How to organize your migration from Windows Server 2003

Following on from end of support for Windows XP in April 2014, we are now rapidly approaching Windows Server 2003 end of life.

Despite Microsoft warning about end of life for Windows Server 2003 as early as April 2013, many organisations are yet to begin their migration away from the server platform. Worse still, many organisations and IT pros are unaware of the huge financial costs and security risks should they continue running Windows Server 2003 past the end of life date.

Reports from HP claim that more than 11 million systems are still running Windows Server 2003. With fewer than 240 days left until end of life, this a huge problem as the estimated time required to migrate a datacentre of 100 or more servers can range from a minimum of three months and upwards of 18 months.

If you own even one of those 11 million servers and you have yet to begin migration, you should be worried. Luck for you, the following guide will migrate you to a position of safety. We will cover the following:

• Windows Server 2003 End of Life date
• Understanding what end of support means for Windows Server 2003 and the associated impacts
• An outline of how to migrate Windows Server 2003
• Resources to aid migration

Windows Server 2003 End of Life date

According to the Microsoft Support Lifecyle section on 14 July 2015, Microsoft will end extended support on all versions of Windows Server 2003/R2.

Understanding what end of support means for Windows Server 2003

From then on, this means no more updates or patches from Microsoft, which can result a less secure and less stable infrastructure for your business. What this really means:

• Maintenance Costs – running legacy servers is expensive. Intrusion detection systems, advanced firewalls and network segmentation are required to protect a now vulnerable Windows Server 2003 platform. You will also have increasing cost from maintaining aging hardware. Current estimates in a TechNet post from Alex Fu place the cost of custom support post end of life at US$200,000 on average. In a Q&A with David Mayer, practice director of Microsoft Solutions for Insight Enterprises, he estimated a support cost of $1500 per server per year.

• No Updates – there will be no more updates to fix bugs, performance issues and security vulnerabilities. To put this into perspective, 2013 saw the release of 37 critical updates for Windows Server 2003/R2. Past the end of life date, these critical issues will remain unfixed leaving you open to cybersecurity dangers such as malicious attacks or electronic data loss.

• No Compliance – once support ends, your organisation will almost certainly fail to meet industry wide compliance standards. Regulations such as HIPAA, PCI, SOX & Dodd-Frank all require regulated industries to run on supported platforms. The impact is twofold: Non-compliance could result in the loss of business, while high transaction fees and penalties from non-compliance could dramatically increase the cost of doing business.

• Software and Hardware Compatibility Issues – new software and hardware devices will not be built to integrate with Windows Server 2003. Sticking with a legacy server means you will likely run into compatibility issues and may not be able to run new instances of software or communicate with the latest devices.

• No Safe Haven – without continued support from Microsoft, virtualized and physical instances of Windows Server 2003/R2 and Microsoft Small Business Server (SBS) 2003 will not pass a compliance audit.

How to migrate from Windows Server 2003

Do not underestimate the task that lies ahead. Migrating applications and server workloads is no easy task. Worryingly, a study by App Zero suggests that 62 per cent of organisations do not have a plan to upgrade or migrate, or even know that EOS is coming.

• Discover – first up is discovering and cataloguing all the software and workloads that are running on Windows Server 2003/R2 at present. Download the Microsoft Assessment and Planning toolkit as this will be a worthy support document.

• Assess – now you have a list it’s time to analyse and categorise all your applications and workloads based on type, criticality, complexity and risk. This helps you prioritise for migration as well as identify issues and opportunities.

• Target – in this step, you must choose a destination for each application and workload. This could be the perfect time to evolve your organisation to the next level and embrace the cloud. Microsoft offers a series of destinations for each application or workload which could include:

o Windows Server 2012 R2
o System Center 2012 R2 (Private Cloud)
o Microsoft Azure (Public Cloud)
o SQL Server 2014
o Office 365

• Migrate – now is the time choose a migration plan. Microsoft offers a fantastic Migration Planning Assistant which covers all four steps. Look for official Microsoft training courses to give you an in-depth understanding of the new platforms you are planning to migrate to.

Resources to aid migration

Due to the widespread requirement to migrate, there is a range of fantastic resources to aid migration. These include:

Microsoft Virtual Academy – arguably the largest and best collection of free self-study resources from Microsoft experts including videos, slide decks and self-assessments. Check out the section on migrating to Windows Server 2012, or the Microsoft zure JumpStart.

Windows Server 2003 Roles Migration Process – download this document and turn it into an A3 poster, stick it on your wall and use it to visualise the whole process.

Microsoft Deployment Toolkit – download this fantastic resource, which provides a collection of processes, tools and guidance for automating new desktop and server deployments.

Free Software Trials – Microsoft have a series of trials so you can check out the new software. Here they are:

• Windows Server 2012 R2 trial
• System Center 2012 R2 trial
• Microsoft Azure one-month trial
• Office 365 trial
• SQL Server 2014 trial

Windows Server Migration Services – there are a series of organisations that offer assistance in migrating away from Windows Server 2003. Big players include:

• Dell
• RackSpace
• HP

Time is running out — start your migration away from Windows Server 2003 today. Fail to do so and you find yourself facing some organisation-crippling consequences

Have questions?

Our Business IT Server Migration Specialists in NJ, PA & DE are here to help.
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/server-support/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The new Windows 10 notifications will follow you everywhere

Windows 10 has a new notifications center for your apps — even the ones from your Windows Phone.

When you’re poking around Windows 10, you’ll notice something new: A small taskbar button that, when clicked, reveals a sidebar full of app notifications.

Welcome to the new notifications center, which is basically the Windows 10 version of the Action center in Windows Phone 8.1. The notifications center is part of Microsoft’s dream of “Windows everywhere” — it’s a universal notifications center that will pop up your app notifications across multiple platforms. Because who doesn’t want to be alerted about new Twitter followers on their phone, tablet, and now PC?

The new notifications center consists of two parts: The notifications area at the top, and the “quick actions” bar at the bottom. In the notifications area you’ll see notifications from various apps, including Twitter, Facebook, and your email account, as well as notifications from phone apps (e.g. alarms) if applicable.

Mouse over notifications and click the ‘X’ to dismiss them.

You can dismiss notifications three different ways: You can mouse over the app name (e.g. Twitter) and click the ‘X’ next to it to dismiss all notifications from that app. You can also mouse over each individual notification and click the ‘X’ next to it to dismiss that specific notification. Or you can click Clear All in the upper right corner of the notifications center to dismiss all notifications from all apps. Because this is a “Windows everywhere” feature, notifications you dismiss in the notifications center will also be dismissed on your other Windows devices, such as your phone.

In the quick actions bar, you’ll see four quick-access buttons as well as an Expand link. Click Expand to see all quick actions. Actions include things like a Tablet Mode toggle button, a link to the Display settings, a link to all settings, and toggle buttons for Location and Wi-Fi. Tap a quick action button to toggle a setting (tablet mode, location, Wi-Fi) on or off, or to go directly to the settings menu so you can configure your display, connection, or VPN.

Pick your quick access quick actions from the Settings menu.

To choose which quick actions appear above the break, go to Settings > Notifications & actions > Choose your quick actions. Here, you’ll see four small buttons that you can click on to swap out actions. If you’d prefer to have your Wi-Fi toggle on hand whenever you open the notifications bar, you can switch it for the Display button. Of course, you’ll always be able to see all of the quick actions by clicking Expand in the notifications bar.

In the Settings menu, you can also choose which apps’ notifications to display.

Here, you can also pick and choose which app notifications you’ll see in the notifications bar. If you want to turn all notifications off, you can simply click the toggle next to Show App Notifications. You’ll no longer see pop-up banner notifications, nor will you see app notifications when you open the notifications center.

If you’d prefer to just turn off notifications for specific apps, you can do that, too — find the app in the list and click its toggle to Off. Next to each app in the list you’ll see a link to Advanced notifications settings for that app. Go into Advanced to turn off specific notifications for that app — either banner notifications (pop-ups in the lower right corner of your screen) or notifications in the notifications center.

Want to turn your clock off? You can do that, too.

In the Notifications & Actions section, you can also clean up your taskbar by clicking “Select which icons to appear in the taskbar” (you can turn on and off things like the Network icon and the Volume icon), or by clicking “Turn system icons on or off.” In “Turn system icons on or off,” you can turn off the clock, input indicator or action center — in other words, you can turn off all system tray icons and have a completely icon-less system tray, if you so choose.

Have questions?

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Work smarter, anywhere, with hosted email for business.

Following a recommendation by the National Institute of Standards and Technology (NIST), Microsoft will block Windows from accepting SSL certificates encrypted with the Secure Hash Algorithm-1 (SHA-1) algorithm after 2016. Given the number of mission-critical SSL certificates that are allowed to expire from inattention, administrators have their work cut out for them. By knowing what will happen, why it’s happening, and what you need to do, you won’t be surprised by these important policy changes.

What’s Happening?

On November 12, 2013, Microsoft announced that it’s deprecating the use of the SHA-1 algorithm in SSL and code signing certificates. The Windows PKI blog post “SHA1 Deprecation Policy” states that Windows will stop accepting SHA-1 end-entity certificates by January 1, 2017, and will stop accepting SHA-1 code signing certificates without timestamps after January 1, 2016. This policy officially applies to Windows Vista and later, and Windows Server 2008 and later, but it will also affect Windows XP and Windows Server 2003.

SHA-1 is currently the most widely used digest algorithm. In total, more than 98 percent of all SSL certificates in use on the Web are still using the SHA-1 algorithm and more than 92 percent of the certificates issued in the past year were issued using SHA-1.

Website operators should be aware that Google Chrome has started warning end users when they connect to a secure website using SSL certificates encrypted with the SHA-1 algorithm. Beginning in November 2014 with Chrome 39, end users will see visual indicators in the HTTP Secure (HTTPS) address bar when the site to which they’re connecting doesn’t meet the SHA-2 requirement. Figure 1 shows those indicators.

Google is doing this to raise end users’ awareness and to help guide other members of the Internet community to replace their SHA-1 certificates with SHA-2 certificates.

Why Is Microsoft Deprecating SHA-1?

SHA-1 has been in use among Certificate Authorities (CAs) since the U.S. National Security Agency (NSA) and NIST first published the specification in 1995. In January 2011, NIST released Special Publication 800-131A, “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.” This publication noted that SHA-1 shouldn’t be trusted past January 2016 because of the increasing practicality that a well-funded attacker or government could find a SHA-1 hash collision, allowing them to impersonate any SSL website.

Realizing that it’s highly unlikely that CAs and the industry at large will adopt more powerful encryption algorithms on their own, Microsoft is leading the charge by making Windows reject certificates using SHA-1 after January 1, 2017. Doing this will lead website operators to upgrade to stronger SHA-2 certificates for the betterment of all Windows users and the broader public key infrastructure (PKI) community. The Windows PKI blog post “SHA1 Deprecation Policy” noted that, “The quicker we can make such a transition, the fewer SHA-1 certificates there will be when collisions attacks occur and the sooner we can disable SHA1 certificates.”

In the end, the issue isn’t if SHA-1 encryption will be cracked but rather when it will be cracked.

What Do I Need to Do?

January 1, 2017, might seem like a long way away, but now is the time to understand the problem and how to mitigate it.

As per Microsoft’s SHA-1 deprecation policy, Windows users don’t need to do anything in response to this new technical requirement. XP Service Pack 3 (SP3) and later versions support SHA-2 SSL certificates. Server 2003 SP2 and later versions add SHA-2 functionality to SSL certificates by applying hotfixes (KB968730 and KB938397).

Web administrators must request new certificates to replace SHA-1 SSL and code-signing certificates that expire after January 1, 2017. As of this writing, that would probably affect only public SHA-1 certificates that were purchased with a long expiration date (three years or more) or long-duration certificates issued by internal SHA-1 CAs. Most third-party CAs will rekey their certificates for free, so you simply need to contact the CA to request a rekeyed certificate that uses the SHA-2 algorithm.

When ordering new SSL certificates, you should confirm with the CA that they’re being issued with the SHA-2 algorithm. New certificates with expiration dates after January 1, 2017, can only use SHA-2. Code-signing certificates with expiration dates after December 31, 2015, must also use SHA-2.

Note that the algorithm used in SHA-2 certificates is actually encoded to use SHA-256, SHA-384, or SHA-512. All of these are SHA-2 algorithms; the SHA number (e.g., 256) specifies the number of bits in the hash. The larger the hash, the more secure the certificate but possibly with less compatibility.

It’s important that the certificate chain be encrypted with SHA-2 certificates. (A certificate chain consists of all the certificates needed to certify the end certificate.) This means that any intermediate certificates must also use SHA-2 after January 1, 2017. Typically, your CA will provide the intermediate and root CA certificates when they provide the SHA-2 certificate. Sometimes they provide a link for you to download the certificate chain. It’s important that you update this chain with SHA-2 certificates. Otherwise, Windows might not trust your new SHA-2 certificate.

Root certificates are a different story. These can actually be SHA-1 certificates because Windows implicitly trusts these certificates since the OS trusts the root certificate public key directly. A root certificate is self-signed and isn’t signed by another entity that has been given authority.

For the same reason, any self-signed certificate can use the SHA-1 algorithm. For example, Microsoft Exchange Server generates self-signed SHA-1 certificates during installation. These certificates are exempt from the new SHA-2 policy since they aren’t chained to a CA. I expect, however, that future releases of Exchange will use SHA-2 in self-signed certificates.

What About My Enterprise CAs?

If your organization has its own internal CA PKI, you’ll want to ensure that it’s generating SHA-2 certificates. How this is done depends on whether the CA is running Windows Server 2008 R2 or later and if your CA has subordinate CAs.

If you have a Server 2008 R2 or later single-root CA without subordinates, you should update the CA to use SHA-2. Doing so will ensure that subsequent certificates generated will use the SHA-2 algorithm. To check which hash algorithm is being used, you can right-click the CA and go to the General tab. If SHA-1 is listed, you can run the following certutil command to configure the CA to use the SHA-256 algorithm:

You must restart the CertSvc service to apply the change. Now when you view the CA properties, you’ll see that the hash algorithm is SHA-256. All future certificates issued by this CA will use SHA-256, but keep in mind that existing certificates will still be using SHA-1. You need to renew any SHA-1 certificates issued by this CA to upgrade them to SHA-2 certificates.

If your CA is older than Server 2008 R2, you can’t upgrade the CA to use SHA-2. You’ll need to rebuild it with a newer version.

If your organization’s internal CA is multi-tiered with one or more subordinate CAs, you’ll need to reconfigure them to use SHA-2. This is done using the same certutil command just given on each subordinate or issuing CA. Keep in mind that if you use subordinate CAs, you’re not required to update the root CA to SHA-2 since that certificate is at the top of the certificate chain, but it won’t cause any problems if you do. You still need to renew any SHA-1 certificates issued by the subordinate CAs to upgrade them to SHA-2 certificates.

Take Action Now

Administrators and website operators should identify all the SSL certificates used in their organizations and take action, as follows:

• SHA-1 SSL certificates expiring before January 1, 2017, will need to be replaced with a SHA-2 equivalent certificate.
• SHA-1 SSL certificates expiring after January 1, 2017, should be replaced with a SHA-2 certificate at the earliest convenience.
• Any SHA-2 certificate chained to an SHA-1 intermediate certificate should be replaced with another one chained to an SHA-2 intermediate certificate.

The following tools and websites are useful for testing and for further information about SHA-1 remediation:

• Microsoft Security Advisory 2880823. This website discusses the deprecation policy for the SHA-1 hashing algorithm for the Microsoft Root Certificate Program.
• Migrating a Certification Authority Key from a Cryptographic Service Provider (CSP) to a Key Storage Provider (KSP). The section “How to migrate a CA from a CSP to a KSP and optionally, from SHA-1 to SHA-2” in this TechNet web page provides detailed instructions for upgrading a CA to use SHA-2.
• “Gradually sunsetting SHA-1.” This Google Online Security Blog post explains how the transition to SHA-2 affects Chrome and details Google’s rollout schedule.
• SHA-256 Compatibility. This GlobalSign web page lists OS, browser, server, and signing support for SHA-256 certificates.
• DigiCert SHA-1 Sunset Tool. This free web application tests public websites for SHA-1 certificates that expire after January 1, 2016.
• DigiCert Certificate Inspector. This tool discovers and analyzes all certificates in an enterprise. It’s free, even if you don’t have a DigiCert account.
• Qualys SSL Labs’ SSL Server Test. This free online service analyzes the configuration of any SSL web server on the public Internet.

A large number of businesses still run Microsoft MSFT -1.71% Windows Server 2003 and it’s unlikely they all will upgrade before Microsoft Corp. ends support on July 14, 2015, say analysts. Companies that don’t upgrade increase their cyber security risks because the company will no longer issue security updates and these systems will be more vulnerable to hackers.

Businesses worldwide run an estimated 23.8 million physical and virtual instances of Windows Server 2003, according to data released by Microsoft in July 2014. Analysts say the technology is more prevalent in industries such as health care, utilities and government. Yet it’s also still used in about 7% of retail point of sale systems, according to a report Thursday by Trend Micro Inc.4704.TO -1.11%

“Microsoft does not plan to extend support for Windows Server 2003 and encourages customers who currently run Windows Server 2003 and have not yet begun migration planning to do so immediately,” said Vivecka Budden, a Microsoft spokesperson, in an email.

South Jersey Techies offers various migration options to include Windows Server 2012 R2, Microsoft Azure, hosting partners and Office 365.

“It is going to be difficult to get this done in time,” said David Mayer, practice director of Microsoft Solutions at Insight Enterprises Inc.NSIT -1.12%, a provider of IT hardware, software and services.

Many of these same industries were impacted by the end of service for the Windows XP operating system on April 8.  Microsoft broadcasts these sorts of moves years in advance, so it shouldn’t come as a surprise to anyone. But, the product was stable and for many companies there simply wasn’t incentive to update.

“In general, everyone has been slow to migrate, especially those with servers that are running applications,” said Rob Helm, vice president of research at Directions on Microsoft consulting firm.

The problem in industries such as health care and utilities is that companies run legacy apps written by vendors who still require Windows Server 2003. For example, there are smaller vendors in health care that have not kept up with development and application modernization, said a health-care CIO who asked not to be identified. A hospital may have an inventory of 100 to 500 different applications and many applications will still require Windows Server 2003, he added.

Electric utilities, for example, widely use Windows Server 2003. There hasn’t been much movement to upgrade those systems, said Patrick C. Miller, founder of the nonprofit Energy Sector Security Consortium and a managing partner at The Anfield Group, a security consulting firm. Instead, utilities are working to better secure and isolate those systems.

“I’m concerned about directory services such as application authentication and user permissions,” said Mr. Miller. “If you compromise an Active Directory server, you get access to everything.”

For now, analysts are recommending that companies work out their risk of exposure and make plans to first migrate those applications that will be most difficult. Companies should make plans to harden servers that can’t be updated. That might entail putting those systems on an isolated network, where they’d be less prone to outside attack, said Mr. Helm.

To protect and upgrade your home or business

 please contact us 856-745-9990 or click here.

In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

• Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
• CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
• Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

• Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
• Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

This is your chance to stock up on everything you need.  Save 15% on new web products. Offer expires November 30, 2014 at midnight (Mountain Time).

Please Visit BigBeagle.com.

10 Compelling Reasons to Upgrade to Windows Server 2012

Takeaway: Windows Server 2012 is generating a significant buzz among IT pros. Deb Shinder highlights several notable enhancements and new capabilities.

We’ve had a chance to play around a bit with the release preview of Windows Server 2012. Some have been put off by the interface-formerly-known-as-Metro, but with more emphasis on Server Core and the Minimal Server Interface, the UI is unlikely to be a “make it or break it” issue for most of those who are deciding whether to upgrade. More important are the big changes and new capabilities that make Server 2012 better able to handle your network’s workloads and needs. That’s what has many IT pros excited.

Here are 10 reasons to give serious consideration to upgrading to Windows Server 2012 sooner rather than later.

1: Freedom of interface choice

A Server Core installation provides security and performance advantages, but in the past, you had to make a commitment: If you installed Server Core, you were stuck in the “dark place” with only the command line as your interface. Windows Server 2012 changes all that. Now we have choices.

The truth that Microsoft realized is that the command line is great for some tasks and the graphical interface is preferable for others. Server 2012 makes the graphic user interface a “feature” — one that can be turned on and off at will. You do it through the Remove Roles Or Features option in Server Manager.

2: Server Manager

Speaking of Server Manager (Figure A), even many of those who dislike the new tile-based interface overall have admitted that the design’s implementation in the new Server Manager is excellent.

One of the nicest things about the new Server Manager is the multi-server capabilities, which makes it easy to deploy roles and features remotely to physical and virtual servers. It’s easy to create a server group — a collection of servers that can be managed together. The remote administration improvements let you provision servers without having to make an RDP connection.

3: SMB 3.0

The Server Message Block (SMB) protocol has been significantly improved in Windows Server 2012 and Windows 8. The new version of SMB supports new file server features, such as SMB transparent failover , SMB Scale Out, SMB Multichannel, SMB Direct, SMB encryption, VSS for SMB file sharing, SMB directory leasing, and SMB PowerShell. That’s a lot of bang for the buck. It works beautifully with Hyper-V, so that VHD files and virtual machine configuration files can be hosted on SMB 3.0 shares. A SQL system database can be stored on an SMB share, as well, with improvements to performance. For more details about what’s new in SMB 3.0, see this blog post.

4: Dynamic Access Control (DAC)

Even though some say Microsoft has shifted the focus away from security in recent years, it would be more accurate to say it has shifted the focus from separate security products to a more “baked in” approach of integrating security into every part of the operating system.

Dynamic Access Control is one such example, helping IT pros create more centralized security models for access to network resources by tagging sensitive data both manually and automatically, based on factors such as the file content or the creator. Then claims based access controls can be applied. Read more about DAC in my “First Look” article over on Windowsecurity.com.

5: Storage Spaces

Storage is a hot — and complex — topic in the IT world these days. Despite the idea that we’re all going to be storing everything in the public cloud one day, that day is a long way off (and for many organizations concerned about security and reliability, it may never happen). There are myriad solutions for storing data on your network in a way that provides better utilization of storage resources, centralized management, and better scalability, along with security and reliability. Storage area networks (SANs) and network attached storage (NAS) do that, but they can be expensive and difficult to set up.

Storage Spaces is a new feature in Server 2012 that lets you use inexpensive hard drives to create a storage pool, which can then be divided into spaces that are used like physical disks. They can include hot standby drives and use redundancy methods such as 2- or 3-way mirroring or parity. You can add new disks any time, and a space can be larger than the physical capacity of the pool. When you add new drives, the space automatically uses the extra capacity. Read more about Storage Spaces in this MSDN blog post.

6: Hyper-V Replica

Virtualization is the name of the game in the server world these days, and Hyper-V is Microsoft’s answer to VMware. Although the latter had a big head start, Microsoft’s virtualization platform has been working hard at catching up, and many IT pros now believe it has surpassed its rival in many key areas. With each iteration, the Windows hypervisor gets a little better, and Hyper-V in Windows Server 2012 brings a number of new features to the table. One of the most interesting is Hyper-V Replica.

This is a replication mechanism that will be a disaster recovery godsend to SMBs that may not be able to deploy complex and costly replication solutions. It logs changes to the disks in a VM and uses compression to save on bandwidth, replicating from a primary server to a replica server. You can store multiple snapshots of a VM on the replica server and then select the one you want to use. It works with both standalone hosts and clusters in any combination (standalone to standalone, cluster to cluster, standalone to cluster or cluster to standalone). To find out more about Hyper-V replica, see this TechNet article.

7: Improvements to VDI

Windows Terminal Services has come a long way, baby, since I first met it in Windows NT TS Edition. Renamed Remote Desktop Services, it has expanded to encompass much more than the ability to RDP into the desktop of a remote machine. Microsoft offered a centralized Virtual Desktop Infrastructure (VDI) solution in Windows Server 2008 R2, but it was still a little rough around the edges. Significant improvements have been made in Server 2012.

You no longer need a dedicated GPU graphics card in the server to use RemoteFX, which vastly improves the quality of graphics over RDP. Instead, you can use a virtualized GPU on standard server hardware. USB over RDP is much better, and the Fair Share feature can manage how CPU, memory, disk space, and bandwidth are allocated among users to thwart bandwidth hogs. Read more about Server 2012 VDI and RDP improvements here.

8: DirectAccess without the hassle factor

DirectAccess was designed to be Microsoft’s “VPN replacement,” a way to create a secure connection from client to corporate network without the performance drain and with a more transparent user experience than a traditional VPN. Not only do users not have to deal with making the VPN work, but administrators get more control over the machines, with the ability to manage them even before users log in. You apply group policy using the same tools you use to manage computers physically located on the corporate network.

So why hasn’t everyone been using DirectAccess with Server 2008 R2 instead of VPNs? One big obstacle was the dependency on IPv6. Plus, it couldn’t be virtualized. Those obstacles are gone now. In Windows Server 2012, DirectAccess works with IPv4 without having to fool with conversion technologies, and the server running DirectAccess at the network edge can now be a Hyper-V virtual machine. The Server 2012 version of DA is also easier to configure, thanks to the new wizard.

9: ReFS

Despite the many advantages NTFS offers over early FAT file systems, it’s been around since 1993, and Windows aficionados have been longing for a new file system for quite some time. Way back in 2004, we were eagerly looking forward to WinFS, but Vista disappointed us by not including it. Likewise, there was speculation early on that a new file system would be introduced with Windows 7, but it didn’t happen.

Windows Server 2012 brings us our long-awaited new file system, ReFS or the Resilient File System. It supports many of the same features as NTFS, although it leaves behind some others, perhaps most notably file compression, EFS, and disk quotas. In return, ReFS gives us data verification and auto correction, and it’s designed to work with Storage Spaces to create shrinkable/expandable logical storage pools. The new file system is all about maximum scalability, supporting up to 16 exabytes in practice. (This is the theoretical maximum in the NTFS specifications, but in the real world, it’s limited to 16 terabytes.) ReFS supports a theoretical limit of 256 zetabytes (more than 270 billion terabytes). That allows for a lot of scaling.

10: Simplified Licensing

Anyone who has worked with server licenses might say the very term “simplified licensing” is an oxymoron. But Microsoft really has listened to customers who are confused and frustrated by the complexity involved in finding the right edition and figuring out what it’s really going to cost. Windows Server 2012 is offered in only four editions: Datacenter, Standard, Essentials, and Foundation. The first two are licensed per-processor plus CAL, and the latter two (for small businesses) are licensed per-server with limits on the number of user accounts (15 for Foundation and 25 for Essentials).

To View Full Article Click Here

GoDaddy.com, the largest domain name registrar on the Web, has been taken offline, and a self-proclaimed member of the Anonymous hacktivism collective is taking responsibility.

The administrators of GoDaddy confirmed on Monday that they were suffering from technical issues, which the website TechCrunch reports to be impacting a multitude of websites and their affiliated email accounts that are hosted through the service. Although the company has not discussed the specifics yet, a self-described member of Anonymous says that he or she is responsible, a claim that has not been verified yet.

On Twitter, user @AnonymousOwn3r writes, “the attack is not coming from Anonymous coletive [sic] , the attack it’s coming only from me” and that the the action is being carried out “to test how the cyber security is safe and for more reasons that i can not talk now.”

GoDaddy has tweeted, “We’re aware of the trouble people are having with our site. We’re working on it.”

On Friday, it was reported that the White House is preparing to roll out an cyber security Executive Order that will serve as a surrogate until Congress can come to agreement on a bipartisan legislation to protect America’s computer infrastructure.

Earlier this year, GoDaddy announced that they would be supporting the Stop Online Piracy Act, or SOPA, a controversial legislation that if approved would have greatly changed the US government’s ability to monitor the Internet. The company eventually reversed their stance, but not before a massive protest resulted in many of their clients switching to other domain registrars. The boycott reportedly ended with thousands of GoDaddy’s millions of customers, including Wikipedia, cancelling their accounts.

Founded in 1997, Arizona-based GoDaddy.com is used by millions of customers worldwide, including a large number of small businesses. At 4 p.m. EST, GoDaddy tweeted, “Update: Still working on it, but we’re making progress. Some service has already been restored. Stick with us.”

Other social media accounts affiliated with Anonymous have not confirmed the validity of the alleged culprit’s claim and have largely distanced themselves from the hack. GoDaddy’s 24-hour tech support telephone line has also been inaccessible during the duration of the outage.