COMMDAP

COMPUTER MANUFACTURERS, DISTRIBUTORS AND DEALERS ASSOCIATION OF THE PHILIPPINES

Last July 02, 2009, COMMDAP was held at Apo View Hotel, Davao City. We went there in the morning and luckily witnessed the opening of the program. I am one of the students who entered first and saw all the different technologies displayed. But, we haven't given much time to watch all the display because we attended the first seminar at 10:30am.

First Session was all about Windows 2008 Server with Mr. Lee L. Gorospe as the speaker. He was a nice speaker and make us all very attentive during the session. He tackled about:

1. Active Directory Roles

Active Directory provides the means to manage the identities and relationships that make up your organization’s network. Integrated with Windows Server 2008, the next generation of Active Directory gives you out-of-the-box functionality needed to centrally configure and administer system, user, and application settings. With Active Directory, you can simplify user and computer management, enable single sign-on (SSO) access to your network resources, and help enhance the privacy and security of stored information and communications.

2. Active Directory Rights Management Service

is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use. Content owners can define who can open, modify, print, forward, or take other actions with the information.

Used to:
- Restrict access to an organization's intellectual property
-Limit the actions users can perform on content
-Limit the risk of content being exposed outside the organization

3. Read only Domain Controllers

A Read-Only Domain Controller (RODC) is a new type of domain controller in Windows Server 2008. Its main purpose is to improve security in office branches. In this post, I summarize the functionality of RODC.

In office branches, it is often not easy to provide sufficient physical security for servers. It is not a big deal to manipulate a Windows system if you can get physical access to it. Since Domain controllers store security sensitive data, they are particularly endangered. RODCs can help with this problem in four ways:

RODC essentials

* Read-only feature: An intruder on the RODC can’t manipulate the Active Directory database.
* DNS protection: If the RODC server hosts a DNS server, the intruder won’t be able to tamper with the DNS data.
* Password protection: A malicious user won’t be able to access passwords using a brute-force-attack. This applies only if password caching is disabled on the RODC.
* Administrator Role Separation: You can delegate a local Administrator role to a domain user.

Read-only Domain Controller

* An RODC holds all Active Directory objects and attributes.
* RODCs only support unidirectional replication of Active Directory changes (i.e., from the forest to the RODC).
* If an application needs write access to Active Directory objects, the RODC will send an LDAP referral response that redirects the application to a writable domain controller.

Automatic analysis of event logs

Let GFI EventsManager do the dirty work. Have event logs monitored automatically and get warned about critical events!


Advertisement

DNS Protection

* A DNS server running on an RODC doesn’t support dynamic updates.
* If a client wants to update its DNS record, the RODC will send a referral for a writeable DNS server.
* The client can then update against this DNS server.
* This single record will then be replicated from the writable DNS server to the RODC DNS server.

Password Protection

* By default, an RODC doesn’t store user or computer credentials. (The only exception is the computer account of the RODC itself and a special krbtgt account.)
* However, an RODC can cache passwords.
* If a password isn’t cached, the RODC will forward the authentication request to a writeable DC.
* The Password Replication Policy determines the user groups for which passwords caching will be allowed (more about this in my next post).

Administrator Role Separation:

* A domain user having the Administrator role on an RODC doesn’t have to be a domain admin.
* A domain user having the Administrator role can do maintenance work on the RODC such as installing software.
* If an intruder gains access to the credentials of this local administrator account, he will not be able to make changes on other domain controllers.

4. Hyper-V

Product Details

Windows Server 2008 Hyper-V, the next-generation hypervisor-based server virtualization technology, is available as an integral feature of Windows Server 2008 and enables you to implement server virtualization with ease. Hyper-V allows you to make the best use of your server hardware investments by consolidating multiple server roles as separate virtual machines (VMs) running on a single physical machine.

Technical Resources

Consolidating servers and enabling a high-performance virtual environment is the key to many high availability to mission-critical applications. Businesses are under pressure to ease management and reduce costs while retaining and enhancing competitive advantages, such as flexibility, reliability, scalability, and security. Discover the many benefits of the virtualization capabilities in Windows Server 2008 and access the technical resources and links to get your team started.

Community Resources

Whether you're considering which product and technologies to use, or need support for solutions you’ve implemented, find the right venue to learn from others like you. Community resources provide powerful options to learn from other IT professionals and developers who have implemented a wide range of
Hyper-V solutions. Learn and participate with your peers, as well as the Virtualization development team.


5. Network Access Protection

NAP client
The NAP client consists of three layers: the System Health Agents (SHA), the NAP Agent, and the Enforcement Clients (EC). There are also APIs allowing third-party vendors to integrate their own SHAs and ECs in Microsoft’s NAP infrastructure.

System Health Agent (SHA)
The SHA checks if certain system health requirements are fulfilled. The SHA that comes with Vista and Windows Server 2008 can verify whether the following conditions are met: Windows Firewall is on; antivirus and antispyware software are installed, enabled, and updated; Microsoft Update Services is enabled, and the most recent security updates are installed. If the system is not in the required state, the SHA can then start a process to remedy the situation. For example, it can enable Windows Firewall or contact a remediation server to update the antivirus signatures.

NAP Agent
Sometimes this component is also called Quarantine Agent. It maintains the health state information and facilitates the communication between the SHAs and the ECs.

Enforcement Client (EC)
Sometimes you will also find this as the Quarantine Enforcement Client (QEC). Each NAP enforcement method has its own EC. So there is a DHCP EC and an IPsec EC, for example. Usually, they are integrated with the corresponding service client. So the DHCP EC is a part of the DHCP client. Its main function is to communicate with the server side NAP infrastructure, thereby, enforcing the quarantine of the client if the health requirements are not met. It is the only client component that interacts with the NAP infrastructure on the server side.


Let’s look at the server side of the NAP infrastructure.

Enforcement Server (ES)
This can also be referred to as the Quarantine Enforcement Server (QES). The NAP ES communicates with its corresponding NAP EC. Each enforcement method has its own ES and is integrated in the corresponding service. For example, the DHCP ES is a part of the DHCP Server. Essentially, the ES has the same functions as the EC. It is the interface between the server side NAP infrastructure and the client side, and ensures that noncompliant clients are quarantined. For example, the DHCP ES would make sure that a DHCP server issues the network mask 255.255.255.255 to noncompliant clients. This way they can’t access other computers in the network.

NAP Server
A NAP server is just another name for a NAP-enabled server component. So a DHCP server supporting NAP is a NAP server, for example. Don’t confuse it with a NAP Health Policy Server.

NAP Health Policy Server (NPS)
The NPS consists of the NPS Service, the NAP Administration Server and the System Health Validator (SHV) components.

System Health Validator (SHV)
Each SHV has a corresponding SHA on the client side. It is here where you define the health requirements for your whole network. Windows Server 2008 comes with just one SHV allowing you to choose among the health requirements mentioned above (Windows Firewall enabled, antivirus software updated etc). Third-party vendors can integrate their own SHVs here.

NAP Administration Server
The NAP Administration Server is kind of a distributor and integrator for NAP information. Information that comes from the NPS service is distributed to the different SHVs. Each SHV only receives the information which is relevant for it. The information that comes from the different SHVs is integrated in one message and passed on to the NPS Service.

NPS Service
The NPS Service communicates with the NAP Server using the RADIUS protocol. It is kind of an interface between the NAP server and the NAP Administration Server.


6. Server Core

One of the most exciting new features of Windows Server 2008 is its ability to install as a Server Core machine.

A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles. A server running a Server Core installation supports the following server roles:

* Active Directory Domain Services (AD DS)
* Active Directory Lightweight Directory Services (AD LDS)
* DHCP Server
* DNS Server
* File Services
* Print Services
* Streaming Media Services
* Internet Information Services (IIS)
* Windows Virtualization

In Windows Server 2008, Server Core installation does not include the traditional full graphical user interface (GUI).

What’s new in the Server Core installation option?

The Server Core installation option of Windows Server 2008 requires initial configuration at a command prompt. A Server Core installation does not include the traditional full graphical user interface. Once you have configured the server, you can manage it locally at a command prompt or remotely using a Terminal Server connection. You can also manage the server remotely using the Microsoft Management Console (MMC) or command-line tools that support remote use.
Benefits of a Server Core installation

The Server Core installation option of Windows Server 2008 provides the following benefits:

* Reduced maintenance - Because the Server Core installation option installs only what is required to have a manageable server for the AD DS, AD LDS, DHCP Server, DNS Server, File Services, Print Services, and Streaming Media Services roles, less maintenance is required than on a full installation of Windows Server 2008.
* Reduced attack surface - Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.
* Reduced management - Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage.
* Less disk space required - A Server Core installation requires only about 1 gigabyte (GB) of disk space to install and approximately 2 GB for operations after the installation.
* Lower risk of bugs - Reducing the amount of code can help reduce the amount of bugs.

Issues with Server Core installation and upgrading from previous versions

Since Server Core is a special installation of Windows Server 2008, the following limitations are present:

* There is no way to upgrade from a previous version of the Windows Server operating system to a Server Core installation. Only a clean installation is supported.
* There is no way to upgrade from a full installation of Windows Server 2008 to a Server Core installation. Only a clean installation is supported.
* There is no way to upgrade from a Server Core installation to a full installation of Windows Server 2008. If you need the Windows® user interface or a server role that is not supported in a Server Core installation, you will need to install a full installation of Windows Server 2008.

Server Core versions

Server Core comes in Standard, Enterprise and Datacenter editions for i386 and x64 platforms. Most companies will probably go for the Standard edition because most of the differences found in the Enterprise and Datacenter editions of Windows Server 2008 won't be present in Server Core. The Enterprise Server Core will, however, allow you to utilize more processor and memory support, as well as clustering. Datacenter adds the whole Datacenter hardware program and 99.999 percent reliability.



Next, we have the ERIC DMS..


ERIC DMS - Dealer Management System




The ERIC Dealer Management System (DMS) is an end-t-o-end software solution for automotive sales, parts and service businesses. ERIC DMS covers the full range of dealer activities-from marketing to sales and services.

Aside from core business operations, DMS includes a full ERP (Enterprise Resource Planning) and completely automates and integrates back office operations all the way to financial reporting.

With ERIC DMS, you can have full visibility over all operations.

Achieve total control over your car dealership business today!

• Schedule prospects for test drives and follow up on appointments

• Monitor and increase sales

• Delight customers with gentle reminders for appointments

• Manage vehicle inventory

• Deliver impeccable service

• Control parts & consumables cost

• Monitor and correctly implement warranty for parts & service

• Report your financial bottom line


ERIC Dealership Management System (DMS) A complete, end-to-end solution for vehicle dealers, distributors, and service providers

ERIC DMS is composed of three core modules to manage dealer Operations. These modules are:

* Customer Relationship Management (CRM)
* Vehicle Sales and Administration (VSA)
* Service Management (SVM)

* Customer Relationship Management
* Vehicle Sales and Administration
* Service Management

* Parts Inventory
* Order Entry and Billing
* Accounts Receivable
* Accounts Payable
* General Ledger
* Purchasing
* Time Card

The Last session I attended was the HP Thin Client which I was very interested. It makes me, "whoah" seeing a new small workstation 1/4 of the real System unit with equal or more capacity than the bigger one. It was really an amazing tech so far I've ever seen.

HP Thin Client...

What is a thin client?
Thin clients are computing devices that function as an access device on a network. These solid-state devices connect over a network to a server where the bulk of the processing takes place. Thin clients have no hard drive, allowing for more secure storage of data and applications on the server. In fact, keystrokes, mouse events and screen images are all that is sent between the client and server. This makes the device much more secure than a standard desktop or notebook computer.
With no hard drive, fan or other moving parts, thin clients have a much longer lifespan than standard computers and use significantly less power. Lower maintenance costs are another benefit as software application updates, virus scanning and patches can be executed on the server. Deployment costs are also reduced as thin clients can be remotely configured and do not need to be set up individually. Break-fix simply requires replacing the thin client.
Why should I consider a thin client solution?
You need to learn more about the HP thin client solution if your business is faced with issues such as:
• Desktop replacement costs
• Network security
• Data access to mobile or remote workers
• Supporting application software on diverse hardware, or
• Ensuring your data remains accessible and secure
Thin clients are ideal solution for today's healthcare, industrial, retail, financial and education industries offering a number of benefits to your business.
Enhanced security
Unlike a traditional desktop or notebook computer, no applications or data are stored locally on the thin client. This makes them easy to replace if lost, stolen or damaged. Thin clients are an ideal choice for businesses that are facing increased regulatory compliance laws such as HIPAA or Sarbanes-Oxley.
Easier manageability
Thin clients are managed at the server, located within the data center. The client hardware has fewer points of failure and lacks a hard drive for storage providing protection from viruses and malware. Thin clients connect to servers via web browsers or remote desktop software. Depending on the functionality the user needs, client desktops can be very simple single-application kiosks or a flexible and familiar Windows environment.
Thin clients can be set up out of the box in less than 10 minutes allowing easy deployment to new users or remote locations. HP thin clients can be remotely configured and managed via management software included at no extra charge.
High reliability
With thin client access devices, business continuity is a given in the event of a natural disaster, as the data and applications are not resident on the client device. Because of their solid state design, thin clients have an extended product life of up to 5 years and can be cost effectively replaced if needed.
Thin clients are ideal for environments unsuited for traditional desktop computers like dusty, remote or space-constrained environments. They can be mounted invisibly behind a flat panel monitor, under the desk or just about anywhere with the optional VESA (Video Electronics Standards Association)-compatible HP Quick Release.
Increased energy efficiency
Thin clients offer significant savings in power usage over traditional desktops. This is realized not only in energy costs but reduced air-conditioning costs in some cases. With their long lifecycle thin clients allow companies to achieve energy savings targets and reduce the need for replacement equipment.
Lower total cost of ownership
The increased security, reliability and ease of management contribute to a lower total cost of ownership for your client computing devices. With a longer useful lifespan, thin clients contribute to cost savings. According to a study by Gartner (TCO Comparison of PCs with Server-Based Computing, June 2006) thin client TCO annual savings have been measured as high as:
• 79% less downtime cost per user
• 16% capital cost savings
• 34% less in maintenance
• 19% less to operate
• 48% overall lower total cost
HP's Client Virtualization Solutions
HP offers a complete solution of thin client devices for essential, mainstream, flexible or specialized computing. HP can also provide all the related products and services for remote client computing or desktop virtualization including blade PCs, storage, networking and servers.





Reference:

http://www.microsoft.com/windowsserver2008/en/us/active-directory.aspx
http://technet.microsoft.com/en-us/library/cc771234(WS.10).aspx
http://4sysops.com/archives/windows-server-2008-read-only-domain-controller-rodc/
http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx
http://4sysops.com/archives/windows-server-2008-nap-network-access-protection-infrastructure/
http://www.petri.co.il/understanding-windows-server-2008-core.htm
http://www.jupitersystems.com.ph/product.aspx?prod_id=1
http://www.hp.com/sbso/solutions/pc_expertise/article/thinclients_consider.html