In case you’ve not been keeping up with the debate over ‘net neutrality’ and Google/Verizon’s proposals, here’s a handy infographic summary!
Net Neutrality Infographic
August 25th, 2010HP’s Windows 7 Slate Tablet lives on
July 25th, 2010
This is interesting, according to Engadget HP’s much publicised Windows 7 based state tablet isn’t in fact dead as has been reported.
Personally I think this is great news. I’m a long term fan of the slate having had one of HP’s old slates the TC1100 for years. It’s a great bit of kit but Win7 really challenges its 2004 specs.
According to Engadget HP are planning to launch the new tablet later this year targeted at the enterprise market. This makes a lot of sense to me. The iPad has the consumer world all wrapped up but in business (currently) it’s more of a novelty to anyone that needs to do more than email. A Win7 based tablet that has a pen as well as touch and can run apps like OneNote would be very welcome.
What’s more it gives HP a good product on which to take some market share from Motion Computing, who have been doing quite well selling Windows based slate tablets into industries like healthcare and engineering.
Of course there have also been rumours of a HP tablet based on Palms WebOS, which of course HP now owns. While that would definitely be an option in the consumer world I’m not sure businesses would find it all that attractive. The reason I say this is that currently WebOS has next to no security built into the OS, at least none that is compatible with the Exchange ActiveSync (EAS) security policies used by Microsoft and Google (see this article for more info). So in that sense a twin platform might make good sense for HP.
Google Search Appliances support OpenSearch and Windows 7
July 22nd, 2010
A while back I posted up some info on using the OpenSearch features of Windows 7 and Internet Explorer 8 to provide search integration into SharePoint.
OpenSearch is a protocol for easily sending search queries and sharing the search results. Windows 7 and IE8 use OpenSearch to allow external sources of data to be searched directly from Windows as shown in the screenshot below.
![SharePointSearchinWindows71[1]](http://refraction.co.uk/blog/wp-content/uploads/2010/07/SharePointSearchinWindows711.jpg "SharePointSearchinWindows71[1]")
Personally I think it’s a really nice bit of functionality, it’s something I use all time now I have it. So it’s good news then that a couple of days ago Google announced support for OpenSearch on it’s Google Search Appliances (GSA).
If you’ve not seen these before they’re essentially a server running Google indexing and search that you can plug into your network and use to provide search internally to your business. You basically pay for the number of documents you index.
This new support will allow you to send search queries to a GSA and have the results displayed in Explorer or IE just as shown above.
You can find detailed technical info on the Google site and download the feature on the Enterprise Labs site.
Device Encryption on Apple iPhones
July 20th, 2010Following up from my last post on enforcing security policies devices such as iPhones, I thought it might be worth clarifying how iPhones deal with encryption.
Essentially iPhones from the 3GS onwards are encrypted by default, this isn’t something the end user or administrator can control. Earlier devices such as the iPhone and iPhone 3G do not support encryption at all, they’re simply not powerful enough apparently (Apple told me this!).
So if you use Exchange and wish to set the encryption security policies onto iPhones the ‘Require Encryption on the Device’ doesn’t actually do much in of itself – the device is either already encrypted or just can’t be.
Where it is useful is if you wish to block access to devices that cannot be encrypted. In this case you simply set the ‘Require Encryption on the Device’ policy and uncheck the ‘Allow Non-Provisional Devices’ policy. The iPhones will report back their support for encryption and Exchange uses this to evaluate whether they should be allowed on not. So iPhone’s and 3GS’s will be blocked.
Further info on iPhone support for Exchange ActiveSync Policies can be found here.
Android and iPhone Exchange Activesync Policies
July 19th, 2010Over the past couple of weeks I’ve been doing some work on how best to secure data on the myriad of mobile devices that are used these days to access email and calendar information.
It’s a hot topic at the moment, and so it should be. Recently here in the UK the information commissioner brought in a £500,000 fine for each instance of information data loss. Of course it would depend on the information lost, but hands up anyone who understands everything that’s on their companies smartphones and PDA’s… with info creeping out in email attachments or iPhone apps that cache your work username and passwords, it’s a real risk.
If you use MS Exchange, one of simplest ways to apply a level of security to mobile devices is to use the Exchange Activesync Policies that are included out the box. These allow you to apply – and more importantly enforce – a range of configuration options on devices and block access to devices that don’t meet a minimum standard you decide on.
At the bottom of this post I’ve attached a spreadsheet which I’ve put together which details the policies available and the devices they are compatible with. To get the information I spoke to MS, Google and Apple (thanks Jason) directly, so it should be accurate. But I don’t have any contacts at Nokia or Palm so that info was taken from their deployment guides.
Part of the reason I thought I’d post this up is that I noticed a very similar doc was added to Wikipedia, but it doesn’t include some important information about the level of Exchange Client Access Licence (CAL) need to use some of the policies, nor does it talk about the differences between hardware versions of iPhone. If I can bring myself to dive into the wiki mark-up language I’ll amend the article to include the info but for now I hope this spreadsheet helps some of you.
If you’re not currently implementing any policies in Exchange there are a few things to consider before you do.
First think about the types of device currently connecting. If you’ve been using Exchange EAS for a while the chances are you’ll have a range of kit from Windows Mobile 5 onwards. This older equipment may not support many of the available policies, so if they’re company owned devices you may want to look at upgrading them rather than cut the users off entirely. Unfortunately it’s not just older devices that don’t support all EAS policies correctly. Modern OS’s such as Google’s Android and Palms WebOS don’t either.
There are some simple reports that an be run using PowerShell that will list out all the device that connect in, including device type, versions and usernames. Unfortunately the iPhone doesn’t report back its hardware version until iOS4 however. I’ll try to follow up this post with the query details.
Remember that neither Google’s Android, Applies iPhone or iPhone 3G support any level of device encryption, which from a business perspective is a little scary considering their popularity. What’s worse, early versions of the iOS3 firmware apparently mislead the Exchange server into thinking early iPhone were encrypted. If you have a lot of these things out there but still want to apply a level of security you can buy yourself some time using the ‘Allow non-provisional devices’ policy.
One option would be to create a basic security policy with all the PIN settings you want to apply and enforce that by un-checking the ‘allow non-provisional devices’ policy. This will ensure that if a device doesn’t support the policy it can’t connect. You could then create a seperate policy with the encryption settings and the ‘allow non-provisional devices’ enabled. In that case the policy should apply only to those phones that support it.
As always, communication out to your end users is going to be key, especially if you have personal devices connecting to Exchange in addition to your company ones. Whilst having a PIN etc is probably a fair exchange for the Exchange functionality they’ll receive, suddenly finding that your personal phone has had a PIN enforced and that your SD of music and photos has been encrypted is likely to annoy… Something to keep in mind!
Anyway, here’s spreadsheet: Exchange ActiveSync Policies (June2010)
Bruno Senna at the Goodwood Festival of Speed
July 5th, 2010Bruno Senna posted a great clip of him driving one his uncles (Ayton Senna) old race cars back down the Goodwood hill to the paddock, filming the entire thing on his phone. As Bruno says on twitter:
I was holding my mobile phone with my left hand and the steering wheel with the right. Don’t do this at home. Definitely not on the street!!
I thought this was a good demonstration of the reasons I love the Festival of Speed. Where else would you get the best drivers in the world hooning the best cars in the world up and down someone’s driveway?
Apples iPhone 4 Gyroscope
July 1st, 2010
After reading about the iPhone 4’s gyroscope during WWDC, I have to admit I wasn’t sure how such a thing would work. I’ve only ever really encountered the spinning gyroscopes you get as a kid, and I couldn’t really see something like that fitting in a phone!
Thanks to this Wikipedia entry, and this article on ifixit.com the mystry is solved – worth a read if you feeling geeky.
Windows 8 Details
June 29th, 2010Over the last few days it seems if a Microsoft Windows 8 presentation aimed at PC OEM’s has leaked out onto the net. Of course no one has confirmed it’s real, but it looks much like the documents I saw during the Vista and 7 development cycles so I’ve no reason to think it’s not.
I’m not going to republish the slides here, as clearly they should be under NDA, but not this info is in the public domain I’ll discuss major points in general and my take on the implications.
So what’s new in there?
Industry Trends
Whilst this isn’t exactly news, it’s interesting see what MS sees as the trends that are shaping their development of Win8. Many of these are focused around the users interaction with computers.
They describe a market in 2012 providing a wide range of hardware form factors and offering users ubiquitous internet access. In a world where connectivity is assumed MS will continue its ‘Software + Services’ push in Windows 8. With the recent Windows Live Wave 4 releases already providing a pretty strong platform of local applications coupled with Internet services (Hotmail, Office Web Apps, Photo Gallery etc), they mention that Wave 5 release of these apps is pencilled in for release at around the same time as Win8.
MS are also keen to point out that peoples personal and business computing experiences are rapidly merging. This is something that I’ve certainly encountered over the past few years, and it will be interesting to see how MS counter this. The challenge is in keeping corporate applications and data secure, whilst also providing the flexibility people look for in personal computing from the same device.
Solutions out there in the market currently use a pretty heavy handed approach, using perhaps a separate OS instance though a VM or using ‘OS on a Stick’ solutions that effectively turn a personal computer into a thin client that then connects to a business desktop.
I suspect that MS could provide a slightly more elegant solution if they choose to build that abstraction into the OS. Windows 7 already supports booting from a VDI virtual hard disk, and can use XP Mode or MED-V to provide applications that run from a separate local OS. I wouldn’t be surprised to see both of these technologies advance further to present a single ‘desktop’ to the user that ties back to separate ‘personal’ and ‘business’ VM’s. Presumably this may lead to a Client Hypervisor version of Hyper-V along the lines of Citrix’s XenClient.
Apple Envy
One slide that perhaps shows MS’s overall approach to Windows 8 is actually all about Apple. MS have looked at Apple’s appeal and described a cycle that flows from Brand Promise > User Experience > User Confidence > Realised Value > High Satisfaction and then back to Brand Promise. In other words if it just works, people like it, you look good and they’ll will return for more of the same.
I’d have hoped that was all a bit obvious to be honest, but it’s interesting to see that it’s a clear part their thinking and even state “This is something people will pay for!”. Hopefully MS are learning lessons from Apples success, and in fairness their own successful Windows 7 release.
Windows Store
For some time now I’ve been quite critical of MS’s late arrival into the ‘app store’ space. As far as I know only Windows Phone has an MS operated app delivery mechanism (and to a lesser extent XBox Live). To my mind both Windows and XBox would benefit hugely from an app store and the ecosystem of developers that it would spawn. Frankly the PC world is still pretty much in the age of having a choice between Freeware, Shareware or full retail software. Apple style app stores completely change this by providing users will a trusted source of apps and developers with a permanent market and a method of getting paid for their work.
I’m therefore very happy to see MS outline plans for ‘Windows Store’, an iTunes equivalent. It seems like I’m not the only one as the slides show feedback suggesting that it “can’t happen soon enough”!
The concept seems fairly well advanced, the slides include a wireframe storyboard of the app browsing and purchasing experience, which looks quite Zune like – a good thing I reckon. They also show that a users apps and settings will follow them across PC’s, presumably tied to a Live ID as with XBox Live. The app store will also provide mechanisms for delivering updates or patches to installed apps.
For developers there will be a personalised portal to submit apps, track their progress through the approval process and view analytics around sales and usage. One of the most interesting items shown in the portal is a tab for Telemetry. This shows that developers will be able to monitor how the apps are used and receive crash dumps that are returned by faults. As far as I know this is far in advance of any other systems out there and should help ensure that the quality of apps delivered through the system is kept high.
Something that isn’t covered is how the applications themselves will be delivered. We’ve seen MS dabbling with streaming applications over the Internet with the Office 2010 beta, which I understand was a big success. Given the current trend towards application virtualisation I could see Windows Store making use of App-V or a similar technology to deliver apps as discrete objects rather than the traditional MSI’s. Given MS’s own desire to replicate Apple’s ‘It Just Works’ view of the world using virtualised apps would seem to be be a good route for Windows Store. It would help minimising the errors and incompatibilities that can plague large app portfolios.
Personally I think Windows Store is an incredibly exciting development for users and developers. What I’m curious about is how this might then relate to business use of Windows. Presumably it wouldn’t be to hard to extent this model out into the Enterprise space.
There are already solutions out there that provide ‘shopping cart’ style interfaces into Microsoft’s Configuration Manager (SCCM) application delivery tools, but this sort of interface would certainly be a welcome addition for businesses. I guess there would be a couple of approaches that could be adopted.
For one, Windows Store itself could provide a way for companies to allow users to buy software through it. This would probably need an approval mechanism to ensure that spend was authorised, and also an alternative method for invoicing and payment. It would also be desirable for companies to be able white-list or black-list apps.
It’s a challenge for sure, but it’s not too hard to envision it happening. With MS’s ability to federate it’s Online services with internal company Active Directories they could potentially access a primitive authorisation matrix through the ‘Manager’ information in AD. And Group Policy would be a perfect way of switching the Store into a ‘business mode’ that doesn’t bill the users directly.
The second method might be to build a similar interface that can be hosted internally and used with SCCM. Providing a similar user experience on company machines has obvious benefits to users and IT alike. Indeed given the focus on bringing together people work and home experiences the ability to switch between them at will is probably worthwhile.
Identity and Authentication
There a couple of slides around Win8’s proposed methods of authentication and how it might handle user data. The obvious flashy thing here is the proposed use of facial recognition for logon, the idea being that a webcam connected to the computer would recognise that you have say down in front of the computer, determine that it’s you and then log you on.
I’ve played with some tools for this before, and it’s a very nice user experience. If MS can get it right and fix the false-positive issues that facial recognition systems can have (i.e. holding up a photo of the computers owner to logon…) it could be a very nice addition.
The other item of note was how Win8 will handle user profiles. It seems that Windows user accounts will be ‘connected to the cloud’ so that user settings, and presumably documents, will follow them from PC to PC. With Microsoft’s Mesh synchronisation technology now mature and forming part of Windows Live Wave 4, I suspect that this will also be the basis of continuously sync’ing user profiles with a Live back-end service.
I’ve wondered whether they’d do this for some time. Indeed when Mesh was released I wondered whether having the ability to sync both document data and user personalisation info into the cloud might lead MS to presenting actual Windows desktops from it’s Azure platform.
There are plenty of other bit and pieces in the presentation. But to my mind those are the main things to consider.
Of the rest the Fast Startup looks good, it’s a hybrid system boot mechanism that uses the hibernate function to cut out some of the boot process and hugely reduce startup time. It’s worth noting that this and Sleep will be the default startup and shutdown actions in Window 8.
So all in all it’s very positive stuff, I suspect that MS will be very unhappy it’s public. It certainly gives the opposition something to aim at. I have to say if I was MS rather than clamping down on the now public info I’d make the most of it – fill in the gaps on what’s already known and start the hype early.
For more info there’s good ccoverage over on Windows Kitchen.
Subscribe
