Tag Archives: features

Dreamforce brings Salesforce products upgrades

Users can anticipate more Einstein AI features to be integrated with Salesforce products and more news about the CRM vendor’s recent acquisitions and how they will play pivotal roles in the Salesforce platform.

Salesforce is expected to unveil the Einstein and acquisition developments at Dreamforce, the company’s annual customer conference in San Francisco that attracts nearly 150,000 attendees.

Analysts said they expect substantial upgrades to core Salesforce systems and more use cases for Einstein and how recent acquisitions of CloudCraze and MuleSoft fit into the Salesforce ecosystem.

“Salesforce is trying to tell the story that they are the customer success platform for all companies, B2B, B2C and companies that operate in both industries,” said John Bruno, an analyst at Forrester.

Bruno added that he expects more keynotes than usual from companies like Adidas that show how Salesforce products allow companies to work with a variety of customers, from both the business and consumer sectors.

“I think you’ll hear a tight story around exactly how Salesforce and CloudCraze and Commerce Cloud fit for B2B and B2C companies,” Bruno said. “Is it going to be prime time ready? No, but they will target that story because Salesforce hasn’t told that story great.”

Attendees at Dreamforce 2017 in San Francisco
Users can learn about new upgrades and features for all Salesforce products at Dreamforce conference.

New Quip Slides system

Meanwhile, Salesforce said Sept. 17, a week before Dreamforce, that it will be showing at the conference PowerPoint-esque upgrade to its content collaboration platform, Quip, called Quip Slides.

Quip Slides is an AI-assisted platform to help workgroups create interactive presentations mainly for internal meetings and training. It features real-time collaboration, charting, live data, feedback prompts and engagement insights.

Another feature in Quip is Salesforce partner-built Live Apps, which enable work teams to embed Box and Dropbox files into Quip.

Integrating the Integration Cloud

The CloudCraze acquisition was just one of several the San Francisco-based CRM giant made to improve its suite of products. Salesforce spent $6.5 billion to acquire MuleSoft and build out what it’s calling the Integration Cloud.

What Salesforce is recognizing is there’s a whole different set of roles for how you manage customers now.
John Brunoanalyst, Forrester

Paul Greenberg, founder and analyst at The 56 Group, said he sees the name “Integration Cloud” as a misnomer, but that he thinks the MuleSoft purchase is a pivotal acquisition to bolster Salesforce.

“Despite its silly name as Integration Cloud, MuleSoft was a smart acquisition as it gives Salesforce access to all these different layers of service and does a lot of things Salesforce couldn’t previously do,” Greenberg said. “For integrations to succeed, it’s not just about building on the Salesforce platform. Without MuleSoft it was harder to build out integrations.”

With many organizations working to upgrade legacy systems and update their processes and provide  customers with a modern experience, the ability to connect legacy systems to current platforms is often laborious. Salesforce hopes its Integration Cloud will help ease that transition.

“We’ve ended up in a hybrid world,” said Michael Fauscette, chief research officer at G2 Crowd. “We’ve created so many data silo issues and it’s incumbent on the platform players to provide the ability to get past that.”

Continuing with business transformation

In addition to the expected unveiling of Integration Cloud and B2B commerce use cases, Salesforce is anticipated to continue its strategy of bringing together different customer-facing departments to help curate better customer experiences.

“I don’t think it’s a fully mature or fully conscious Salesforce strategy, but Salesforce is drilling down toward more personalization,” Greenberg said. “Salesforce’s Connections conference was the first step to that public story where we saw Marketing Cloud, Sales Cloud and Service Cloud becoming cross clouds in more significant ways than ever before.”

Bruno, from Forrester, agreed that organizational transformation and how Salesforce products can help is a major theme for Salesforce.

“What Salesforce is recognizing is there’s a whole different set of roles for how you manage customers now,” Bruno said. “I can see themes where [Salesforce] recognizes businesses have changed, customer engagement has changed and they are trying to provide solutions to account for that.”

More than just Salesforce products

Beyond the larger topics around its new acquisitions and customer empowerment, all of the core Salesforce products are expected to receive upgrades and users will be able to attend sessions with roadmaps outlining the future for Salesforce products.

“A core part of Dreamforce is about unveiling new innovations and it’s what customers have come to expect,” said Brigitte Donner, VP and conference chair for Dreamforce, at Salesforce. “We have more product keynotes planned than ever before.”

Donner added that the theme for Dreamforce is “change,” extending beyond just Salesforce products to larger social issues, with the first climate summit planned at Dreamforce this year, as well as Salesforce bringing back an equality summit.

Dreamforce takes place Sept. 25 to 28. Check SearchSalesforce.com for daily conference coverage.

Are SD-WAN security concerns warranted?

Are software-defined WAN security features sufficient to handle the demands of most enterprises? That’s the question addressed by author and engineer Christoph Jaggi, whose SD-WAN security concerns were cited in a recent blog post on IPSpace. The short answer? No — primarily because of the various connections that can take place over an SD-WAN deployment.

“The only common elements between the different SD-WAN offerings on the market are the separation of the data plane and the control plane and the takeover of the control plane by an SD-WAN controller,” Jaggi said. “When looking at an SD-WAN solution, it is part of the due diligence to look at the key management and the security architecture in detail. There are different approaches to implement network security, each having its own benefits and challenges.”

Organizations contemplating SD-WAN rollouts should determine whether prospective products meet important security thresholds. For example, products should support cryptographic protocols and algorithms and meet current key management criteria, Jaggi said.

Read what Jaggi had to say about the justification for SD-WAN security concerns.

Wireless ain’t nothing without the wire

You can have the fanciest access points and the flashiest management software, but without good and reliable wiring underpinning your wireless LAN, you’re not going to get very far. So said network engineer Lee Badman as he recounted a situation where a switch upgrade caused formerly reliable APs to lurch to a halt.

“I’ve long been a proponent of recognizing [unshielded twisted pair] as a vital component in the networking ecosystem,” Badman said. Flaky cable might still be sufficient in a Fast Ethernet world, but with multigig wireless now taking root, old cable can be the source of many problems, he said.

For Badman, the culprit was PoE-related and once the cable was re-terminated and tested anew, the APs again worked like a charm. A good lesson.

See what else Badman had to say about the issues that can plague a WLAN.

The long tail and DDoS attacks

Now there’s something new to worry about with distributed denial of service, or DDoS, attacks. Network engineer Russ White has examined another tactic, dubbed tail attacks, which can just as easily clog networking resources.

Unlike traditional DDoS or DoS attacks that overwhelm bandwidth or TCP sessions, tail attacks concentrate on resource pools, such as storage nodes. In this scenario, a targeted node might be struggling because of full queues, White said, and that can cause dependent nodes to shut down as well. These tail attacks don’t require a lot of traffic and, what’s more, are difficult to detect.

For now, tail attacks aren’t common; they require attackers to know a great deal about a particular network before they can be launched. That said, they are something network managers should be aware of, White added.

Read more about tail attacks.

VMware takes NSX security to AWS workloads

VMware has introduced features that improve the use of its NSX network virtualization and security software in private and public clouds.

At VMworld 2018 in Las Vegas, VMware unveiled an NSX instance for AWS Direct Connect and technology to apply NSX security policies on Amazon Web Services workloads. Also, VMware said Arista Networks’ virtual and physical switches would enforce NSX policies — the result of a collaboration between the two vendors.

VMware is applying NSX security policies, including microsegmentation, on AWS workloads by adding support of NSX-T to VMware Cloud on AWS. NSX-T provides networking and security management for containers and non-VMware virtualized environments. VMware Cloud on AWS is a hybrid cloud service that runs the VMware software-defined data center stack on AWS.

The latest AWS feature is in NSX-T Data Center 2.3, which VMware introduced at VMworld. Other features added to the newest version of NSX-T include support for containers and Linux-based workloads running on bare-metal servers. NSX-T uses Open vSwitch to turn a Linux host into an NSX-T transport node and to provide stateful security services.

VMware plans to release NSX-T 2.3 by November.

NSX on AWS Direct Connect

To help companies connect to AWS, VMware introduced integration between NSX and AWS Direct Connect. The combination will provide NSX-powered connectivity between workloads running on VMware Cloud on AWS and those running on a VMware-based private cloud in the data center.

AWS Direct Connect lets companies bypass the public internet and establish a dedicated network connection between a data center and an AWS location. Direct Connect is particularly useful for companies with rules against transferring sensitive data across the public internet.

Finally, VMware introduced interoperability between Arista’s CloudVision and NSX. As a result, companies can have NSX security policies enforced on Arista switches running either virtually in a public cloud or the data center.

Arista CloudVision manages switching fabrics within multiple cloud environments. Last year, the company released a virtualized version of its EOS network operating system for AWS, Google Cloud Platform, Microsoft Azure and Oracle Cloud.

VMware is using its NSX portfolio to connect and secure infrastructure and applications running in the data center, branch office and public cloud. For the branch office, VMware has integrated NSX with the company’s VeloCloud software-defined WAN to provide microsegmentation for applications at the WAN’s edge.

VMware competes in multi-cloud networking with Cisco and Juniper Networks.

Understand Windows Insider Program for Business options

The Windows Insider Program for Business provides features that help IT plan for and deploy GA builds when they arrive.

The Windows Insider Program, which Microsoft introduced in 2014, lets IT try out new features in the upcoming Windows release before Microsoft makes them generally available. Microsoft added the Windows Insider Program for Business in April 2018 to provide organizations with tools to better prepare for upcoming releases.

Windows Insider Program for Business

Microsoft designed the Windows Insider Program for Business specifically for organizations to deploy preview builds from Windows 10 and Windows Server to participating employees for testing before they are GA.

IT pros can register their domains with the service and control settings centrally rather than registering users or configuring machines individually. Individual users can also join the Windows Insider Program for Business on their own, independently of IT’s corporate-wide review.

Microsoft designed the Windows Insider Program for Business specifically for organizations to deploy preview builds from Windows 10 and Windows Server to participating employees for testing before they are GA.

The preview builds don’t replace the channel releases because IT doesn’t deploy the new builds across its organization. They’re simply earlier Windows 10 builds IT teams can use to prepare their organizations for the updates.

The Windows Insider Program for Business preview build releases make it possible for IT to implement new services and tools more quickly once the GA release is available. The previews also help IT ensure that Microsoft addressed data security and governance issues in advance of the release.

The Windows Insider Program for Business allows administrators, developers, testers and other users to see what effect a new release might have on their devices, applications and infrastructures. Microsoft includes the Feedback Hub for IT pros and users to submit reactions about their experiences, make requests for new features and identify issues such as application compatibility, security and performance problems.

Microsoft also offers the Windows Insider Lab for Enterprise, a test deployment for insiders who Microsoft specially selects to test new, experimental or prerelease enterprise security and privacy features. The lab provides insiders with a virtual test infrastructure that comes complete with typical enterprise technologies such as Windows Information Protection, Windows Defender Application Guard and Microsoft App-V.

Getting started with the insider program

Microsoft recommends organizations sign up for the Windows Insider Program for Business and dedicate at least a few devices to the program. IT pros must register their users with the service and set up the target devices to receive preview builds.

Microsoft also recommends that organizations use Azure Active Directory work accounts when registering with the service, whether an organization registers users individually or as part of a domain account. A domain registration makes it easier for IT to manage the participating devices and track feedback from users across the organization. Users that want to submit feedback on behalf of the organization must have a domain registration, as well.

IT can install and manage preview builds on individual devices or on the infrastructure and deploy the builds across multiple devices in the domain, including virtual machines. Using Group Policies, IT can also enable, disable, defer or pause preview installations and set the branch readiness levels, which determine when the preview builds are installed.

Microsoft’s three preview readiness branches

IT can configure devices so the preview builds install automatically or allow users to choose their own install schedules. With mobile device management tools such as Microsoft Intune, IT can take over the preview readiness branch settings, assigning each user one of three preview deployment branches.

Fast. Devices at the Fast level are the first to receive build and feature updates. This readiness level implies some risk because it is the least stable and some features might not work on certain devices. As a result, IT should only install Fast builds on secondary devices and limit these builds to a select group of users.

Slow. Devices at the Slow level receive updates after Microsoft applies user and organization feedback from the Fast build. These builds are more stable, but users don’t see them as early in the process compared to the Fast builds. The Slow level generally targets a broader set of users.

Release Preview. Devices at the Release Preview level are the last to receive preview builds, but these builds are the most stable. Users still get to see and test features in advance and can provide feedback, but they have a much smaller window between the preview build and the final release.

Is the Windows Insider Program for Business for everyone?

An organization that participates in the Windows Insider Program for Business must be able to commit the necessary resources to effectively take advantage of the program’s features. To meet this standard, organizations must ensure that they can dedicate the necessary hardware and infrastructure resources and choose users who have enough time to properly test the builds.

An organization’s decision to invest in these resources depends on its specific circumstances, but deploying a Windows update is seldom without a few hiccups. With the Windows Insider Program for Business, IT can avoid some of these issues.

Amazon Chime app adds dial-out, single sign-on features

Amazon Web Services has been gradually building out the features of Amazon Chime, as the tech giant struggles to attract corporate interest in the online messaging and meetings platform.

AWS added a dial-out function to the Amazon Chime app this week so that users can program the app to call a phone number at the start of a meeting. The feature will simplify the process of connecting to meeting audio for attendees who are away from their desks. 

AWS also recently announced it would integrate the Amazon Chime app with the software of Okta, a leading single sign-on vendor. Okta’s platform consolidates the username and password information of an organization’s apps so that users only have to remember one set of sign-on credentials.

Last month, AWS made it possible to conduct a Chime video meeting in Google Chrome. While all major browsers support messaging and most non-video meeting features, Chrome is the only internet client that supports Chime video conferencing. (Users can also install a desktop app.)

“I see these largely as incremental improvements that allow Amazon to better compete with the likes of Zoom, BlueJeans, GoToMeeting, Cisco Webex, etc.,” said Irwin Lazar, analyst at Nemertes Research, based in Mokena, Ill.

Businesses expect all online meetings platforms to support in-browser video conferencing at this point, while single sign-on is a must-have feature for many large organizations, Lazar said.

Amazon Chime app trails rivals as AWS seeks greater share of collaboration market

Launched in February 2017, Amazon Chime is still playing catch-up with more established online meetings platforms. Amazon has stepped up efforts to penetrate the enterprise market in recent years, including with the release of the contact center platform Amazon Connect.

Alexa for Business, an enterprise version of the vendor’s popular AI voice assistant, has the potential to gain traction in the enterprise market, said Wayne Kurtzman, analyst at IDC. The Amazon Chime app, however, is not yet on the radar of many companies, he said.

“While Alexa for Business will gain traction over time, mostly integrated with other products, Amazon has to prove that Chime will be here for the long haul, be better than competitors and be a trusted part of a custom, cloud-based IT stack,” Kurtzman said.

Amazon is not the only consumer tech giant making a play at the enterprise collaboration market. Google also recently released a team collaboration app, Hangouts Chat, and an online meetings platform, Hangouts Meet.

AWS, a $17.5 billion division of Amazon, has sought to use low and flexible pricing to attract businesses to Amazon Chime.

When Chime first launched, AWS gave customers the ability to prorate the subscription fees of individual users by activating and deactivating their licenses on demand. Later, the vendor implemented a usage-based pricing system that costs $3 every time a user hosts a meeting, for a maximum of $15 per user, per month.

In announcing usage-based pricing in March, AWS said it expected the new scheme would reduce the bills of virtually all premium customers of Amazon Chime. Nevertheless, aggressive pricing hasn’t been enough to draw attention from tech buyers.

“I rarely hear about Chime,” said Alan Lepofsky, analyst at Constellation Research, based in Cupertino, Calif. “I think Chime could have an interesting differentiation if Amazon made it very easy for developers to add voice and video features to custom applications. That would make Chime more of a competitor to Twilio than to Webex.”

Microsoft Skype for Business update fixes Mac bugs

The latest software patch for on-premises Skype for Business eliminates bugs and adds features for users that run the Microsoft platform on Mac OS, narrowing an already minimal gap between the Mac and Windows clients.

For Mac users, the Skype for Business update lets delegates — users designated to receive someone else’s calls — create and edit a meeting on behalf of a colleague. Also, users can now be made a delegate even if their account isn’t part of an organization’s enterprise voice plan.

Microsoft has enabled video-based screen sharing for Mac users, the result of a next-generation screen-sharing protocol that the vendor added to Skype for Business earlier this year. The new system is faster and more reliable than the traditional method and works better in low-bandwidth conditions.

The Skype for Business update, available for download now, also fixes several bugs on the Mac client, including a flaw that prevented users from joining a meeting hosted by someone outside their organization.

Microsoft seems to announce updates to the Mac client more quickly than it does for other changes to the Skype for Business platform, and describes Mac upgrades in more detail, said Jim Gaynor, a vice president of the consulting group Directions on Microsoft, based in Kirkland, Wash.

“There are still a few gaps between SfB Mac and Windows clients, most around some of the advanced call control features, file upload/sharing, and the ability to upload PowerPoint decks for online presentations,” Gaynor said. “But they’re fairly minimal.”

Skype for Business 2015 server nears its end of life

The improvements to the Mac client were among roughly 40 enhancements released as part of Microsoft’s biannual update to the Skype for Business 2015 server.

This summer’s Skype for Business update introduces location-based routing for Skype for Business mobile clients. The feature gives businesses more control when steering calls between VoIP and PSTN endpoints based on geography.

Microsoft is expected to stop releasing feature updates and bug fixes for the 2015 server in fall 2020, the end of the typical five-year lifespan for the product.

The vendor recently published a preview of the 2019 server, which is due out by year’s end. That server will extend support for on-premises Skype for Business for at least another five years, primarily to serve large organizations that are not ready to migrate to Skype’s cloud-based successor, Microsoft Teams.

The 2019 server will encourage businesses to host some telephony and messaging features in the cloud. Meanwhile, Microsoft Teams, a team collaboration app similar to Slack, will soon replace Skype for Business Online within the cloud-based Office 365 suite.

Array bolsters throughput, security in NFV appliance

Array Networks Inc. has introduced an upgrade of its network functions virtualization hardware. New features in the AVX NFV appliance, which provides application delivery, security and other networking operations, include support for 40 GbE interfaces and higher throughput for encrypted traffic.

Array, based in Milpitas, Calif., launched the AVX5800, AVX7800 and AVX9800 appliances this week. Along with support for optional 40 GbE network interface cards (NICs), the latest hardware provides a significant improvement in elliptic curve cryptography (ECC) processing over a Secure Sockets Layer virtual private network (SSL VPN).

The new NFV appliances include Array’s latest software release, AVX 2.7. The upgrade provides better fine-tuning of system resources for virtualized network functions running on the platform. Other improvements include the ability to back up and restore AVX configurations and images via USB and an online image repository for software running on AVX appliances.

Array has also added enhancements for companies using the NFV appliance with OpenStack environments. The company has introduced a hypervisor driver that lets the AVX platform serve as an OpenStack compute node.

The AVX NFV platform, launched in May 2017, comprises a series of virtualized servers for running Array and third-party applications, such as Fortinet’s FortiGate next-generation firewall and Positive Technologies’ PT AF web application firewall.

A10 Harmony Controller Update

A10 has launched an upgrade to its Harmony Controller, an application delivery controller, or ADC, that is also a cloud management, orchestration and analytics engine.

A10, based in San Jose, Calif., released Harmony version 4.1 last week, adding improvements to the product’s ability to configure and manage policies across A10’s line of Thunder security appliances.

New features in Harmony include preloaded Thunder ADC services. Also added to the controller is a self-service app for Thunder SSL inspection, which decrypts traffic, so security devices can analyze it.

AVX9800
Array Networks’ AVX9800 NFV appliance

Other improvements include extending Harmony’s analytics history to 12 months, so network operators and security pros can go further back in time when investigating events.

Harmony is a cloud-optimized ADC that can spin up specific services anywhere in a hybrid cloud environment. The software also incorporates per-application analytics and centrally manages and orchestrates application services.

Aviatrix improves its AWS security

Aviatrix has added to its AVX network security software better control over traffic leaving Amazon Web Services. The enhancements provide customers with stronger protection against internal threats and external attacks.

The new AVX capability announced last week focuses on filtering egress data from an AWS virtual private cloud (VPC). An AWS VPC provides a private cloud computing environment on the infrastructure-as-a-service provider’s platform. The benefit of a VPC is the granular control a company can get over a virtual network service serving sensitive workloads.

AVX for AWS VPCs verifies the traffic destination’s IP address, hostname or website, the vendor, based in Palo Alto, Calif., said. An inline, software-controlled AVX Gateway does the VPC filtering and prevents traffic from going to unauthorized locations.

The Aviatrix platform, which comprises a controller and gateway, operates over a network overlay that spans cloud and data center environments. The new VPC egress security feature is available as part of the platform, which is available only as software.

Companies can deploy the Aviatrix product through the AWS marketplace. Aviatrix also has versions of its technology for Microsoft Azure and Google Cloud.

News roundup: Manage employee resource groups and more

This week’s news roundup features a tool to manage employee resource groups, a roadmap for a wellness coaching technology program and an AI-powered platform to match employees with the right insurance options.

Ready, set, engage

Espresa, which makes a platform for automating employee programs, has added new features that can track and manage employee resource groups.

Employee resource groups, which are organically formed clubs of people with shared enthusiasms, are increasingly popular in U.S. corporations. A 2016 study by Bentley University indicated 90% of Fortune 500 companies have employee resource groups, and 8.5% of American employees participate in at least one.

At a time when employee retention has become more critical, thanks to a very tight labor market, employee resource groups can help employee engagement. But the grassroots nature of the efforts makes it hard for both employees and HR departments to track and manage them.

In many companies today, employee resource groups are managed with a cobbled-together collection of wiki pages, Google Docs and Evite invitations, said Raghavan Menon, CTO of Espresa, based in Palo Alto, Calif. And HR departments often have no idea what’s going on, when it’s happening or who is in charge.

“Today, nothing allows the employer or company to actually promote [employee resource groups] and then decentralize them to allow employees to manage and run the groups with light oversight from HR,” Menon explained.

Espresa’s new features give HR departments a web-based way to keep track of the employee resource groups, while giving the employees a matching mobile app to help them run the efforts.

“When employees are running things, they’re not going to use it if it’s an old-style enterprise app,” he said. “They want consumer-grade user experience on a mobile app.”

With Espresa, HR staff can also measure employee resource groups’ success factors, including participation and volunteer activity levels. That information can then be used to make decisions about company funding or a rewards program, Menon said.

An alternate health coach

Is it possible to help an employee with a chronic condition feel supported and empowered to make lifestyle changes using high-tech health coaching and wearable health technology? According to John Moore, M.D., medical director at San Francisco-based Fitbit, the answer is yes.

During World Congress’ 10th annual Virtual Health Care Summit in Boston, Moore outlined a health coaching roadmap designed to help HR departments and employers meet workers where they are.

“Hey, we know the healthcare experience can be really tough, and it’s hard to manage with other priorities,” he said. “We know you have a life.”

Using a health coach, wearables or a mobile phone — and possibly even looping in family and friends — an employee with a health condition is walked through the steps of setting micro-goals over a two-week period. Reminders, support and encouragement are delivered via a wearable or a phone and can include a real or virtual coach, or even a family intervention, if necessary.

The idea, Moore stressed, is to enable an HR wellness benefits program to give ownership of lifestyle changes back to the employee, while at the same time making the goals sufficiently small to be doable.

“This is different than [typical] health coaching in the workplace,” he said. “This is going to be a much richer interaction on a daily basis. And because it’s facilitated by technology, it’s more scalable and more cost-effective. We’ll be able to collect information that spans from blood pressure, to weight, to steps, to glucose activity and sleep data to get the whole picture of the individual so they can understand themselves better.”

This is an in-the-works offering from Fitbit, and it will not be limited to just the Fitbit-brand device. This platform will be based on technology Fitbit acquired from Twine in February 2018. Moore outlined a vision of interoperability that could include everything, from the pharmacy to a glucose meter to, eventually, an electronic health record system. This could work in tandem with a company’s on-site or near-site health clinic and expand from there, he said.

“Technology can help break down barriers that have existed in traditional healthcare. Right now, interactions are so widely spaced, you can’t put coaches in the office every day or every week. There needs to be a way to leverage technology,” he said. “We can’t just give people an app with an AI chatbot and expect it to magically help them. The human element is still a very important piece, and we can use technology to make that human superhuman.”

HR on the go

StaffConnect has released version 2.2 of its mobile engagement platform, which includes new options for customers to create portals for easier access to payroll, training and other HR information and forms. The StaffConnect service can be used by workers in the office and by what the company calls “nondesk employees,” or NDEs.

The company’s 2018 Employee Engagement Survey showed more than one-third of companies have at least 50% of their workforce as NDEs and highlighted the challenges of keeping all employees equally informed and engaged. The survey indicated the vast majority of companies continue to use either email (almost 80%) or an intranet (almost 49%) to communicate with employees, while just 2% of companies reach out via mobile devices.

The company is also now offering a REST API to make it easier to integrate its platform into existing HR services, and it added custom branding and increased quiz feature options to boost customization.

StaffConnect’s new version also offers additional security options and features, including GDPR compliance and protection for data at rest.

Curious About Windows Server 2019? Here’s the Latest Features Added

Microsoft continues adding new features to Windows Server 2019 and cranking out new builds for Windows Server Insiders to test. Build 17709 has been announced, and I got my hands on a copy. I’ll show you a quick overview of the new features and then report my experiences.

If you’d like to get into the Insider program so that you can test out preview builds of Windows Server 2019 yourself, sign up on the Insiders page.

Ongoing Testing Requests

If you’re just now getting involved with the Windows Server Insider program or the previews for Windows Server 2019, Microsoft has asked all testers to try a couple of things with every new build:

  • In-place upgrade
  • Application compatibility

You can use virtual machines with checkpoints to easily test both of these. This time around, I used a physical machine, and my upgrade process went very badly. I have not been as diligent about testing applications, so I have nothing of importance to note on that front.

Build 17709 Feature 1: Improvements to Group Managed Service Accounts for Containers

I would bet that web applications are the primary use case for containers. Nothing else can match containers’ ability to strike a balance between providing version-specific dependencies while consuming minimal resources. However, containerizing a web application that depends on Active Directory authentication presents special challenges. Group Managed Service Accounts (gMSA) can solve those problems, but rarely without headaches. 17709 includes these improvements for gMSAs:

  • Using a single gMSA to secure multiple containers should produce fewer authentication errors
  • A gMSA no longer needs to have the same name as the system that host the container(s)
  • gMSAs should now work with Hyper-V isolated containers

I do not personally use enough containers to have meaningful experience with gMSA. I did not perform any testing on this enhancement.

Build 17709 Feature 2: A New Windows Server Container Image with Enhanced Capabilities

If you’ve been wanting to run something in a Windows Server container but none of the existing images meet your prerequisites, you might have struck gold in this release. Microsoft has created a new Windows Server container image with more components. I do not have a complete list of those components, but you can read what Lars Iwer has to say about it. He specifically mentions:

  • Proofing tools
  • Automated UI tests
  • DirectX

As I read that last item, I instantly wanted to know: “Does that mean GUI apps from within containers?” Well, according to the comments on the announcement, yes*. You just have to use “Session 0”. That means that if you RDP to the container host, you must use the /admin switch with MSTSC. Alternatively, you can use the physical console or an out-of-band console connection application.

Commentary on Windows Server 2019 Insider Preview Build 17709

So far, my experiences with the Windows Server 2019 preview releases have been fairly humdrum. They work as advertised, with the occasional minor glitch. This time, I spent more time than normal and hit several frustration points.

In-Place Upgrade to 17709

Ordinarily, I test preview upgrades in a virtual machine. Sure, I use checkpoints with the intent of reverting if something breaks. But, since I don’t do much in those virtual machines, they always work. So, I never encounter anything to report.

For 17709, I wanted to try out the container stuff, and I wanted to do it on hardware. So, I attempted an in-place upgrade of a physical host. It was disastrous.

Errors While Upgrading

First, I got a grammatically atrocious message that contained false information. I wish that I had saved it so I could share with others that might encounter it, but I must have accidentally my notes. the message started out with “Something happened” (it didn’t say what happened, of course), then asked me to look in an XML file for information. Two problems with that:

  1. I was using a Server Core installation. I realize that I am not authorized to speak on behalf of the world’s Windows administrators, but I bet no one will get at mad at me for saying, “No one in the world wants to read XML files on Server Core.”
  2. The installer didn’t even create the file.

I still have not decided which of those two things irritates me the most. Why in the world would anyone actively decide to build the upgrade tool to behave that way?

Problems While Trying to Figure Out the Error

Well, I’m fairly industrious, so I tried to figure out what was wrong. The installer did not create the XML file that it talked about, but it did create a file called “setuperr.log”. I didn’t keep the entire contents of that file either, but it contained only one line error-wise that seemed to have any information at all: “CallPidGenX: PidGenX function failed on this product key”. Do you know what that means? I don’t know what that means. Do you know what to do about it? I don’t know what to do about it. Is that error even related to my problem? I don’t even know that much.

I didn’t find any other traces or logs with error messages anywhere.

How I Fixed My Upgrade Problem

I began by plugging the error messages into Internet searches. I found only one hit with any useful information. The suggestions were largely useless. But, the guy managed to fix his own problem by removing the system from the domain. How in the world did he get from that error message to disjoining the domain? Guesswork, apparently. Well, I didn’t go quite that far.

My “fix”: remove the host from my Hyper-V cluster. The upgrade worked after that.

Why did I put the word “fix” in quotation marks? Because I can’t tell you that actually fixed the problem. Maybe it was just a coincidence. The upgrade’s error handling and messaging was so horrifically useless that without duplicating the whole thing, I cannot conclusively say that one action resulted in the other. “Correlation is not causation”, as the saying goes.

Feedback for In-Place Upgrades

At some point, I need to find a productive way to express this to Microsoft. But for now, I’m upset and frustrated at how that went. Sure, it only took you a few minutes to read what I had to say. It took much longer for me to retry, poke around, search, and prod at the thing until it worked, and I had no idea that it was ever going to work.

Sure, once the upgrade went through, everything was fine. I’m quite happy with the final product. But if I were even to start thinking about upgrading a production system and I thought that there was even a tiny chance that it would dump me out at the first light with some unintelligible gibberish to start a luck-of-the-draw scavenger hunt, then there is a zero percent chance that I would even attempt an upgrade. Microsoft says that they’re working to improve the in-place upgrade experience, but the evidence I saw led me to believe that they don’t take this seriously at all. XML files? XML files that don’t even get created? Error messages that would have set off 1980s-era grammar checkers? And don’t even mean anything? This is the upgrade experience that Microsoft is anxious to show off? No thanks.

Microsoft: the world wants legible, actionable error messages. The world does not want to go spelunking through log files for vague hints. That’s not just for an upgrade process either. It’s true for every product, every time.

The New Container Image

OK, let’s move on to some (more) positive things. Many of the things that you’ll see in this section have been blatantly stolen from Microsoft’s announcement.

Once my upgrade went through, I immediately started pulling down the new container image. I had a bit of difficulty with that, which Lars Iwer of Microsoft straightened out quickly. If you’re trying it out, you can get the latest image with the following:

Since Insider builds update frequently, you might want to ensure that you only get the build version that matches your host version (if you get a version mismatch, you’ll be forced to run the image under Hyper-V isolation). Lars Iwer provided the following script (stolen verbatim from the previously linked article, I did not write this or modify it):

Trying Out the New Container Image

I was able to easily start up a container and poke around a bit:

Testing out the new functionality was a bit tougher, though. It solves problems that I personally do not have. Searching the Internet for, “example apps that would run in a Windows Server container if Microsoft had included more components” didn’t find anything I could test with either (That was a joke; I didn’t really do that. As far as you know). So, I first wrote a little GUI .Net app in Visual Studio.

*Graphical Applications in the New Container Image

Session 0 does not seem to be able to show GUI apps from the new container image. If you skimmed up to this point and you’re about to tell me that GUI apps don’t show anything from Windows containers, this links back to the (*) text above. The comments section of the announcement article indicate that graphical apps in the new container will display on session 0 of the container host.

I don’t know if I did something wrong, but nothing that I did would show me a GUI from within the new container style. The app ran just fine — it shows up under Get-Process — but it never shows anything. It does exactly the same thing under microsoft/dotnet-framework in Hyper-V isolation mode, though. So, on that front, the only benefit that I could verify was that I did not need to run my .Net app in Hyper-V isolation mode or use a lot of complicated FROM nesting in my dockerfile. Still no GUI, though, and that was part of my goal.

DirectX Applications in the New Container Image

After failing to get my graphical .Net app to display, I next considered DirectX. I personally do not know how to write even a minimal DirectX app. But, I didn’t need to. Microsoft includes the very first DirectX-dependent app that I was ever able to successfully run: dxdiag.

Sadly, dxdiag would not display on session 0 from my container, either. Just as with my .Net app, it appeared in the local process list and docker top. But, no GUI that I could see.

However, dxdiag did run successfully, and would generate an output file:

Notes for anyone trying to duplicate the above:

  • I started this particular container with 
    docker run it mcr.microsoft.com/windowsinsider
  • DXDiag does not instantly create the output file. You have to wait a bit.

Thoughts on the New Container Image

I do wish that I had more experience with containers and the sorts of problems this new image addresses. Without that, I can’t say much more than, “Cool!” Sure, I didn’t personally get the graphical part to work, but a DirectX app from with a container? That’s a big deal.

Overall Thoughts on Windows Server 2019 Preview Build 17709

Outside of the new features, I noticed that they have corrected a few glitchy things from previous builds. I can change settings on network cards in the GUI now and I can type into the Start menu to get Cortana to search for things. You can definitely see changes in the polish and shine as we approach release.

As for the upgrade process, that needs lots of work. If a blocking condition exists, it needs to be caught in the pre-flight checks and show a clear error message. Failing partway into the process with random pseudo-English will extend distrust of upgrading Microsoft operating systems for another decade. Most established shops already have an “install-new-on-new-hardware-and-migrate” process. I certainly follow one. My experience with 17709 tells me that I need to stick with it.

I am excited to see the work being done on containers. I do not personally have any problems that this new image solves, but you can clearly see that customer feedback led directly to its creation. Whether I personally benefit or not, this is a good thing to see.

Overall, I am pleased with the progress and direction of Windows Server 2019. What about you? How do you feel about the latest features? Let me know in the comments below!

At OpenText Enterprise World, security and AI take center stage

OpenText continues to invest in AI and security, as the content services giant showcased where features from recent acquisitions fit into its existing product line at its OpenText Enterprise World user conference.

The latest Pipeline podcast recaps the news and developments from Toronto, including OpenText OT2, the company’s new hybrid cloud/on-premises enterprise information management platform. The new platform brings wanted flexibility while also addressing regulatory concerns with document storage.

“OT2 simplifies for our customers how they invest and make decisions in taking some of their on-premises workflows and [porting] them into a hybrid model or SaaS model into the cloud,” said Muhi Majzoub, OpenText executive vice president of engineering and IT.

Majzoub spoke at OpenText Enterprise World 2018, which also included further updates to how OpenText plans to integrate Guidance Software’s features into its endpoint security offerings following the Guidance’s September 2017 acquisition.

Will the native AI functionality from OpenText compare and keep up? What will be the draw for new customers?
Alan Lepofskyprincipal analyst, Constellation Research

OpenText has a rich history of acquiring companies and using the inherited customer base as an additional revenue or maintenance stream, as content management workflows are often built over decades of complex legacy systems.

But it was clear at OpenText Enterprise World 2018 that the Guidance Software acquisition filled a security gap in OpenText’s offering. One of Guidance’s premier products, EnCase, seems to have useful applications for OpenText users, according to Lalith Subramanian, vice president of engineering for analytics, security and discovery at OpenText.

In addition, OpenText is expanding its reach to Amazon AWS, Microsoft Azure and Google Cloud, but it’s unclear if customers will prefer OpenText offerings to others on the market or if current customers will migrate to public clouds.

“It comes down to: Will customers want to use a general AI platform like Azure, Google, IBM or AWS?” said Alan Lepofsky, principal analyst for Constellation Research. “Will the native AI functionality from OpenText compare and keep up? What will be the draw for new customers?”