Posts Tagged ‘Microsoft’

« Older Entries

Device Encryption on Apple iPhones

Tuesday, July 20th, 2010

Following up from my last post on enforcing security policies devices such as iPhones, I thought it might be worth clarifying how iPhones deal with encryption.

Essentially iPhones from the 3GS onwards are encrypted by default, this isn’t something the end user or administrator can control.  Earlier devices such as the iPhone and iPhone 3G do not support encryption at all, they’re simply not powerful enough apparently (Apple told me this!).

So if you use Exchange and wish to set the encryption security policies onto iPhones the ‘Require Encryption on the Device’ doesn’t actually do much in of itself – the device is either already encrypted or just can’t be. 

Where it is useful is if you wish to block access to devices that cannot be encrypted.  In this case you simply set the ‘Require Encryption on the Device’ policy and uncheck the ‘Allow Non-Provisional Devices’ policy.  The iPhones will report back their support for encryption and Exchange uses this to evaluate whether they should be allowed on not.  So iPhone’s and 3GS’s will be blocked.

Further info on iPhone support for Exchange ActiveSync Policies can be found here.

Tags: , , , , , ,
Posted in Tech | No Comments »

Android and iPhone Exchange Activesync Policies

Monday, July 19th, 2010

Over the past couple of weeks I’ve been doing some work on how best to secure data on the myriad of mobile devices that are used these days to access email and calendar information.

It’s a hot topic at the moment, and so it should be.  Recently here in the UK the information commissioner brought in a £500,000 fine for each instance of information data loss.  Of course it would depend on the information lost, but hands up anyone who understands everything that’s on their companies smartphones and PDA’s… with info creeping out in email attachments or iPhone apps that cache your work username and passwords, it’s a real risk.

If you use MS Exchange, one of simplest ways to apply a level of security to mobile devices is to use the Exchange Activesync Policies that are included out the box.  These allow you to apply – and more importantly enforce – a range of configuration options on devices and block access to devices that don’t meet a minimum standard you decide on.

At the bottom of this post I’ve attached a spreadsheet which I’ve put together which details the policies available and the devices they are compatible with.  To get the information I spoke to MS, Google and Apple (thanks Jason) directly, so it should be accurate.  But I don’t have any contacts at Nokia or Palm so that info was taken from their deployment guides.

Part of the reason I thought I’d post this up is that I noticed a very similar doc was added to Wikipedia, but it doesn’t include some important information about the level of Exchange Client Access Licence (CAL) need to use some of the policies, nor does it talk about the differences between hardware versions of iPhone.  If I can bring myself to dive into the wiki mark-up language I’ll amend the article to include the info but for now I hope this spreadsheet helps some of you.

If you’re not currently implementing any policies in Exchange there are a few things to consider before you do. 

First think about the types of device currently connecting.  If you’ve been using Exchange EAS for a while the chances are you’ll have a range of kit from Windows Mobile 5 onwards.  This older equipment may not support many of the available policies, so if they’re company owned devices you may want to look at upgrading them rather than cut the users off entirely.  Unfortunately it’s not just older devices that don’t support all EAS policies correctly.  Modern OS’s such as Google’s Android and Palms WebOS don’t either. 

There are some simple reports that an be run using PowerShell that will list out all the device that connect in, including device type, versions and usernames.  Unfortunately the iPhone doesn’t report back its hardware version until iOS4 however.  I’ll try to follow up this post with the query details.

Remember that neither Google’s Android, Applies iPhone or iPhone 3G support any level of device encryption, which from a business perspective is a little scary considering their popularity.  What’s worse, early versions of the iOS3 firmware apparently mislead the Exchange server into thinking early iPhone were encrypted.  If you have a lot of these things out there but still want to apply a level of security you can buy yourself some time using the ‘Allow non-provisional devices’ policy. 

One option would be to create a basic security policy with all the PIN settings you want to apply and enforce that by un-checking the ‘allow non-provisional devices’ policy.  This will ensure that if a device doesn’t support the policy it can’t connect.  You could then create a seperate policy with the encryption settings and the ‘allow non-provisional devices’ enabled.  In that case the policy should apply only to those phones that support it.

As always, communication out to your end users is going to be key, especially if you have personal devices connecting to Exchange in addition to your company ones.  Whilst having a PIN etc is probably a fair exchange for the Exchange functionality they’ll receive, suddenly finding that your personal phone has had a PIN enforced and that your SD of music and photos has been encrypted is likely to annoy…  Something to keep in mind!

Anyway, here’s spreadsheet: Exchange ActiveSync Policies (June2010)

Tags: , , , , , , , , , , ,
Posted in Tech | No Comments »

Windows 8 Details

Tuesday, June 29th, 2010

Over the last few days it seems if a Microsoft Windows 8 presentation aimed at PC OEM’s has leaked out onto the net.  Of course no one has confirmed it’s real, but it looks much like the documents I saw during the Vista and 7 development cycles so I’ve no reason to think it’s not.

I’m not going to republish the slides here, as clearly they should be under NDA, but not this info is in the public domain I’ll discuss major points in general and my take on the implications.

So what’s new in there? 

Industry Trends
Whilst this isn’t exactly news, it’s interesting see what MS sees as the trends that are shaping their development of Win8.  Many of these are focused around the users interaction with computers.

They describe a market in 2012 providing a wide range of hardware form factors and offering users ubiquitous internet access.  In a world where connectivity is assumed MS will continue its ‘Software + Services’ push in Windows 8.  With the recent Windows Live Wave 4 releases already providing a pretty strong platform of local applications coupled with Internet services (Hotmail, Office Web Apps, Photo Gallery etc), they mention that Wave 5 release of these apps is pencilled in for release at around the same time as Win8.

MS are also keen to point out that peoples personal and business computing experiences are rapidly merging.  This is something that I’ve certainly encountered over the past few years, and it will be interesting to see how MS counter this.  The challenge is in keeping corporate applications and data secure, whilst also providing the flexibility people look for in personal computing from the same device.

Solutions out there in the market currently use a pretty heavy handed approach, using perhaps a separate OS instance though a VM or using ‘OS on a Stick’ solutions that effectively turn a personal computer into a thin client that then connects to a business desktop.

I suspect that MS could provide a slightly more elegant solution if they choose to build that abstraction into the OS.  Windows 7 already supports booting from a VDI virtual hard disk, and can use XP Mode or MED-V to provide applications that run from a separate local OS.  I wouldn’t be surprised to see both of these technologies advance further to present a single ‘desktop’ to the user that ties back to separate ‘personal’ and ‘business’ VM’s.  Presumably this may lead to a Client Hypervisor version of Hyper-V along the lines of Citrix’s XenClient.

Apple Envy
One slide that perhaps shows MS’s overall approach to Windows 8 is actually all about Apple.  MS have looked at Apple’s appeal and described a cycle that flows from Brand Promise > User Experience > User Confidence > Realised Value > High Satisfaction and then back to Brand Promise.  In other words if it just works, people like it, you look good and they’ll will return for more of the same.

I’d have hoped that was all a bit obvious to be honest, but it’s interesting to see that it’s a clear part their thinking and even state “This is something people will pay for!”.  Hopefully MS are learning lessons from Apples success, and in fairness their own successful Windows 7 release.

Windows Store
For some time now I’ve been quite critical of MS’s late arrival into the ‘app store’ space.  As far as I know only Windows Phone has an MS operated app delivery mechanism (and to a lesser extent XBox Live).  To my mind both Windows and XBox would benefit hugely from an app store and the ecosystem of developers that it would spawn.  Frankly the PC world is still pretty much in the age of having a choice between Freeware, Shareware or full retail software.  Apple style app stores completely change this by providing users will a trusted source of apps and developers with a permanent market and a method of getting paid for their work.

I’m therefore very happy to see MS outline plans for ‘Windows Store’, an iTunes equivalent.  It seems like I’m not the only one as the slides show feedback suggesting that it “can’t happen soon enough”! 

The concept seems fairly well advanced, the slides include a wireframe storyboard of the app browsing and purchasing experience, which looks quite Zune like – a good thing I reckon.  They also show that a users apps and settings will follow them across PC’s, presumably tied to a Live ID as with XBox Live.  The app store will also provide mechanisms for delivering updates or patches to installed apps.

For developers there will be a personalised portal to submit apps, track their progress through the approval process and view analytics around sales and usage.  One of the most interesting items shown in the portal is a tab for Telemetry.  This shows that developers will be able to monitor how the apps are used and receive crash dumps that are returned by faults.  As far as I know this is far in advance of any other systems out there and should help ensure that the quality of apps delivered through the system is kept high.

Something that isn’t covered is how the applications themselves will be delivered.  We’ve seen MS dabbling with streaming applications over the Internet with the Office 2010 beta, which I understand was a big success.  Given the current trend towards application virtualisation I could see Windows Store making use of App-V or a similar technology to deliver apps as discrete objects rather than the traditional MSI’s.  Given MS’s own desire to replicate Apple’s ‘It Just Works’ view of the world using virtualised apps would seem to be be a good route for Windows Store.  It would help minimising the errors and incompatibilities that can plague large app portfolios.

Personally I think Windows Store is an incredibly exciting development for users and developers.  What I’m curious about is how this might then relate to business use of Windows.  Presumably it wouldn’t be to hard to extent this model out into the Enterprise space.

There are already solutions out there that provide ‘shopping cart’ style interfaces into Microsoft’s Configuration Manager (SCCM) application delivery tools, but this sort of interface would certainly be a welcome addition for businesses.  I guess there would be a couple of approaches that could be adopted.

For one, Windows Store itself could provide a way for companies to allow users to buy software through it.  This would probably need an approval mechanism to ensure that spend was authorised, and also an alternative method for invoicing and payment.  It would also be desirable for companies to be able white-list or black-list apps. 

It’s a challenge for sure, but it’s not too hard to envision it happening.  With MS’s ability to federate it’s Online services with internal company Active Directories they could potentially access a primitive authorisation matrix through the ‘Manager’ information in AD.  And Group Policy would be a perfect way of switching the Store into a ‘business mode’ that doesn’t bill the users directly.

The second method might be to build a similar interface that can be hosted internally and used with SCCM.  Providing a similar user experience on company machines has obvious benefits to users and IT alike.  Indeed given the focus on bringing together people work and home experiences the ability to switch between them at will is probably worthwhile.

Identity and Authentication
There a couple of slides around Win8’s proposed methods of authentication and how it might handle user data.  The obvious flashy thing here is the proposed use of facial recognition for logon, the idea being that a webcam connected to the computer would recognise that you have say down in front of the computer, determine that it’s you and then log you on.

I’ve played with some tools for this before, and it’s a very nice user experience.  If MS can get it right and fix the false-positive issues that facial recognition systems can have (i.e. holding up a photo of the computers owner to logon…) it could be a very nice addition.

The other item of note was how Win8 will handle user profiles.  It seems that Windows user accounts will be ‘connected to the cloud’ so that user settings, and presumably documents, will follow them from PC to PC.  With Microsoft’s Mesh synchronisation technology now mature and forming part of Windows Live Wave 4, I suspect that this will also be the basis of continuously sync’ing user profiles with a Live back-end service.

I’ve wondered whether they’d do this for some time.  Indeed when Mesh was released I wondered whether having the ability to sync both document data and user personalisation info into the cloud might lead MS to presenting actual Windows desktops from it’s Azure platform.

 

There are plenty of other bit and pieces in the presentation.  But to my mind those are the main things to consider. 

Of the rest the Fast Startup looks good, it’s a hybrid system boot mechanism that uses the hibernate function to cut out some of the boot process and hugely reduce startup time.  It’s worth noting that this and Sleep will be the default startup and shutdown actions in Window 8.

So all in all it’s very positive stuff, I suspect that MS will be very unhappy it’s public.  It certainly gives the opposition something to aim at.  I have to say if I was MS rather than clamping down on the now public info I’d make the most of it – fill in the gaps on what’s already known and start the hype early.

For more info there’s good ccoverage over on Windows Kitchen.

Tags: , , , , , , ,
Posted in Tech | No Comments »

Who needs PowerPoint? Try Prezi instead

Wednesday, June 9th, 2010

Well to be honest I do… but thanks to Eileen Brown I’ve now discovered a pretty decent alternative in Prezi.  As part of my job I often have to put together presentations for various strategies or projects.  I’m always quite conscious that traditional built pointed PowerPoints are liable to bore people to tears, so anything that can help liven things up a little has to be good. 

So what is Prezi then?  Well it’s an online presentation tool, but the difference is in how you build up those presentations and what they look like when played back.  Rather than write a long (probably inadequate!) explanation they’ve got a decent intro video:

So as you can see it’s a bit different from the normal PowerPoint type app :)

I guess the closest I’ve seen has been Microsoft’s Office Labs pptPlex which is a free add-in that provides similar functionality inside of Powerpoint.   Prezi is just more like a ‘Deepzoom’ sort of experience – which is odd given Deepzoom is an MS technology.

Having played with it a little today, I reckon Prezi is a good little tool.  It makes it much easier to tell a story in your presentations, and hopefully keep people engaged in what you’re saying.

The ability to embed external media like images and videos is well implemented and very useful.  Indeed, I’ve not tried it but I think you can even embed normal slides from slide share – though I’m not sure why you’d want to!

Prezi has three options for getting access to it.  You can sign up for free, but you only get 100MB of storage and all your presentations are public and branded with a Prezi watermark.

There are then two costed options, ‘Enjoy’ at $59 a year and ‘Pro’ at $159 a year.  Both have the option to make presentations private, and have the watermark removed.  ‘Enjoy’ has 500MB of storage, and ‘Pro’ 2GB and a Desktop editor so you can create and view presentations offline.

The free versions inability to save a presentation privately is – in my view – not very user friendly.  I can see why they’ve done it to drive sales of the costed options, but even so you’d have to careful what you post up, especially if they’re work/business presentations.

Personally I feel that the costed options are a little too expensive.  As good as it is, I’m not sure that it’s worth that much or that the offline app would be worth a $100 premium. 

It’s a balance really of whether you feel that the impact Prezi can potentially give your presentations is worth the cost.  I think it has real potential, but there are a few niggles that it would be worth them looking at.

  • - The saved presentations are pretty big – a basic demo I did with two paragraphs came down as a 20MB zip file!
  • - As Prezi is a Flash app, right-clicking on it just brings up the normal Flash menu, not much they can do about that, but there are some tasks where right-clicking would improve the navigation.  And of course it won’t work on an iPad, where the interface would seem to really suit it!
  • - There are only a couple of styles provided, and whilst you can pay $450 for a custom one, the ability to change fonts and colours etc would seem to be a pretty basic feature people would expect.

Like I say, I really like Prezi, you can create some really striking presentations in it.  Will I buy it?  Probably not… With information security such a big factor in business these days I don’t think I could save presentations online without knowing more about their security model etc, and $159 a year is too expensive for a version that would give me the ability to work offline and keep the presentations within the companies control.  Still it’s a very nice little app!

Tags: , , , , , , , ,
Posted in Tech | 1 Comment »

Virtual Desktop Infrastructure (VDI)

Monday, May 24th, 2010

It seems that these days pretty much every cold call I get from a vendor is about VDI.  If you’re an enterprise it seems that it’s pretty much anyone wants to talk to you about.  It’s clearly the topic of the day, but what does it actually mean?

At work I’ve been looking at options for VDI for a while, but to be honest I prefer to refer to the topic as Centralised Desktops.  For me ‘VDI’ implies a particular solution, whereas in fact if centralisation is something you want, you should be looking beyond simple virtualisation.

Virtualised Desktop Reference Architecture

So what it?  Well simply put, it’s about moving the execution of your desktop environment away from your users desks and into a managed central location, probably a data centre.  So no more desktop computers (well, probably… but we’ll come to that another time).

Instead, on each desk you put a Thin Client.  These are small, cheap, power efficient devices that really don’t do much more than receive the ‘screen’ from the newly centralised desktop and send the keyboard and mouse information back down down the wire.   The actual OS and applications are running in a far off data centre.  This is where is get interesting, as there are many platforms that these can run on. 

The solution most people think about with VDI is running the desktop OS and apps on a virtual machine.  In this scenario you’d typically have a server running a hypervisor such as VMWare, Hyper-V or Citrix’s Xen.  That server would host a number of desktop OS’s that can be presented out to the thin clients on peoples desks.

Now that’s a good approach for most people, but it’s not the only one.  For high end users, guys doing CAD or analysis work, a VM isn’t going to cut it.  A share of CPU time and memory might not be enough.   For these sorts of users something like HP’s Blade Workstations could be an answer.  These are basically high spec computers squeezed into a blade form factor.  If you’re familiar with blade servers they’re basically the same thing but with better graphics capability.

So using Blades you can give end users very high end computing capacity from a remote location.  But what about the other end of the spectrum, the people in your organisation who have very low computing requirements.  There’s a pretty good chance that for some people even a desktop VM is overspec’d.  For these guys more traditional Citrix/Terminal Services type solutions are still a very good fit. 

In that sort of scenario you’d have single server OS that many people would connect and logon to.  They can then share the OS and applications running on it as they are presented back to the thin client.  Of course in that instance each user is only getting a share of the server and OS resources, but the point is exactly that.  Each user consumes a share of a single server (and its costs) and a single OS (and its costs).  Per user its cheap!

So that’s what the two ends of the solution look like.  But how do you link them up?  First lets talk about how the ‘screen’ gets from the centralised desktop to the thin client (and of course the keyboard and mouse back the other way.

There are a number of protocols for achieving this.  For years Citrix has had ICA.  It’s tried and tested, I’d hazard a guess that most larger businesses are probably using it in some way or the other.   Microsoft has RDP, which has shipped with every version of windows since Win2000.  Again, it’s tried and tested, remote assistance uses it for example, and imagine pretty much every Windows server in the world uses it for management.  The problem with these protocols has been that whilst they’re great for running bog standard Windows and office apps, as soon as you throw anything complicated like graphics or media at them they start to choke.  They’ve improved a lot over the past few years, but there are still limitations.

In addition to the Citrix and Microsoft protocols there are more specialise alternatives that aim to improve the experience for media intensive applications, or users over long connections.  A good example of this is HP’s RGS protocol or Citrix’s HDX.  Last year we ran a proof of concept using RGS that saw people in our Bangalore office happily using AutoCAD on desktops hosted out of an office in Bristol.  It works very well indeed.

There are other solutions such Teradici’s PCoverIP which originally used hardware acceleration at both ends to improve performance, but is now being used by VMWare in a software only capacity as part of it View product.  On paper this looks very good, but I’ve not really had a chance to try it first hand yet.

What connects the thin client to the centralised desktop?  In the simplest of deployments you can actually hard code a thin client to talk to a specific desktop/server.  In essence this gives you a 1:1 connection.  That’s not necessarily the smartest route though.  Most solutions will now use a connection broker to negotiate the right central desktop for each thin client or user.  To my mind  good broker is where the intelligence come into the solution.

Personally I feel that there isn’t a one-size-fits-all solution for VDI.  Perhaps for some organisations that’s not true, but for many I think a blend of solutions will be the best choice.  A broker helps you do this.  Say you have a mix of virtual desktops and blade workstations.  How do you make sure your users get the right desktop?  Well a broker will look at the connection request, who it’s from or where, and connect the thin client to the right back end. 

What’s more, because this process is dynamic it doesn’t necessarily have to connect the user to the same desktop each time.  Say some of your central  desktops are down for maintenance, the broker would direct them to one that was working.  Even better, if you have say 10,000 people in your company, it’s a fair bet that maybe only 80/90% of them are working at any given time.  In that case why have 10,000 desktops computers and licenses?  Just have say 8,500 and let the broker make sure they are utilised.  Depending on the solution the broken can even go off and provision more VM’s should extra people show up.

Of course in truth it’s not quite that simple.  For one thing if your desktops aren’t going to be persistent, (i.e. not tied to a single user/thin client) you need to work out what to do with your users applications, ‘profile’ information and data.

Data is the easy one, just don’t have any of it local.  Put everything on network shares, in Sharepoint or in some other system.  If your desktops are in a data centre next to those storage systems they’ll get fast access to everything they need – faster than a traditional desktop would get.  Local data is pretty much always a bad idea anyway.  The one exception might be with Blade workstations, where demanding apps might need local storage to caching data etc.

Your users ‘profile’ information is slightly more tricky.  If they are effectively moving to a different computer every day, you need to make sure that they’re settings follow them across those different desktops.  One solution would be Windows Roaming Profiles.  These have been around for years and can work well.  Other solutions such as Appsense or RTO’s Virtual Profiles do things in a slightly different, more efficient way, but achieve the same goal.

Applications, now that’s the difficult one.  If you think of a normal PC, apps are almost always installed locally, either by CD/DVD or in business probably over the wire using something like SMS/SCCM.  That installation takes time, and it’s not something you can afford to do every time a user logs on to a centralised desktop to make sure they’ve got the right applications.

There are two answers to this.  Application Virtualisation and (once again) Terminal Services.   App Virtualisation has been around for a few years, but has only really taken off over the last year or so.  It’s a complex technology, but basically it separates the application from the OS,  allowing it to run in it’s own mini-virtual environment.  With the app separated from the OS, your not restricted to traditional installations.  Most app virtualisations technologies will allow you to ‘stream’ the application down to computer as and when it is needed.  Again, this is complex but for an end user is means that when they click on the icon, the technology downloads the application components as they are needed so there’s no long installation, just a small initial delay.

There are however some limitations to app virtualisation, which means that other solutions like terminal services may still have a place in a VDI environment.  say you have an app that just won’t work in App-V or XenApp or other virtualisation tools?  In that case you can install them natively on a Windows OS and present them out to the virtual desktops using terminal services.  it may sound a little convoluted, but it works.

So… that’s a real high level view of what VDI is.  Hopefully it all made sense.  I’m planning to to some follow up posts with some more detail, but for now here’s a quick diagram showing a reference architecture for a VDI implementation (the diagram above).   Again, it’s quite high level, but I think it shows how these things all fit together.

Tags: , , , , , , , , ,
Posted in Tech | 2 Comments »

SharePoint on your iPhone with Moshare

Sunday, May 16th, 2010

It seems that iPhone’s, and I guess now the iPad, are increasingly being used in business.  While some would probably argue about how appropriate that is, ultimately I think IT organisations should be embracing this change and be working out ways to help their businesses use and benefit from these tools securely.

As the company I work for are big users of both iPhones and SharePoint, I always take a look at apps that try to make the two work together.  One such app is Moshare from Moprise.

Moshare allows you to connect the app to specific SharePoint sites and access the lists, documents etc in the Site.  It seems to work pretty well, you can connect to a site easily provided you know the URL, and the app then displays the various lists and libraries within it (see the pictures below).

Within the libraries documents are listed and can be opened as you’d expect.  I’ve tried it out with the obvious Office documents and PDF’s that you’d expect to find and all open fine.  What’s more it provides searching within the site, though I couldn’t find a way to navigate to sub-sites – they have to be added separately.

Something I’d like to see added would be the ability to enter your password at the time of use.  At the moment you can’t add the site without having to enter your username and password and have the iPhone cache it.  Without details of how those credentials are stored, I can see some IT administrators not liking that at all.

All in all though it’s a nice little app.  As an added bonus at the moment it’s free to celebrate the launch of SharePoint 2010, so head over to the app store and grab a copy.

Moshare-siteview Moshare-LibraryView Moshare-DocumentView

Tags: , , , ,
Posted in Tech | 1 Comment »

Email and Office Windows Phone 7

Thursday, April 29th, 2010

A few months ago when Windows Phone 7 was unveiled there wasn’t really much coverage about the parts of the platorm aimed at business productivity.  I did see a few clips of the new Inbox, but nothing that really showed how it worked in practice.   With smartphones now an important part business life for many, and with iPhones becomming an increasingly common business tool, it’s interesting to see what MS has planned.  Especially as it’s an area in which they were pioneers with the early Windows Mobile phones. 

Anyways, I just spotted the following videos over on Steve Claytons blog.  They show how the new WP7 office apps and inbox will work in practice.  Personally I think they look pretty good. 

 

 

 

Tags: , , , , , ,
Posted in Uncategorized | No Comments »

Running successful projects

Thursday, February 25th, 2010

Over the years something that’s interested me more and more is what makes one project successful and another, well less so. 

I guess I’m quite fortunate that the projects I’ve worked on have always turned out well, but some have been very hard work – far harder than they needed to be.

The biggest difference would seem to be the people, not necessarily their skill or innate talent (though of course that helps!) but the support they are given to get the job done.

Anyway, Charlie Kindel, who’s a Programme Manager on the Windows Phone team at MS posted an interesting account of the work being undertaken around the new Windows Phone 7 Series phones.  He talks about some of the principles he uses to run projects, most of which I’d agree with.   It’s worth a read if this sort of stuff interests you.

Linky

Tags: , ,
Posted in Tech | No Comments »

Avatar and the future of 3D

Tuesday, January 5th, 2010

Over the weekend I went to see Avatar in 3D, it’d been meaning see it before Christmas but somehow I never got around to it.  I wish I had now though as it pretty much blew me away.  Not so much as a film – though it is a good movie – but also the depth and richness of the world James Cameron and his team have built. 

Pandora

3D stuff has always interested me, when I was at Uni I basically taught myself how to use 3D Studio and Lightwave after seeing how programmes like Babylon 5 used them to such good effect.  These were quite early days for these apps, and tools for modelling particles, hair and grass were only just becoming available.  I never really did anything professionally with it, but I knocked up what I thought were some pretty good models and animations.   

I think the time I spent playing with those apps helped me appreciate Avatars technical achievements even more.  Whilst the  rendering is pretty, and motion capture as realistic as ever, it’s the sheer depth and detail that has been put into Pandora (the planet where the film is set) that really impressed me.  Whist I know there are all sort of techniques to automate the creation of grass, water etc., I’ve not seen anything quite as detailed as  landscapes, plants and animals that make up Pandora.

The fact the the film is shot and available in stereoscopic 3D just makes the experience even more believable.  I’ve seen a number of 3D movies recently, and whilst some have been gimmicky (Final Destination…), on films where the 3D is incidental to the story, like Up, Ice Age or Avatar it really works.  As with the demo’s of 3D TV football matches and racing that I saw last year, stereo viewing brings the experience closer to the viewer.  You feel more involved somehow, rather than watching a flat screen it’s more like looking through a window into these other worlds.

The quality of 3D stereo viewing has got me wondering it might mean for media outside of cinema.  With so many movies now available in 3D it’s inevitable home 3D televisions will become more common, both because people will want it, and because so much money is made from DVD/Blueray releases of films.  I think we’re already seeing that pressure on consumer electronics with a couple of 3D TV technologies fighting it out and people like Sky here in the UK committing to 3D programming.

Personally I think one of the big drivers for the consumerisation of 3D viewing will be games.  For years now consoles and games have been based around the ability to render real-time 3D environments, adding an extra layer into this to present those virtual worlds to the players in stereo 3D makes a lot of sense.  Indeed there are games already available that support this – I’ve seen at least one game on the Xbox marketplace that support 3D TV, and I’ve heard James Cameron talking about 3D versions of the Avatar game too (I’m not sure if the final versions included this though).

If 3D is available on the cinema screen and the TV screen, it’s can only be a matter of time before it will also have an impact on your computer screen.  You’d probably expect it as a matter of course to be honest.  Stereo monitors have been available for PC’s for a while now, but only really for certain games.  They’ve never become mainstream, probably because the operating systems haven’t made use of it, and it hasn’t yet become part of middleware layers like DirectX.

One of the more interesting aspects of the Avatar world for me, was how the computers, screens and even photographs that the characters use and interact with are all also in 3D.  Throughout the film to get to see these virtual 3D interfaces with elements sitting in layers and they seem like they would work.  A good real life example might be the subtitles that are used in the film itself, as it’s in 3D they sit in the foreground of the scene so it’s as if you’re looking through or around them at the scene.  It’s seems very natural.

Assuming that 3D capable screens and monitors become more common, I think there are huge opportunities in building OS’s and applications that can make use of proper stereoscopic 3D.  Tools like T3Desktop show a basic view of what could be done now, and perhaps hint at the potential of what could be possible.  I imagine even mundane tasks as typing a Word document could benefit from using 3D.  I can image a view into the document with the page in the foreground and menu’s etc. being moving in and out of view as they are needed.  Combine that sort of stereo interface with something like Microsoft’s Natal input technology and it would be a massive shift in how we use and interact with applications.

I know that MS are working on a more PC focused version Natal as Steve Bulmer spoke about it at a Windows 7 launch I attended in November.  Well, when I say speak… it was more like shout or scream.  To say he was enthusiastic would be an understatement, and I would hate to be the engineer on the end of that enthusiasm!  Apparently Natal currently works very well from a few feet away from the screen, but not so well in the 0-3 foot range that would be needed for a desktop or laptop PC solution.  It is coming though…

It’s going to be an interesting couple of years, and I can’t wait to see how these things develop.  I think 3D stereo viewing will eventually be something that everyone is used to.  It’ll take time I’m sure, but I imagine it will be like HD television or 5.1 surround sound, where the technology will move from cinema to high-end home setups, then gradually become more and more mainstream as costs lower.  I can’t wait! :)

Tags: , , , , , , , , ,
Posted in Tech | 1 Comment »

Windows 7 Device Installation without Administrator Privileges

Tuesday, November 10th, 2009

Supporting mobile workers is always a little tricky.  Whilst you need them to be able to work effectively, you don’t always want to grant them enough system access that they can break things whilst on the other side of the world where you can’t help them.

One of the big requirements for administrative access to systems is the ability to install new devices such as printers.  Windows has supported non-admin installation of drivers for years, but with the big caveat that the drivers are signed.  If they’re not then it won’t work, and often the manufactures don’t bother going through the time and expense.

Fortunately Windows 7 offers some help here by allowing you to point the system at Windows Update for driver installations.  When a device is plugged in Windows will check for appropriate drivers on the local disk (these can of course be pre-populated) and then if it can’t find any search Windows Update.

We’ve tested it with a few devices here, and whilst not everything is on Windows Update, it would seem that the majority of newer printers and devices are.  At the very least it’s a huge expansion of the drivers included out-the-box.

You can also search the Windows Update catalog so check whether certain devices are covered, and download those drivers manually.  I’ve not tried it, but I suspect that might also be useful should only Vista drivers be available.

image

Anyway, so how do you set this up?  Well there are two Group Policies that you need to set:

Computer Configuration > Policies > Administrative Templates > System > Device Installation >  Specify search order for device driver installation source locations = Enabled: Search Windows Update Last

This tells Windows to search locally for drivers, then search Windows Update for a compatible driver if none are found

Computer Configuration > Policies > Administrative Templates > System > Driver Installation > Turn off Windows Update device driver search prompt = Enabled

This removes the choice for an administrator to specify searching Windows Update and sets Windows to search Windows Update by default (given the search order specified above).  If this isn’t set the user is prompted to enter administrative credentials before searching Windows Update

Tags: , , , , ,
Posted in Tech, Work | No Comments »

« Older Entries