Editor's Best
The editors of Windows IT Pro designate top products in 13 categories.
July 24, 2007
Hardware
Our hardware coverage at Windows IT Pro runs the gamut from high-endserver powerhouses to the tiniest of useful USB storage gadgets, and when I peruse that coverage, how can I help but notice the way one monstrous servertowers over everything? If you're seeking a true workhorse for a demanding environment, I can think of no higher endorsement than this: "The HP ProLiant DL585is the fastest system I've ever tested." So says Michael Otey, senior technical editorat Windows IT Pro, and reviewer of the system for our July 2006 issue. I spoke to him recently about his testing of the system. "This DL585 was one of the firstdual-core Opteron servers to hit the market, and it provides simply awesome performance," he said.
The 132-pound, 4U rack-mounted machine that he tested included four AMD 880 Opteron dual-core 2.4GHz CPUs, 2GB of RAM, and a battery-backed embedded Ultra3 Smart Array 5i drive connected to four 36GB, 15,000rpm hard disks. The system supports a maximum of 128GB of RAM. You can purchase the DL585 with 32-bit Windows Server 2003Standard Edition or Enterprise Edition, or with 64-bit Windows 2003 Standard or Enterprise x64 Edition. The DL585 comeswith HP Systems Insight Manager and Integrated Lights-Out (iLO) management technology. Insight Manager monitors thesystem, letting you manage it remotely or interactively. The iLO technology enables remote management using virtual KVMover IP through an embedded Web server.
The dual-core DL585 can provide a significant benefit on processor-intensive workloads. During his testing, Michael had trouble creating a workload that would stress the system. "It's note-worthy thatMicrosoft's recent top TPC-H benchmarks were accomplished usingthe DL585," he said. The use of HyperTransport technology, whichspeeds communication between integrated circuits, is one of themain factors in the system's astonishing performance.
Michael concluded, "For the enterprise, one of the really nicefeatures is that this system is also socket-compatible with AMD'snext generation of quad-core processors. Therefore, you can doan in-place upgrade, moving from dual-core to quad-core—gettingan instant boost in processing power—and all you have to do isswap the chips and upgrade the BIOS."
—Jason Bovberg
See Associated Figure
Interoperability
Heroix Longitude is monitoring andreporting software for heterogeneous environments. It runs on multiple Windows and UNIX/Linux platforms and canbe used to monitor application servers;Web servers such as Microsoft IIS andApache; databases such as Microsoft SQLServer, MySQL AB's MySQL, and Oracle;Microsoft Exchange email servers; J2EEservers; and various network devices.
Bret Moeller, CIO of Bunker Hill Community College in Boston, has used Longitude for two years. His IT environmentconsists mostly of Microsoft products but includes Sun Microsystems andApple equipment. He monitors approximately 50 servers and 70 devices (e.g.,switches, routers, firewalls)—all on a 24x7basis. Before switching to Longitude, thecollege's previous monitoring solution, according to Bret, "wasn't dependable[and] failed miserably. We didn't get paged.I didn't know about servers not beingoperational." But he's very happy withLongitude, "even when I get pages at twoo'clock in the morning saying the server is down." He appreciates the software's dependability, and he says he's had nomajor problems with the product.
In addition to Longitude's dependability, Bret also praises the product's reporting capabilities. The software provides graphical reports that show the total hours of server uptime and downtime, as well as percentages. Bret says he runs these reports for his weekly meetings with the college president, and he uses them as an internal marketing tool to tout his servers' uptime. "Everybody seems to think that an hour of downtime is so bad, but [Longitude] plainly shows that [we've had] 99.9 percent uptime, and that one hour in the scheme of things isn't all that bad."
In general, Bret says that Longitude makes his IT department look good because if there's a problem, they can nip it in the bud. He therefore gives the product a five-star recommendation.
—Lavon Peters
Messaging
Most Windows IT Pro readers work in Microsoft Exchange Server environments, so it's easy to forget that viable alternatives to Exchange exist. For small-to-midsized businesses (SMBs) in particular, an easier-to-manage, less costly mail server can make more sense than having an onsite Exchange server that requires IT resources and a budget that SMBs typically lack. Enter Kerio Technologies' Kerio MailServer 6.1. The product, which reviewer John Green designated Editor's Choice in "Groupware Alternatives to Microsoft Exchange" (August 2006, InstantDoc ID 50597) and Michael Otey praised in "Kerio MailServer 6.1" (February 2006, InstantDoc ID 48792) provides a budget- and administration-friendly option for SMBs that want to host their own email services.
Kerio MailServer stands out especially for its well-rounded feature set. It includes just about everything you'd want for business email services—support for SMTP, POP3, and IMAP; antispam and security features such as Bayesian and content filtering, blacklists and whitelists, and reverse DNS lookup; integration with Active Directory (AD); folder sharing; email address aliases, two Web-based email clients (including one for mobile devices); support for Microsoft Outlook and Apple Macintosh clients; and an Exchange migration tool. The only feature missing from the product is IM.
The combination of price (Kerio MailServer starts at a base price of $399 for 10 users) and business-email features convinced Roger McIlmoyle, director of technical services for TLC Vision, to move from Exchange Server 5.5 to Kerio MailServer rather than upgrade to Exchange Server 2003. Roger investigated several products but chose Kerio MailServer because it would work with Outlook as well as the few Macintosh users in his organization.
What made Roger choose Kerio? "It just works," he says. Roger has two Kerio MailServers running about 1,500 mailboxes and processing on average 40,000 email messages a day. He has seen users send attachments as large as 1GB without a hitch. In his opinion, "Performance for price is just amazing."
—Anne Grubb and B. K. Winstead
Microsoft Products
In the past 12 months, Microsoft released Windows Vista, Office 2007, Exchange 2007, Microsoft Office SharePoint Server 2007 (MOSS), Forefront Client Security 2007, System Center Operations Manager 2007 (Ops Manager), System Center Essentials (SCE), Windows Mobile 6, Intelligent Application Gateway 2007 (IAG), and Identity Lifecycle Manager 2007 (ILM). Selecting among these products to designate my Editor's Best is like comparing apples, oranges, and Jupiter.
I was leaning toward picking MOSS on the basis of its importance to the market, value to customers, and the quality of its technology. I asked for advice from readers of Vista UPDATE ("How Does Vista Rank Among the Past Year's Microsoft Releases?" InstantDoc ID 96088). Here's what they said: "As soon as you add the qualifier ‘provided the greatest value,' this becomes a slam-dunk for MOSS (and WSS). While Vista may eventually provide great value to the industry, it's currently relegated to more of a curiosity. Without the MOSS integration features in Office 2007, it's just a new interface on an old product. The others are either too limited in their use or too new to tell," said reader "hlx."
"Yep, MOSS is undoubtedly the biggest ‘mover and shaker' in IT (Microsoft's world at least). It's going to be huge, in small and big businesses alike. The new SharePoint Designer is also going to make the penetration of WSS / MOSS much deeper. And it does provide the greatest value," reader Paul Schnack said.
I did choose MOSS because it has already had more impact on the market than Microsoft's other recent releases. Our publications can hardly keep up with requests for MOSS content. In fact, by popular demand, we've added an Office and SharePoint section to this magazine, and we've even launched a new Web site at http://www.officesharepointpro.com.
Although MOSS's importance to the market and value make it my choice, I need to add a caveat. A reader called "Goatie" provided the following perspective, which I've edited for length: "We're upgrading our intranet and Internet sites to MOSS. Whilst the product is fine, it seems to still be rushed. Most of the table and object documentation does not exist, which makes customizing MOSS (what it's billed as being the best for!) hit-andmiss. Until the developer documentation appears in any usable quantity, I'd be concerned if it was nominated as the best product release of the year." Talk to developers who are implementing MOSS, and you'll find strange performance issues with no documentation as to what the components do and if it is doing it by design or not. Counting the number of people implementing the product is fine, but a better measure is how successful the implementations are.
—Karen Forster
Mobile and Wireless
Research in Motion's BlackBerry has become crucial for enterprises, so it's no surprise that troubleshooting and resolving BlackBerry problems is an important and time-consuming job for IT administrators. Several vendors now offer BlackBerry monitoring and management solutions, but BoxTone for BlackBerry is one-of-a-kind because it monitors every single email message sent to a user's BlackBerry and collects data about the flow of messages to these devices, allowing companies to be proactive about resolving BlackBerry problems.
Chesapeake Energy in Oklahoma City began looking into BlackBerry management products after several instances in which high-level personnel had to wait two or three hours for BlackBerry service. "We were completely reactive, so if anyone was having issues we only knew if they called the Help desk," says Chris Cox, Chesapeake Energy's supervisor of IT operations. Because email is Chesapeake Energy's primary form of communication, it was imperative that the company's employees have BlackBerry service at all times.
After evaluating several products—and having the company's wireless provider offer its recommendation—the company decided to purchase BoxTone for BlackBerry because Chesapeake Energy considered it to be the most mature product in the BlackBerry monitoring and management market. The product's ability to integrate with enterprise management products was one of the deciding factors in Chesapeake Energy's decision to purchase BoxTone for BlackBerry. Chesapeake Energy had been using BoxTone for BlackBerry for three months at the time of this writing, and although the company's Help desk was still receiving just as many BlackBerry tickets as before, IT administrators weren't spending nearly as much time resolving BlackBerry problems. Scott Banks, an administrative services supervisor for Chesapeake Energy, estimates that since the company started using BoxTone for BlackBerry, its IT administrators are saving at least one hour per Help desk ticket because the product troubleshoots BlackBerry problems for them. "[Before implementing BoxTone for Blackberry] we were using upwards of 30 percent of our time just tracking down BlackBerry problems," says Cox.
—Megan Bearly
Networking
The network-management marketplace is flooded with products that claim to help you better oversee your network infrastructure and environment. I talk to vendors around the world, and each one seems to offer a unique answer to that age-old IT administrator plea: How can your product make my life easier?
One network-monitoring product that has really stood out from its competitors over the past year is NETIKUS.NET's EventSentry 2.72, a proactive, real-time solution that watches over your servers, workstations, and network devices. EventSentry's primary components—event log monitoring, system health monitoring, basic network monitoring—might seem standard parts of a typical monitoring solution, but NETIKUS.NET goes further to provide open-source flexibility (e.g., withits multiple database options), environment monitoring (e.g., motion, water, smoke), and even a downscaled freeware version (EventSentry Lite).
To get a feel for EventSentry in action, I contacted Ron Pugh, senior network engineer at Prosper Marketplace. Pugh heads up an environment of about 50 servers running Windows Server 2003. Ron had been on the lookout for just the right network-monitoring tool and found it in EventSentry. "I needed to consolidate my Windows event logs for monitoring, archiving, and reporting," he said. "The ability to monitor event logs for different levels of error messages, types of error messages, and the message text within those error messages is my favorite and most useful feature. And the ability to direct any of those messages to be written to database or sent to my email/pager is most important. I also wanted a place to store performance counters so that I could report on those."
When I met NETIKUS.NET founder Ingmar Koecher last year, he struck me as a modest guy who's really invested in the happiness of his customers. And it's easy to see why. Koecher started out as a systems administrator himself, and his mission in creating EventSentry was to create an affordable, easy-to-use product that IT administrators actually enjoy using. "What makes our product unique is the way it bridges the gap between open-source and expensive commercial solutions," Koecher told me. Ron backs up the impression of Koecher's company as customer-oriented: "The customer support is extremely responsive. They've provided me any fixes I need in a timely manner."
Ron's relationship with NETIKUS.NET involves give-and-take. "The company has implemented a lot of EventSentry improvements on my request—for example, file/ directory monitoring and performance-counter logging. However, I would like to see more drag-and-drop capabilities in the administration UI." Sounds like Ron has another request to put in—and you can bet NETIKUS will listen.
—Jason Bovberg
Scripting
It's time for a short pop quiz: Automating tasks can save time and money. True or False? I've taken the time to learn how to write scripts that automate tasks. True or False?
If you're like most systems administrators, your answers are True and False, respectively. Let's face it—the benefits of scripting are undeniable, but learning the craft isn't exactly easy. It takes time and practice. Fortunately, there are automation products available to do the scripting for you. One of the best products I've encountered is Network Automation's AutoMate 6.0. Using its drag-and-drop task-building capability, you can automate virtually any task in any business process without writing any code. AutoMate is also scheduling software, so you're able to not only automate tasks but also to configure them to run according to a schedule or when an event-based trigger (e.g., a Windows event log entry or an exceeded system threshold) occurs.
The fact that AutoMate has both automation and scheduling capabilities is a main reason why the University of Texas M. D. Anderson Cancer Center in Houston decided to purchase the product five years ago. "Up until the time we got AutoMate, we had not found a tool that did both automation and scheduling within a single application," says Juan O. Garcia, the center's systems analyst. "Aside from that, most of the automation tools we looked into contained only basic functionality. AutoMate went above and beyond that by sending notifications about failures and/or successes. It also has some neat error-handling options." The only feature Garcia wishes the product would include is Web deployment capabilities.
Garcia notes that the Anderson Cancer Center uses AutoMate to automate numerous FTP, data-manipulation, and application tasks. The center automates thousands of file and data transfers (via FTP) that occur among the center's critical nurse-staffing, attendance, and HR systems. The center also automates data-manipulation tasks. "Here at Anderson, we have lots of data that comes out of systems, so there's a lot of data manipulation that we have to do. Because it's repetitive work, we use AutoMate to clean up and sort the data." The application tasks that the center automates are the kind of tasks you'd automate with macros but at a more sophisticated level.
Garcia estimates the Anderson Cancer Center is enjoying an annual full-time equivalent (FTE) savings ranging from 0.5 to 0.8, depending on the particular system AutoMate is being implemented on. (The highest FTE a product can have is 1.0, which means it's equivalent to a full-time worker.) Perhaps more important, having this product offers peace of mind. "Although the IT staff is basically 8 to 5, the health care staff works 24x7, so it's important for us to have software that automatically handles errors and notifies IT staff of any problems," explains Garcia.
—Karen Bemowski
Security
In a year in which data leakage was a hot topic and stories about companies losing control of thousands of customer records became a staple of the nightly news, security vendors rose to the challenge, offering encryption and other protection solutions for data that's stored and accessed within the enterprise as well as traveling with an increasingly mobile workforce. A data encryption solution for USB drives, RedCannon's KeyPoint solution, is my Editor's Best choice in security.
As John Jeffries, RedCannon Security vice president of marketing, puts it, "USB drives are in the enterprise and out of control." KeyPoint's value proposition is to manage these devices so that they continue to be a convenient vehicle for carrying corporate information but don't become a security threat. KeyPoint can harness a USB drive and turn it into a thin client that performs health checks on the PC it's plugged into, strongly authenticates the user to the corporate network (by using RSA one-time passwords), establishes a Juniper VPN connection, and even lets the user access applications via a corporate Citrix server. These secure remote-access features make KeyPoint stand out in a crowded field of USB drive encryption solutions.
However, KeyPoint's main function is to centralize control over all the USB drives in your organization. The KeyPoint Alchemy server appliance can provision and manage drives from almost any manufacturer, so you can leverage drives that you might already have purchased. You can set policies to encrypt any data that's copied to drives and to lock out or destroy the data on drives that are lost or stolen. Other differentiators, according to Jeffries, are that KeyPoint Alchemy can push policies and documents out to the drives and can monitor any access of a drive (even when the drive is offline) and report it back to the Alchemy server. Thus you have a complete auditable record of the activity on a drive if it's temporarily misplaced and so can determine what action to take if it's subsequently recovered.
—Renee Munshi
Storage
If you own or work in a small-to-midsized business (SMB), you know that choosing and managing any type of storage technology—whether DAS, SAN, or NAS—can be difficult. Additionally, you likely have a limited staff and resources at your disposal. My pain reliever for your storage headache is StoreVault S500. This product is an all-in-one storage solution, with NAS and SAN support out of the box and ranging in capacity from 1TB to 6TB. StoreVault is a division of Network Appliance (NetApp) devoted entirely to SMBs. StoreVault's General Manager Sajai Krishnan explains, "NetApp created StoreVault for IT generalists—people who work on all aspects of IT. And because we've typically focused on enterprise customers, almost ninety percent of the StoreVault division staff was brought from the outside to help better serve our new customers."
I spoke with StoreVault customer Gary Hensel, director of IT for FES Systems, about his reasons for purchasing StoreVault S500. Gary told me that one of the reasons FES Systems purchased the product was because StoreVault is part of NetApp. Gary says, "NetApp is a great brand and is very highly respected. NetApp has always been associated with the higher-end market, so when they create a division strictly for SMBs, you take notice. In fact, we already had a storage solution on order from another vendor but cancelled when we heard about StoreVault." Gary also pointed to the product's iSCSI support, which lets him connect StoreVault S500 directly to his network, turning it into its own file server. He also likes the product because it's very affordable, starting at just $6,000. Along with the favorable pricing, the product's multiple configurations really help Gary configure the unit to his business needs. For example, StoreVault S500 supports as many as 12 disk drives—right now, FES Systems is using 7 of them.
StoreVault S500's data management features are worthy of mention. The solution comes equipped with the StoreVault Manager, which provides volume management, snapshot scheduling, and capacity allocation. (For more details about StoreVault S500, see John Green's comprehensive product review in the June 2007 issue, InstantDoc ID 95847.)
—Blake Eno
See Associated Figure
SharePoint
You've most likely heard the business catchphrase "location, location, location" more than a few times. In today's interconnected world, a more appropriate business term might be collaboration, collaboration, collaboration, which technology has made possible no matter your location. Businesses have discovered the value of Microsoft's SharePoint collaboration platform for sharing information with internal users and are now looking to extend that capability to people outside the corporate network. Partners, vendors, clients, and service providers can all benefit from easy information access, but opening up SharePoint sites to external entities can create a tremendous burden for the IT pros tasked with managing and securing these SharePoint sites and their users. SharePoint Solutions' Extranet Collaboration Manager (ExCM) for SharePoint 2007, my Editor's Best selection for the SharePoint space, can help lighten this burden for SharePoint administrators. ExCM is a SharePoint add-on that provides provisioning, security, and monitoring functionality to extranet sites. It also takes advantage of SharePoint's form-based authentication (FBA), which simplifies the user logon experience and provides a wide range of options for storing extranet user data separately from your internal user accounts.
To get a customer's perspective on this solution, I talked with Dave Chan, senior systems administrator for Draftfcb, a large advertising agency with headquarters in Chicago and New York City. He said, "We chose SharePoint Solutions' ExCM because we needed a way to manage external users (e.g., clients, vendors) accessing our SharePoint sites. There are several ways to manage those users out-of-the-box: either by creating Active Directory accounts, creating a separate AD farm for external users, or using a straightforward FBA model, but those options wouldn't have solved the system administrators' major problem of user management." He said that the one feature that stands out for him is the invitation option. This option lets delegated administrators (which can be established per site collection) invite new users and takes user management away from the systems administrators and assigns it to the site collection owners. After thorough internal testing of ExCM, David believes it will fully meet his company's needs.
—Gayle Rodcay
Systems Management
Peace of mind is something IT pros want but don't often have—there's always something, somewhere, that can and will go wrong with your system. In the huge number of systems management products that come across my desk, I've seen many solutions that deal with Active Directory (AD), Group Policy, identity and access management, and Help desk management. But for sheer peace of mind, one solution stands out: NetPro's ChangeAuditor, a real-time auditing and reporting solution that details changes to AD, file servers, and Microsoft Exchange.
As Senior Windows Administrator, Microsoft MVP, and Windows IT PRO contributor Eric Rux says, "I've written about file security and how to set it up. But what about after the fact—one year after you set up your new file structure, is it still in good shape? Have the users been following the rules? I inherited my current AD, so sometimes I wonder what the previous admin did before he left. I would use this product to put my mind at ease."
Charles Campbell, manager of end-user computing at a US port authority that oversees a seaport and several airports, echoes Eric when he says, "It's great peace of mind." Charles says his biggest challenge is keeping disparate systems up and running. "We've got so many systems based on so many OSs. We have everything from desktops and servers to access control for doors and cameras and parking systems." Before ChangeAuditor, Charles used GFI LANguard security tools. The reason he chose ChangeAuditor was that the interface seemed easy to use and was simple but powerful. ChangeAuditor did a lot more than previous tools and included AD monitoring.
"It's lived up to our expectations," Charles says. "One thing it's done is allow us to give more access rights to lowerlevel staff. This frees up our higher-level staff to do value-added tasks." ChangeAuditor keeps all information in a database, and you can run reports on what people are doing, including all users, groups, and passwords added. Charles says, "It gives our system administrators metrics."
Charles likes ChangeAuditor's instant alerting function, which proved itself by catching some consultants who were doing their job. "We had security guys come in to do testing. They tried elevating privileges using a hack and we caught them. Stopped them in five minutes."
Would Charles recommend ChangeAuditor? He says, "Anyone who has AD in their shop should seriously look at this product. It pays for itself. It's made our system the best it could be."
—Caroline Marwitz
Training and Certification
My Editor's Best choice in Training and Certification is AppDev's KSource Online Learning. KSource's rich media IT training modules help consulting companies like Magenic Technologies fill in their training gaps and stay on top of business. Minnesota-based Magenic has built a reputation as one of the technology industry's most trusted consulting companies. A Microsoft Gold Certified Partner, Magenic this year won Microsoft's Worldwide Partner Award for Technical Innovation in Custom Development Solutions. "Our firm is well-known for our extremely experienced Microsoft technologists," says Tony Mohl. Tony manages Magenic's Delivery Center, which allows the company to execute consulting projects without having to be on a customer's site.
This reverse outsourcing (which, because Magenic is located in the land of 10,000 lakes, the company refers to as "lake-sourcing") requires that Magenic consultants be deeply versed in Microsoft technologies. Until three years ago, Magenic hired consultants who had experience with all areas of Microsoft's technology. However, the proliferation of technologies such as SQL Server and SharePoint and new scripting languages made finding consultants with the right experience a difficult task.
Today, Magenic can hire professionals with in-depth knowledge of a few technologies and let KSource's topicbased training modules bring them up to speed with the rest. Since implementing KSource, Magenic has seen a significant ROI in soft costs. "Before KSource, I had our employees training out of costly textbooks and then passing ad hoc technical exams before I could place them on a customer's project," Tony says. The whole process took an average of five to six weeks and usually included a costly Microsoft boot camp. Using KSource, we can train employees in two weeks, courses and exams included, and they retain a higher degree of Microsoft knowledge." KSource is available in both hosted and installed configurations, but Tony says that what really sets AppDev apart is customer service. He says, "When a new module comes out, I get it implemented almost instantaneously, and I can get legacy courses, such as Visual Basic 6, on demand. The AppDev team is fantastic to work with."
—Sam Davenport
See Associated Figure
Virtualization
Virtualization is the future of computing, not only for server consolidation but also at the desktop level. If you haven't already begun looking into the technology, you will soon. It's inevitable, whether you're a large corporation looking to tame bloat or a smaller company needing to simplify administration and reduce costs. If you head up a small-to-midsized business (SMB), you've probably turned first toward VMware, probably the most wellknown virtualization platform on the planet. VMware offers all the features you need, but perhaps you've been a bit intimidated by that company's pricing structure. Virtual Iron Software is positioned in the market as a strong VMware competitor—with much of the same functionality at a fraction of the price. Virtual Iron 3.1, my Virtualization Editor's Best choice, the company's enterprise-class virtualization platform, is based on the open-source Xen hypervisor and runs unmodified 32-bit and 64-bit Windows and Linux OSs with near-native performance. Using Virtual Iron's Virtualization Manager, you can control, monitor, modify, and automate virtual resources.
To get a feel for Virtual Iron in the real world, I spoke with Paul Joncas, CEO of Meganet Communications, an ISP/managed services company with 23 employees. Meganet's environment, characterized by many standalone servers, faced mounting space, heat, and power-usage problems. Paul tried various methods to increase efficiency and eventually faced the prospect of virtualization. He told me, "We spoke with three companies, including VMware and Virtual Iron, and we zeroed in on Virtual Iron immediately, for several reasons. First, Virtual Iron offered a lot of the same features as VMware, which was great because we felt that we weren't a big enough fish for VMware. Second, Virtual Iron's pricing was certainly attractive—about $600 or $700, compared with $4000 for VMware—although price wasn't really the determining factor for us. What it really came down to was the eagerness and availability of Virtual Iron's support for even the most minute, seemingly trivial questions. We were about to move into a totally different world, from stand-alone servers to a virtualized environment, so we obviously didn't take this very lightly. Virtual Iron gave us all the attention we needed."
Today, Paul talks enthusiastically about his new streamlined server room: "We're realizing big electricity savings and heat reduction. Over the next six months, we're looking forward to further emptying out our server room and having everything running on the Virtual Iron platform."
—Jason Bovberg
About the Author
You May Also Like