ASP.NET Padding Oracle Fix and Risks

As most SharePoint, security and .NET professionals will know by now, a hotfix for the Padding Oracle vulnerability in ASP.NET was released out-of-band on Tuesday. A live TechNet Webcast with a Q&A was held with Dave Forstrom, Director, Response Communications and Dustin Childs, Senior Security Manager. I’ve put together these rough notes from that webcast, as I think this information needs to reach a wider audience.

This is intended to be a (very) rough guide to the webcast content, and I make no claims about the accuracy – I’ve purely attempted to repeat a small portion of what was discussed on the webcast – some of which was covered very quickly. If any of this is of particular interest, I suggest watching the webcast. I’m primarily interested in motivating people to apply the patch while repeating some of the considerations that should be… considered before doing so.

Continue reading “ASP.NET Padding Oracle Fix and Risks”

Publishing a network-isolated virtual machine with RemoteApp

To understand the development environment design choices that this article pertains to, it may be worth glancing at the design section of my SharePoint development series before diving in, if you haven’t already followed those posts.

Cloning isolated VMs vs. scripted installation

One of the challenges we’ve always faced with SharePoint development has been the tension between cloning actually identical environments versus automating the deployment across distinct environments (or worse, repeating the installation manually). In the first case we save time by eliminating reconfiguration and this ensures a consistent experience for each user. This is particularly beneficial for software development. These benefits can also be obtained by scripting installation/configuration/deployment but there’s a considerable overhead associated with developing and testing those scripts. As SharePoint 2010 is still quite new and we’ve been working on projects for some time now, we didn’t have the luxury of waiting for those refinements and we needed to take advantage of these efficiencies as we had done with SharePoint 2007 projects.

Continue reading “Publishing a network-isolated virtual machine with RemoteApp”

SharePoint Server 2007 cross-domain farm topologies

I’ve recently been involved in MOSS 2007 farm topology discussions with a client that was interested in using the Split back-to-back topology. After a lengthy troubleshooting and escalation process we’ve identified some problems with this TechNet extranet farm topology guidance in conjunction with Microsoft Tier 2 support. In short, the TechNet document identifies some supported topologies that span domains, but this incident has raised questions about:

  • The acceptable placement of server roles in those topologies.
  • Supported domain trust directions.
  • Alternate Access Mappings requirements.
  • Picking people from other domains.

This is an account of the relevant issues and the steps that we took to reach our conclusions. Continue reading “SharePoint Server 2007 cross-domain farm topologies”

Building a SharePoint 2007/2010 development environment – Part VI: Issues and Results

In the first five parts of this series I covered the project objectives and the system design, then turned my attention to the Hyper-V host image build, automated deployment and the guest virtual machine build. In this post I review some of the questions and issues we’ve encountered after a few months of working this way and some overall reflections on the approach. Continue reading “Building a SharePoint 2007/2010 development environment — Part VI: Issues and Results”

Building a SharePoint 2007/2010 development environment – Part V: Guest Build

In the first four parts of this series I covered the project objectives and the system design, then turned my attention to the Hyper-V host image build and automated deployment. In this post I describe a SharePoint 2007 virtual machine build.

Where’s the SharePoint 2010 build?

In short, we’re working on it. I’ve produced a new SharePoint 2010 beta virtual machine for this environment but we’re not yet ready to publish build guidance. Stay tuned. Additionally… Continue reading “Building a SharePoint 2007/2010 development environment — Part V: Guest Build”

Building a SharePoint 2007/2010 development environment – Part IV: Automated deployment

In the first three parts of this series I covered the project objectives and the system design, then turned my attention to the Hyper-V host image build. In this section I will look at automating deployment of that host operating system. This is lengthy, but there’s a lot to cover.

Continue reading “Building a SharePoint 2007/2010 development environment — Part IV: Automated deployment”

NewSID myth implications for SharePoint development

It’s now a week on from Mark Russinovich’s NewSID retirement announcement and I’ve been watching the feedback since. To give a brief overview, it’s long been a tenant of machine cloning processes that a new machine SID should be generated for each clone in order to prevent  conflicts. Mark Russinovich wrote the original NewSID tool for Windows NT and as a Microsoft Technical Fellow today, he supposed that it might not be needed anymore and investigated the implications of retiring it. Obviously, if you haven’t read it yet and you work with machine cloning, you should read the article, but if you haven’t found the time to sift through the 168 comments (and counting), this summary might help clarify things:

Continue reading “NewSID myth implications for SharePoint development”

Building a SharePoint 2007/2010 development environment – Part III: Host image build and performance benchmarks

Having agreed the project objectives and designed the system, I turned my attention to the Hyper-V host image build. This is a high-level build guide with start-up time and baseline memory consumption benchmarks at key milestones. These benchmark figures were taken from the Windows Server 2008 R2 Release Candidate build and are admittedly a bit imprecise. However, they do provide an overall indication of system performance as things were added to and removed from the installation. Although I do not have precise figures on RTM improvements, I spot-checked a few of these benchmarks when I rebuilt the system on RTM. Start-up times improved slightly at each milestone. In fact, the final benchmarks came in at 100MB less idle memory used in the RTM release. Continue reading “Building a SharePoint 2007/2010 development environment — Part III: Host image build and performance benchmarks”

Building a SharePoint 2007/2010 development environment – Part II: Design

In the first part of this series, I introduced the pros and cons of various SharePoint development approaches and the objectives of this system redesign. In this part I will focus on design choices and conclusions, starting with the core technology.

Why we’ve chosen Hyper-V

There are broadly five decisive factors: performance, management features (like snapshots), cost, 64-bit OS support and a full host OS (not just a virtualisation administration console): Continue reading “Building a SharePoint 2007/2010 development environment — Part II: Design”

Building a SharePoint 2007/2010 development environment – Part I: Introduction and Objectives

As I’ve alluded to a few times in this blog, over the last few months I’ve led the consultancy and system design for a SharePoint 2007/2010 development environment built on Hyper-V in Windows Server 2008 R2. This series of six posts will reveal the key decisions and will consolidate recommendations from a broad range of research and guidance. This first post offers a technology-agnostic introduction to the problem, pros and cons of alternative approaches and what we hoped to achieve with the new approach. The design decisions will be covered in more detail in the second post, followed by a deeper look at detailed build guidance. Continue reading “Building a SharePoint 2007/2010 development environment — Part I: Introduction and Objectives”