8.1 update see the official links below

Windows 8.1 Update: The IT Pro Perspective
http://blogs.windows.com/windows/b/springboard/archive/2014/04/02/windows-8-1-update-the-it-pro-perspective.aspx

Windows 8.1 Update – important refinements to the Windows experience
http://blogs.windows.com/windows/b/windowsexperience/archive/2014/04/02/windows-8-1-update-important-refinements-to-the-windows-experience.aspx

ipadToday Microsoft announced and released Office for iPad. Specifically Word, Excel, and PowerPoint released for the iPad. OneNote had an update release also.

At about 1 PM CST the apps went live in the App Store and I pulled them down immediately. I am extremely impressed in their functionality. These are not just light weight applications like in the web browser or on the phone. These apps have most of the features I use when I create documents on a full blown PC.

I have heard technical people state that iPads are for consuming information but not good for creating documents. Well I think that might have just changed.

I will have to let you know after I try to edit a presentation on my iPad Mini but my first impressions are that these are very high quality apps with functionality on par with full desktop apps.

What you need to know if you want to try Office for iPad 

You download the apps individually, not as an office suite. Upon opening one of the downloaded apps you receive information about Office 365. You can read documents but you can’t edit or create documents unless you have an Office 365 subscription.

I started the Excel and choose to run read only. Then I clicked a link in the app to enter my Office 365 credential. After authenticating it opened the ability to fully edit documents.  

 

Word

Excel

PowerPoint

Word(Medium) Excel (Medium) PPT(Medium)

Click image above to enlarge

I did find one issue. My iPad choked on opening a PowerPoint document that was 145 Megabytes in size. It stated that it didn’t have enough memory and I should close some apps and try again. I guess I can’t throw out my workstation just yet. Winking smile (JK, can’t live without my Asus Zenbook touch) I did open a 6 meg presentation, pictured above that worked just fine and rendered perfectly.  I will play with this a little more and let you know what I find. Leave a comment and let us know what you find as you work with these new apps!

Cheers, Brian

For more info check out:

Youtube video: The real Microsoft Office apps for iPad are here!
http://www.youtube.com/watch?v=frpsGFQ4AIY

Satya Nadella, Chief Executive Officer of Microsoft Blog post:
http://blogs.technet.com/b/microsoft_blog/archive/2014/03/27/a-cloud-for-everyone-on-every-device.aspx

0269035729_2_3500x2333_toWe have a very exciting project where we are reaching out to customers for a series of interviews over the next few months. The project is extremely agile and the interviews will be rapid, 30 minute max where, as the product progresses we will continue to maintain a customer pulse getting feature feedback and their influence though out the process.

So, if you are you a Systems Administrator or Security Analyst and would you like to influence the future of products to manage and secure your virtualization infrastructure. This is your opportunity to be heard by Microsoft Cloud and Data Center Management Research and Program Managers! They would like to talk to IT Pros that manage and secure your organizations virtualized and cloud environments.

If you are interested in talking further with Microsoft, please complete a short survey that will help us to determine how your job fits within the management and security of cloud and datacenter virtual computing. Join the discussion, we want to hear from you!

Click here to access the survey:
https://illumeweb.smdisp.net/collector/Survey.ashx?Name=CDM_interview_survey_MB

MVA-Intro-Win-Azure

What’s better than sitting down with a technical book? Sitting down with a Free technical book or at one you can get work to pay for. Smile Since most of us have more in the want category than we do in the budget category, I thought you might be interested in the free eBooks that Microsoft Press has available.

Here is a list of the Free Book Titles as of today.

  • Microsoft System Center: Building a Virtualized Network Solution
  • Introducing Windows Server 2012 R2
  • Introducing Windows Azure for IT Professionals
  • Rethinking Enterprise Storage: A Hybrid Cloud Model
  • Introducing Windows 8.1 for IT Professionals
  • Programming Windows Store Apps with HTML, CSS, and JavaScript, Second Edition
  • .NET Technology Guide for Business Applications
  • Microsoft System Center: Building a Virtualized Network Solution
  • Introducing Microsoft System Center 2012 R2
  • Microsoft System Center: Designing Orchestrator Runbooks
  • Microsoft System Center: Configuration Manager Field Experience
  • Microsoft System Center: Cloud Management with App Controller
  • Microsoft System Center: Troubleshooting Configuration Manager
  • Microsoft System Center: Optimizing Service Manager

Here is the link:
http://www.microsoftvirtualacademy.com/ebooks

Happy Reading! –Brian

OneDrive-LogoToday Microsoft announce the global availability of OneDrive. For existing SkyDrive customers, you are all set. Your files are already in the new OneDrive experience—all you have to do is head over to www.OneDrive.com and log in. For those of you just hearing about the service for the first time, OneDrive gives you one place for all of your files, including photos, videos, and documents, and it’s available on the devices you use every day.

Here are three things you can do with your Free OneDrive

  • Refer a Friend.  With this release, customers who refer friends can now receive up to 5 GB (in 500 MB increments) for each friend who accepts an invitation to OneDrive.  So refer a friend, help us with the launch, and get more storage while you do it!
  • Get OneDrive for your phone and keep your photos safe.  If you have a Windows Phone, of course it works with OneDrive, and your photos are safe.  But we bet you didn’t know that OneDrive can back up photos from your iPhone or Android phone too!  Just install the new OneDrive client, launch it, and it will ask you if you want to back up your photos. From then on, every photo you take is copied to OneDrive.  We’ll even give you 3 GB just for using the camera back-up feature, since we want to help make sure you never lose another photo.
  • Use OneDrive + Office for your personal documents and notes.  Just like SkyDrive, OneDrive works great with Office and makes storing and sharing documents a snap.  OneDrive is built in to Office as the default save location, so you can see the recent documents you were working on and pick up right where you left off, even if you switch devices. With real-time co-authoring in the free online version of Office in OneDrive, you can work on Word, Excel, and PowerPoint documents simultaneously with colleagues or family, see edits as they happen, and rest assured that you always have the latest version.  Install OneDrive on your PC or Mac, copy your docs to OneDrive, and use Office 2013.  From then on, every doc you write and every note you take is available across your PC, Mac, phone, and tablet. 

For more information on OneDrive you can head to the OneDrive product team’s Blog here: http://blog.onedrive.com/ or, follow them on Twitter @OneDrive.

Better yet, try it now! www.OneDrive.com

disasterrecoveryServer Virtualization is a great way to enhance your disaster recovery strategy. Server Virtualization adds agility not only in managing your day to day server environment but it also adds agility in restoring your servers in case of a problem.

When restoring a server to new hardware it is really nice when you can restore it to the exact same hardware. For example if the original hardware has a disk controller for an array of disks then it is much easier if the new hardware has that same setup. After a full restore, new hardware with a different controller card, won’t be able to access the disk storage after your reboot. This can be very frustrating and add hours to each server restore. You will have similar problems with other hardware such as network cards. Anyone who has done a test restore or a real disaster recovery will tell you this is a huge pain.

Doing server restores to new hardware is one area where virtualization really shines for a disaster recovery. First, you will need to restore your virtualization host servers. You will run into the same driver issues here but once the hosts are up all of you VMs just work. Because the VMs are running under the virtual environment the virtual hardware is all the same so there are no driver updates needed. This enables a much faster recover and a lot less gnashing of your teeth. This benefit is the same for Citrix XEN, Microsoft Hyper-v, and VMware ESX.

There are other areas where server virtualization can help improve you DR recovery time. One example of this is using a virtualization cluster which can start your VMs automatically on another host server in case of a server hardware failure. This addresses just a local server issue and not a catastrophic failure at the Data Center. Another virtualization technology that can provide faster recovery time from a catastrophic datacenter failure is a technology like VMware’s Site Recovery Manager or Microsoft’s Hyper-v Replica. This will keep a copy of the running VM at another site. It takes just minutes to have the server up and running at the backup location. Depending on the risk you are willing to accept this may be all the DR protection you need for a server. Others you may want to add other backups either online or offline.

As Jennelle wrote about in her post yesterday, the first thing to do in your DR planning is rate the needs of your services. How quickly do they need to be up and running? How much data can be lost, if any. It would be nice to set everything to the highest level of priority on both speed to restore and importance of data retention. Unfortunately, it is cost prohibitive to offer the highest levels of protection to all data. The other thing to keep in mind is the business that you are in.  For example, a military is more likely to have a disaster at two geographically dispersed datacenters on the same day than say a bicycle manufacturer. Once you understand the different needs for your services and data you can match those needs to the available tools. There are are a lot of tools available that can provide for various levels of data recovery and speed to restore. Virtualization adds a lot of options for your tool belt.

Below is a list of a few tools used in conjunction with virtualization that are useful as you look to balance costs and needs in regards to your disaster recover and business continuity plans.

  • Windows Server Backup (supports Hyper-v for more details go here)
  • Hyper-v Replica
  • Veem – Backup
  • Vision Solutions – Double Take
  • System Center – Data Protection Manager

In other post of this series we will take a deeper look at specific tools like Hyper-v Replica and explain how it works and step you through implementation.

This is post part of a 15 part series on Disaster Recovery and Business Continuity planning by the US based Microsoft IT Evangelists. For the full list of articles in this series see the intro post located here: http://mythoughtsonit.com/2014/02/intro-to-series-disaster-recovery-planning-for-i-t-pros/

DisasterRecoveryImageOver the next three weeks my team will be running a blog series with a new post each day covering Disaster Recovery and Business Continuity topics. We chose the topic of Disaster Recovery and Business Continuity because this is an absolute necessity in any IT shop and we want to help give you the information you need to have a successful plan in place.

We will cover topics including best practices for DR, our personal experiences in DR, and Microsoft technologies that are useful for DR. Here is the list of topics that I will update with the links as they publish.

Day Author Blog Post Link
Feb 10 Brian INTRO TO SERIES: Disaster Recovery Planning for I.T. Pros (this post)
Feb 11 Jennelle Disaster recovery for IT Pros: How to Plan, What are the considerations?
Feb 12 Brian Value of Server Virtualization to Disaster Recovery Management.
Feb 13 Tommy How Hyper-v Replica can save the day
Feb 14 Keith Create Backups of VMs in Windows Azure by using PowerShell
    Weekend
Feb 17 Keith Cloud-based Backup and Restore for Windows Azure Virtual Machines
Feb 18 Jennelle Is there value in testing your Disaster Recovery plan?
Feb 19 Yung High Availability, Disaster Recovery, and Windows Azure
Feb 20 Keith File Server Disaster Recovery to the cloud with Windows Azure
Feb 21 Matt What about Fluffy the cat and saving your desktops?
    Weekend
Feb 24 Keith Windows Azure Hyper-V Recovery Manager (HRM)
Feb 25 Jennelle Disaster Recovery Planning Checklist
Feb 26 Kevin “The Case for the Offline Backup”
Feb 27 Keith Planning for DR capacity with the Capacity Planner for Hyper-V Replica
Feb 28 Brenda Building a disaster recovery environment for SharePoint in Windows Azure — a few things we learned
  Brian Disaster Recovery / Business Continuity Series recap

ProcexplA new version of Processor Explorer shipped yesterday and it is better than ever at helping you find unwanted malware. The new version is Version 16.0.

This version of Process Explorer introduces a new integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.

To use this new feature you just need to turn it on. After running Process Explorer click on “Options” and then VirusTotal.com. Next select “Check VirusTotal.com”. The first time you enable this you will have to accept an agreement.

Try it now! You can download it from the Sysinternals section of the TechNet website here:

http://technet.microsoft.com/en-us/sysinternals