Microsoft Systems Center Operations Manager 2012

Microsoft Systems Center 2012

Article 1.3



Systems Center Operations Manager 2012 is used to monitor and alert network administrators when a device, be it a server, desktop, workstation device, application, laptop, etc… is not working properly.  By not working properly, that could mean anything from the application process is slower than benchmark “normal” to a device completely being offline.   This proactive monitoring sends alerts triggered before the device actually fails.  The Systems Center Operations Manager also has the ability to utilize automation by having a proxy system log into a web or application server using stored credentials and validate applications and systems through the whole enterprise.


Systems Center Operations Manager 2012 does an excellent job of monitoring an organizations system operation proactively.  Rather than waiting for system failure, expensive downtime and stopped production, the Systems Center Operations Manager 2012 identifies and tracks systems that are not operational at benchmark levels based on the age and performance of the device.   The Systems Center Operations Manager 2012 notifies IT professionals of devices it identifies as “replaceable” or should be replaced soon as not to fail the system.  Reports are generated automatically that detail the devices reliability based on on-going performance metrics.


Systems Center Operations Manager 2012 doesn’t just monitor the physical servers and their applications, but virtual host servers as well.  As more companies see the fiscal and technical sense it makes to virtualize servers offsite.  Systems Center Operations Manager 2012 was designed to monitor the physical server that hosts the virtual servers and their applications as well.  Systems Center Operations Manager 2012 can detect a potential problem on the physical host problem that impacts the performance of the guest applications.


The beauty of the Systems Center Operations Manager 2012 is that it monitors so well, it can alert the IT professionals when there is slowness or a “sluggish” application running on a client system hosted by the physical server.  When the monitoring viewpoint is a user’s viewpoint, then the value is added exponentially.


From an administrative and compliance viewpoint, Systems Center Operations Manager 2012 does an excellent job of supply supporting documentation to verify to auditors and compliance officers that the organizations Information Technology department meets the regulatory compliance.  The automatic reports can identify measures such as password attempt violations, service-level agreement details, validation of encrypted data access, and much more.


The Systems Center Operations Manager 2012 literally has hundreds of features at an IT professional’s disposal; however there are only nine major features that commonly interest the administrative professionals.

  • Of course, Server and Client system monitoring tops the list.  As the primary function of this program, it is the heartbeat in which other programs rely on .  Using the agent installed, information is sent to the Systems Center Operations Manager 2012 to be tracked, logged, and monitored on a continuous basis.
  • Event Correlation is an advanced feature of Systems Center Operations Manager 2012 that knows when a WAN connection has failed, that all the devices on the other side of the WAN have statuses of “unknown” so instead of sending dozens of alerts notifying the IT department of the “unknown status” of all the devices, it instead sends one urgent notice to advise the system administrator that there is a loss in connectivity.
  • Event log collection has been an important trouble shooting tool since it introduction many years ago.  Systems Center Operations Manager 2012 has the ability to collect the event logs and system logs, consolidate the data, and provide reports on the aggregated information.
  • System Monitoring is more than just noting that the system is operational or not, but also the response time of the system and their applications that run on the system.  Specific applications like SharePoint, SQL servers, and Exchange servers can have customized monitoring per application.
  • Client System monitoring is a newer features that allows the Systems Center Operations Manager 2012 to report on the host server as well as the client workstations in the network.  This client system monitoring assists in managing and supporting critical systems to the productivity of the organization.  That could be the CEO’s laptop or the workstation that serves as the company’s print server.  As long as the device is connected to the network, Systems Center Operations Manager 2012 will monitor and report on that devices’ are the lifeblood of the organization.
  • Application monitoring allows the Systems Center Operations Manager 2012 to monitor specific applications and URL’s, not just to test the operations, but to confirm that the site is performing in the best response time possible.  This next level monitoring confirms the response time and even perform test-user accounts log into the session and validate the data.
  • Service-oriented management is a tool that recognizes redundancy in multiple servers, therefore multiple notifications are not sent is one system triggers a series of events by loss of redundancy.  Based on the service of the machine, the notifications are sent. This management tool verifies that critical applications such as email routing, web hosting, domain authentication, and the like are “in-service”.
  • Service Level Agreement tracking and reporting is an important feature.  Many organizations now have SLA’s regarding specific service levels that must be met in an agreement metric, so if a network service is offline or degrades, then the service level quality is triggered and the SLA is measured.  The report generated allows the system admin to provide additional administrative activity to meet the SLA.
  • Finally, enough cannot be said about the expansive reporting that Systems Center Operations Manager 2012 provides.  Previously, the Systems Center Operations Manager Reports were an “add-on” that most opted out on because they were just unaware of how valuable the data actually is.  With Systems Center Operations Manager 2012, the reports are a click away inside the Systems Center Operations Manager 2012 console.


There are some changes in Systems Center Operations Manager 2012 that most IT administrators should be aware of.  The first is the removal of the Root Management Server.   The workload is split evenly across all management servers in the management group, and this allows hierarchy without the need for clustering or even replication functionality.   The Systems Center Operations Manager 2012 added a Resource Pool to associate the workload, provide network device monitoring, health rollup monitoring and group calculation.  In addition, Systems Center Operations Manager 2012 expands it’s support for UNIX and Linux systems by adding the ability to configure sudo elevation in a RunAs account so that it can perform administrative tasks on specific target systems.


Finally, Systems Center Operations Manager 2012 is a powerful tool that assists network administrators be proactive for their organizations, to address issues before downtime.  Future articles will address benefits of the Systems Center Operations Manager 2012 in much more depth.


PSS Enterprises is proud to offer additional consultation on Systems Center Operations Manager 2012 and how it, in conjunction with the other applications in Microsoft System Center 2012 can assist your organization.


Call 1-800-285-2448 or email to schedule your free consultation today.

Microsoft Systems Center 2012 Article 1.2

Microsoft Systems Center 2012

Article Series 1.2

This article takes a look at the Microsoft System Center Configuration Manager, or SCCM. First, we will discuss the role and features of the product, and then expand a bit on the various new changes made in this version of the software, and what distinguishes it from earlier versions.

The SCCM is the brains of Microsoft’s System Center 2012 Suite. It maintains consistency in system configuration and management by using templates in the individual build process. The templates are used and crafted by IT Professionals to meet the individual needs of their organization. Whether they be security, business or functional application needs, SCCM does it all. To support this organizational structure, SCCM has additional components called Compliance Settings that maintain consistency across various systems and machines by preventing users from updating using unsupported or unique update parameters – a sort of regulatory safeguard for your system.

Next, let’s talk about the features of SCCM. Microsoft offers with this product hundreds of features that IT administrators can use as a part of their configuration to enhance their management practices. While some are more apparent than others, the general major features are as follows:

Operating System Deployment – All computers are based off of an operating system. However, deploying an operating system to all the computers of a vast organization can be quite a trying task. SCCM makes it simple to do by providing all the necessary tools to quickly and easily deploy and operating system as either an imaged installation or as a scripted method of installation.

Patching and Updating – Once an organization’s operating system of choice has been deployed, the work doesn’t stop. SCCM include the mechanism and tools needed to patch and update current systems, improving on the often used Windows Server Update Services tool by providing administrators with a more active patching capabilities. The active update system also conforms to any organization’s needs, forcing system patches, updates and reboots as dictated by the administrator based on policies set and published by the IT department.

Organizational Tools – In order to efficiently and effectively provide system updates and patches, the management tool needs to know what hardware and software each system in a network is running. That’s where SCCM comes in, providing the tools necessary to track the physical and digital assets of the systems it is managing. In addition, SCCM integrates a report generation tool that includes the ability to create personalized and customized reports on practically anything, ranging from asset inventory reports, to patch and update levels of each machine in the entire enterprise. Finally, SCCM also provides compliance management, ensuring that all systems have the same software, drivers, updates, settings and other important information to easily meet the most stringent compliance rules.

Remote Control – In the unfortunate event that a system needs to be serviced, SCCM has a remote-control process that allows the IT Administrator to remotely log in and control any computer either on or off the network with ease, making diagnosing and troubleshooting problems that much easier.

Software Deployment – Even though the operating system deployment will install the base OS itself on a server or client’s system, there are other things that need installations from time to time. An example is applications that need to be managed. SCCM allows and Administrator to effortlessly install, update, and manage software applications on any system, including unique applications configuration and customization.

HTTP and HTTPS Client Connections – An important part of SCCM is it’s ability to provide the simplest and most efficient form of client connections. In most organization’s networks, to manage a system it had to be directly connected to the network for someone to connect to, or someone had to VPN remotely to the network to apply patches and updates. With SCCM, this antiquated mode of support is gone, with a new HTTP and HTTPS connections system in place. This means that a remote system need only be connected to the internet, and it can be reached and provided support and updates from anywhere in the world, connected to the SCCM server through a secure HTTPS tunnel.

When Microsoft’s SCCM first debuted years ago, it left quite a bit to be desired. The interface was unfriendly and unintuitive, and its functionality was limited at best. However, with the current corporate movement towards cloud-based servers and computing, Microsoft has really upped their game and developed a product that vastly improves on its predecessor. Despite being the newest edition, SCCM 2012’s interface has not changed much from it’s 2007 predecessor – many changes were internal to provide the most efficient and feature rich experience possible. Here’s a quick summary of what has changed in the newest release:

New Setup Options – IT Professionals are now given the option of installing additional site system roles, such as Management Points and Distributions Points, during the setup process.

Addition of a central administration site – The newest editions of SCCM has added a new configuration option of setting up Central Administration Site at the root of the SCCM hierarchy. Now, instead of having the Central Site also being the Primary Site for all SCCM roles, the Administration Site is used for reporting and to facilitate communications between primary sites, thus adding the option of an additional layer for administration.

Behind-the-scenes Changes – SCCM now uses database replication to transfer data and update changes of site database content with other sites. It has also removed the need to configure Network Load Balancing Management Points – management points are now automatically set up and configured when they are added to a site.

Elimination of Native vs. Mixed Mode Sites – Both mode sites are no longer distinguished from the other. This means that potentially an organization could communicate with internal Management Points over HTTP while simultaneously requiring external Management Points to connect over HTTPS, providing more flexibility and security.

Elimination of Site Roles – SCCM no longer has system roles for many points, instead including them in a hierarchy with no need to specify a default Management Point.

Security Improvements – The newest version of SCCM provides various security improvements, including the addition of role-based administration to provide organizations with the ability to manage and administer endpoints across an entire enterprise, and improvements in the use of certificates and the introduction of user and device collections.

Microsoft’s System Center Configuration Manager runs it all. From the first steps of deploying an operating system, to managing, updating, and supporting a vast array of systems in an enterprise organization, SCCM makes it simple and easy to do, and PSS can help. We have the experts available to help you move your organization to the next level of efficiency and productivity.

1-800-285-2448 ext 1 (Technical Support)

Microsoft Systems Center 2012

Microsoft Systems Center 2012

Article Series 1.1

Microsoft Systems Center 2012 is a suite of programs from Microsoft that encompass Server management in one easy to use platform.  Prior to the release of this product, IT professionals found themselves managing patching computer systems, imaging workstations, monitoring servers, deploying software manually, backing up systems, and monitoring servers individually.   Now with Microsoft Systems Center 2012, the suite manages all those tasks, under one license.  Standardizing with Microsoft Systems Center 2012 is not only cost effective decision; it is a solid technical integration decision as well.  This article will discuss the important programs that comprise Microsoft Systems Center 2012 and how they are beneficial on all enterprise levels.  This article is the first of the series, and each article will further examine the components of Microsoft Systems Center 2012 and offer best practices as well.

The primary component in Microsoft Systems Center 2012 is System Center Configuration Manager.  This is the building block program that all of the other platforms will expand upon.  The System Center Configuration Manager begins with the ability to image or lay down the base operating system on a server or client-system based on specific guidelines for configuration.  Once the operating system has been installed the Systems Center Configuration Manager continually applies updates and patches to the system as necessary.  This platform also tracks the system inventory and allows IT professionals to maintain system configuration is maintained or edited as the enterprise grows, and has remote-control capabilities.

The Systems Center Operations Manager takes the organizational structure created and developed in the Systems Center Configuration Manager and monitors the on-going health of the system, as well as any applications that are installed and utilized on the system.  Based on specific rules, the SCOM tracks any sequence that falls out of the standard configurations, and notifies the IT professionals immediately to resolve the issue before it becomes a catastrophic mess, saving time, money, and resources that would be used to correct the issue and keep it from escalating.

The Systems Center Data Protection Manager is a god-send to the back-up world.  The Systems Center Data Protection Manager backs up client systems, server file systems, and Exchange databases, SQL databases, Hyper-V guest sessions, SharePoint Data, and all workstations that have Windows 7 and are connected to the network.  Thanks to this program, the organization now has the ability to recover a single file that was lost to restoring a completely dead machine.  Most companies cannot put a price on recovering their email, let alone a machine, or the company server.  With Systems Center Data Protection Manager deployed in the Microsoft Systems Center 2012, the client can completely recreate the network and system with new machines should there be a fire, act of God, or some other horrible event without the loss of data.

The Systems Center Virtual Machine Manager is a way to manager virtual systems.  As more and more companies opt out of having physical servers on location and are moving to virtual servers, clients are looking for a way to manage this process.  The Systems Center Virtual Machine Manager can also transfer fully running physical servers and transfer the operating system, application, and data to a virtual server in an automated physical-to-virtual conversion process.

The Systems Center Service Manager is a product that performs incident management and change control system that is tightly integrated with the Systems Center Operations Manager, Systems Center Configuration Manager, and Systems Center Virtual Machine Manager to take alerts, log problems, inventory information, and track system configurations so that the IT professionals that manage the network, servers, and systems have a healthy “pulse-check” of the enterprise system.  The Systems Center Service Manager brings together management polices and procedures under one platform that the other Systems Center tools use to facilitate day-to-day tasks.

System Center Orchestrator is a customizable run-book that provides graphical and text-based scripting that allows process not typically found in an enterprise environment to be supported by Microsoft Systems Center 2012.  These special processes can be anything from launching a script, processing a report, moving data from one system to another on a scheduled basis, or any of the similar tasks.  The Systems Center Orchestrator handles mundane tasks that can be standardized and triggered to ensure consistency in the operational process.

Microsoft Systems Center 2012 is a dynamic tool for any organization.  With so many benefits, and only one license to implement them, it is a very easy to see why enterprises that have a progressive growth plan for their business are choosing this option.  PSS Enterprises have the experts on staff to get your organization to this next level, protecting valuable data, streamlining processes, and being proactive in your network management.

Contact your local Solutions Specialist for your free network analysis, and let them show you how an amazing product, Microsoft Systems Center 2012, will save you time, money, and trouble in the future.

1-800-285-2448 ext 1 (Technical Support)

Server 2008 R2 Certificates

How do you determine which roles use certificates is not really tricky. The real answer to “What service needs a Cert?” is “all of them.” It is important to understand where to use certificates in Remote Desktop Services (RDS) deployments, and why you use them.

Most roles need to be configured, but some of them won’t like the RD License Server. By default, you’ll need SSL (x.509) certificates at every stage of connecting to a session or hosted virtual machine (VM). There are three main purposes for this: to secure communications between client and server, to confirm the identity of the server or Web site to which the client is connecting, and to sign Remote Desktop Protocol (RDP) files so your users know the RDP file comes from a trusted source and hasn’t been altered.

These are examples of how RDS uses certificates:

  • RD Session Host servers use certificates to prove their identity. This is called server authentication.
  • RD Session Host servers and RD Virtualization Host servers use certificates to set up a secure link between client and server with TLS 1.0.
  • RD Session Host Servers use certificates for client authentication required for Network Level Authentication (NLA), Single Sign-On (SSO) and implementing Web SSO.
  • RD Session Host servers and RD Connection Broker both use an SSL certificate to sign RemoteApps and VM RDP files, assuring users they’re launching a trusted file.
  • RD Gateway servers use certificates to encrypt communications with clients using TLS 1.0.
  • You can secure the RD Web Access site with an SSL certificate to ensure that people are going to a trusted site (HTTPS).

Enabling RDS functionality relies on specific technologies to support the use of certificates

How to Secure the Channel

TLS is the Internet Engineering Task Force (IETF) standard based on SSL version 3, published by Netscape. Some of the enhancements to TLS include new message alerts, the ability to chain certificates to an intermediary Certificate Authority (CA) certificate instead of the root CA certificate, and slightly different encryption algorithms from SSL.

Although TLS is based on SSL, the two are incompatible. TLS can, however, implement a mechanism by which it can fall back to SSL version 3 if necessary. To establish a secure communication channel between a client and server using TLS, the client and server go through a process of messaging, response and encryption.

There are two requirements for this process to work properly.

  • The client must trust the CA that signs the server’s SSL certificate.
  • The connection between server and client must use high-level (by default) or Federal Information Processing Standard (FIPS) encryption. Low-level encryption only encrypts the traffic from client to server, not server to client, so it’s not a secure way to send security capabilities or shared secrets.

If the connection and encryption level meets those two requirements, the client and server establish communication as follows:

  1. The client sends a hello message along with a random fixed-length value. The server responds with a random fixed-length value. During this exchange, the client tells the server the compression methods, ciphers and hashes it supports. It also sends its protocol version and a session ID to the server. The session ID identifies the communi­cation channel—this is not the Session ID on an RD Session Host server.
  2. The server picks the highest encryption method they both support and a cipher and hash function from the client’s list. Then it tells the client which one it has cho­sen. If there’s a minimum level set for the server and the client can’t meet this minimum, the connection will fail.
  3. The server sends its digital certificate to the client. This certificate contains the server’s name, the trusted CA that signed the certificate and the server’s public key.
  4. The client verifies the certificate is valid and trusted. The certificate used to sign the server certificate will be in the client’s Trusted Root Certification Authorities store. Then it creates a pre-master secret, encrypts it with the server’s public key and sends it to the server.
  5. The server receives and decrypts the pre-master secret with its private key. This server is the only one that can do this because it’s the only server with the matching private key.
  6. Both the server and client have the pre-master secret and random numbers exchanged at the beginning of the process. They use these values to generate the 48-byte master secret (also known as the shared secret). After generating the master secret, they delete the pre-master secret.
  7. Both client and server then hash the 48-byte master secret and use it to generate the MAC secret (the session key used for hashing) and the WRITE key (the session key used for encryption). These keys encrypt and decrypt communication for this session. After the session is over, the keys are discarded.

If any step of this sequence doesn’t work, the connection hasn’t been fully secured. What happens then depends on the Advanced tab settings on the Remote Desktop Connec­tion (RDC) client. In the case of authentication failure, a user can choose to do any one of the following:

  • Connect anyway without notifying the client there was a problem authenticating the server.
  • Warn the client, but still allow the connection (the default setting).
  • Deny the connection if it can’t be verified.

The exception is if the server requires a minimum security level. If that’s the case and the client can’t meet the minimum level, the connection will fail. By default, the client and server will negotiate and use the most secure connection settings they both support.

Credential Caching with CredSSP

Credential caching was introduced with Windows Vista and Windows Server 2008. This enables two features—one that helps the user and one that helps protect the server.

Credential caching helps users by storing credentials for a particular connection so they don’t need to provide them every time they connect to that server (this is SSO). This speeds up the connection. Otherwise a brokered connection must be checked at each step.

On the server side, credential caching provides credentials to the server before it establishes a session. This avoids the overhead of a session if the user isn’t authorized (this is NLA).

The piece that makes credential caching work is the Credential Security Service Provider (CredSSP). This is supported by Windows 7, Windows Vista, Windows Server 2008 and Windows XP SP3. It isn’t linked to the version of RDC being used because CredSSP is part of the OS. CredSSP performs the following functions:

  • For NLA, CredSSP provides the framework that authenticates a user to an RD Session Host server before fully establishing the connection.
  • For reconnecting to a session within a farm, CredSSP speeds the process of passing the connection to the correct server by letting the RD Session Host server see who’s logging on without having to create an entire session. This uses NLA in a slightly different scenario.
  • For SSO, CredSSP stores user credentials and passes them to the RD Session Host server to automate logon.

CredSSP enables mutual authentication of the server and client.

This authentication process takes the following steps.

  1. The client initiates a secure channel with the server using TLS. The server passes back the certificate with its name, CA and public key. Only the server is identified. The client remains anonymous at this point.
  2. When the session is established and a session key created, CredSSP uses the Simple and Protected GSS-API Negotiation (SPNEGO) protocol to mutually authenti­cate the server and client. Basically, this mechanism lets the client and server agree on an authentication mechanism they both support, such as Kerberos or Windows NT LAN Manager (NTLM).
  3. After mutual authentication is finished, CredSSP on the client side encrypts the server’s certificate with the session key created during step 2, and sends it to the server. The server receives the encrypted certificate, decrypts it with its private key, and then adds one to the most significant bit of the certificate number. It then encrypts the result and sends it back to the client. The latter operation ensures that no one can intercept the exchange between client and server and spoof the server.
  4. The client reviews the encrypted certificate received from the server and com­pares it to its own certificate.
  5. Assuming the results match, CredSSP on the client side sends the user credentials to the server.

Authenticating Server Identity

One danger of communicating with a remote computer that requires you to supply your credentials is that the server might not be what you think. If it’s a rogue server impersonating a trusted one, you could inadvertently type your credentials into the wrong server. This would give attackers everything they need to connect to your domain or server.

RDP includes encryption, but the protocol doesn’t have any means to authenticate the server. That’s where TLS and CredSSP come in. Server Authentication checks the name you enter in the RDC client (or RDP file) against the name issued in the certificate specified in the RD Configuration Tool on the RD Session Host server to which it’s connected.

Signing RDP Files

You can use certificates to digitally sign RemoteApp files, as well as RDP files used to connect to a pooled or personal VM (VDI). Signing these files assures the user they were created by a trusted source. It also secures the RDP file from tampering.

Signing RemoteApp files is also required for implementing Web SSO. This lets users sign in once to the RD Web Access Web site. Then they can launch RemoteApps from any farm without having to provide their credentials again.

CredSSP can’t pass credentials to RD Web Access. The user must first log in to the Web site to store their credentials. Then they won’t need to authenticate again to start RemoteApp programs. For this to work, the RemoteApps must be signed and the user must trust the certificate used to sign the RemoteApp.

RDP files created when a user launches an RDP connection from the RD Web Access Desktops tab are created on the fly. The files aren’t signed. Therefore, Web SSO won’t work when connecting to desktops. The user will have to log in to the endpoint once the connection is established. Web SSO also won’t work for connections to pooled or personal VMs.

Contact PSS Enterprises today for a free evaluation of your server.  1-800-285-2448 or to get more information about Win Server 2008.



If your computer operates on Windows XP, read this IMMEDIATELY!

As of April 8th, 2014, Microsoft will no longer support the XP operating systems.  What does that mean to those who currently have and use XP on a daily basis?   The short answer is that on April 9th, 2014 a computer operating on XP is a computer that is now the figurative open gate to your business network.  Basically unsupported means unsecured.  There are no security measures that will protect your system if you are still operating the XP after the cutoff date of 4/8/14.   This will compromise any transaction performed, violate regulatory statues, allow access to sensitive data such as personnel files, and is a gateway to your servers.


Just as we are preparing for this change, be aware that hackers are busy preparing as well. Our industry is preparing for a flood of viruses, malware, phishing programs, and hackers to compromise those who did not take the precautions and upgrade their system to Windows 7.   Sadly, there will be those unprepared that will suffer untold issues as a result of not taking a few precautionary measures and a upgrade.


PSS Enterprises will be sending teams to our clients who are still operating on XP.  We will be evaluating current applications, hardware, and peripherals that the user operates.   We then run compatibility checks for the applications, hardware, and peripherals.  After analysis, a course of action will be charted for the upgrade.


Please be aware that deployment is not and does not have to be expensive.  Taking measurements now will offset those costs.  Be aware there is no way to directly migrate from XP to Windows 7.  However, PSS Enterprises uses an advanced migration tool to streamline and deploy the new operating system, making the transition a seamless as possible.


CALL OR EMAIL  TODAY to begin your migration process.  The industry standard for upgrading a system from XP to Vista to Win7 is about 12-18 months.

Email us at or give us a call at 1-800-285-2448 option 1 for technical support.



Application Server Role

Application Server is an expanded server role in the Windows Server® 2008 operating system. The new version of Application Server provides an integrated environment for deploying and running custom, server-based business applications. These applications respond to requests that arrive over the network from remote client computers or from other applications. Typically, applications that are deployed and run on Application Server take advantage of one or more of the following:
• Internet Information Services (IIS) (the Hypertext Transfer Protocol (HTTP) server that is built into Windows Server)
• Microsoft® .NET Framework versions 3.0 and 2.0. (If you have applications that are built with the .NET Framework 3.5, you can download and install the .NET Framework 3.5 onto the operating system.)
• COM+
• Message Queuing
• Web services that are built with Windows Communication Foundation (WCF)
We recommend that you use the Application Server role when Windows Server 2008 runs applications that depend on role services or features that are part of the integrated Application Server role and that you select during the installation process. An example might be a specific configuration of Microsoft BizTalk® Server that uses a set of role services or features that are part of the Application Server environment.
Typically, the Application Server role is recommended when you are deploying a business application that was developed within your organization (or developed by an independent software vendor (ISV) for your organization) and when the developer has indicated that specific role services are required. For example, your organization may have an order-processing application that accesses customer records that are stored in a database. The application accesses the customer information through a set of WCF Web services. In this case, you can configure one Windows Server 2008 computer as an application server, and you can install the database on the same computer or on a different computer.
Not every server application benefits from the installation of the Application Server role. For example, the Application Server role is not necessary to support Microsoft Exchange Server or Microsoft SQL Server on Windows Server 2008.
To determine if the Application Server role is useful for running your organization’s business applications, have your administrators work closely with the application’s developers to understand the requirements of the application, for example, whether it uses the .NET Framework 3.0 or COM+ components.
What does Application Server do?
Application Server provides the following:
• A runtime that supports effective deployment and management of high-performance server-based business applications. These applications are able to service requests from remote client systems, including Web browsers connecting from the public Internet or from a corporate network or intranet, and remote computer systems that may send requests as messages.
• The .NET Framework 3.0, which provides developers with a simplified programming model for connected server applications. Developers can use the built-in .NET Framework libraries for many application functions, including input/output (I/O), numerical and text processing, database access, XML processing, transaction control, workflow, and Web services. For system administrators, the .NET Framework provides a secure and high-performance execution runtime for server-based applications, as well as a simplified application configuration and deployment environment.
• Windows Server 2008 installation by means of a new, user-friendly Add Roles Wizard that helps you choose the role services and features that are necessary to run your applications. The Add Roles Wizard automatically installs all features that are necessary for a given role service and makes it easier for you to set up and provision a computer as an application server for your business applications.
Who will be interested in this role?
This information about the Application Server role is primarily for information technology (IT) professionals who are responsible for deploying and maintaining an organization’s line-of-business (LOB) applications. LOB applications are typically developed in your organization or for your organization.
An application server environment consists of one or more servers running Windows Server 2008 that are configured with the Application Server role. This includes servers that do the following:
• Host applications that are built with the .NET Framework 3.0
• Host applications that are built to use COM+, Message Queuing, Web services, and distributed transactions
• Connect to an intranet or to the Internet to exchange information
• Host applications that expose or consume Web services
• Host applications that expose Web pages
• Interoperate with other remote systems running on disparate platforms and operating systems
An extended Application Server environment can also include the following:
• Domain-joined client computers and their users
• Computers that are used primarily for management of the application servers
• Infrastructure servers that run resources, such as Active Directory Domain Services (AD DS) or other Lightweight Directory Access Protocol (LDAP) repositories, Certificate Services, security gateways, process servers, integration servers, application or data gateways, or databases
What new functionality does this role provide?
The new, expanded version of the Application Server role is installed through the Add Roles Wizard in Server Manager. Administrators who have LOB applications that are built with the .NET Framework 3.0 may discover that setting up a hosting environment for these applications is simpler with this server role. The Add Roles Wizard guides the administrator through the process of selecting the role services or supporting features that are available in this role and may be necessary to run specific LOB applications.
Application Server Foundation
Application Server Foundation is the group of technologies that are installed by default when you install the Application Server role. Essentially, Application Server Foundation is the .NET Framework 3.0. (If you have applications that are built with the .NET Framework 3.5, you can download and install the .NET Framework 3.5 onto the operating system.)
Windows Server 2008 includes the .NET Framework 2.0, regardless of any server role that is installed. The .NET Framework 2.0 contains the Common Language Runtime (CLR), which provides a code-execution environment that promotes safe execution of code, simplified code deployment, and support for interoperability of multiple languages, as well as extensive libraries for building applications.
The key components of Application Server Foundation are installed as a set of code libraries and .NET assemblies. The following are the key components of Application Server Foundation:
• Windows Communication Foundation (WCF)
• Windows Workflow Foundation (WF)
• Windows Presentation Foundation (WPF)
WCF is the Microsoft unified programming model for building connected applications that use Web services to communicate with each other. These applications are also known as service-oriented applications (SOA), and they are becoming increasingly more important for business. Developers can use WCF to build SOA applications that employ secure, reliable, transacted Web services that communicate across platforms and interoperate with existing systems and applications in your organization.
WCF enables developers to compose or combine the various technologies that are available today for building distributed applications (COM+ and .NET Enterprise services, Message Queuing, .NET Remoting, ASP.NET Web Services, and Web Services Enhancements (WSE)) in ways that make sense for your organization’s business needs and computing environment.
WF is the programming model and engine for building workflow-enabled applications quickly on Windows Server 2008. A workflow is a set of activities that describe a real-world process, such as an order-purchasing process. A workflow is commonly described and viewed graphically—something like a flowchart. The description of the workflow is often called “the model.” Work items pass through the workflow model from start to finish.
Work items or activities within the model can be executed by people or by systems or computers. While it is possible to describe a workflow in traditional programming languages as a series of steps and conditions, for more complex workflows or workflows that support simpler revisions, designing the workflow graphically and storing that design as a model is typically much more appropriate and flexible.
WF supports system workflow and human workflow across a variety of scenarios, including the following:
• Workflow in LOB applications
• The sequential flow of screens, pages, and dialog boxes as presented to the user in response to the user’s interaction with the user interface (UI)
• Document-centric workflow, for example, the processing of a purchase order or a medical record
• Human workflow interaction, such as sending e-mail to a business client and receiving e-mail from the client
• Composite workflow for SOA
• Business-rule-driven workflow, for example: “On a Monday at 17:00, send an update catalogue request to business partners.”
• Workflow for systems management
What works differently?
Although there is an Application Server role in Windows Server 2003, the new, expanded Application Server role that is available in Windows Server 2008 is not simply an upgrade from the application server configuration tool that is included in Windows Server 2003 or an earlier operating system. Because the role functionality is completely new, administrators should be aware that there is no migration path for the Application Server configuration tool from Windows Server 2003 or earlier operating systems.
How do I resolve these issues?
If you upgrade your server to Windows Server 2008 from Windows Server 2003 or an earlier operating system, and you want to use the capabilities of the Application Server role, you must reinstall the Application Server role by using the Add Roles Wizard in Server Manager. As long as you configure Windows Server 2008 with the correct application services by using the Add Roles Wizard in Server Manager, you can easily move your applications from Windows Server 2003 to Windows Server 2008.
When should I use the Application Server role?
If the server-based LOB applications that you need to deploy and manage require one or more of the following technologies: Microsoft .NET Framework 3.0, Message Queuing, COM+, or distributed transactions, consider configuring your server in the Application Server role.

PSS Enterprises offers full evaluation and consultation on all server operating systems, migrations, and upgrades. Call today for a full evaluation at 1-800-285-2448 or email us at for an appointment.

**Article reprint with permission**

7 Things to Do Before 2012…

The end of 2011 is close at hand, and gets closer every minute.  PSS Enterprises wants to provide you with some last minute things to do for 2011 and help you prepare for 2012.  Here is a quick list that should be done before celebrating the New Year!


Review insurance policies. 

Often insurance policies are set up and then put to the side, forgotten, until something bad happens. Take some time to carefully review all your policies with your agent, so important questions that arise can be answered in plain English on the spot. Insurance isn’t the most exciting subject in the world, but making sure there is adequate coverage now could save a lot of money later. This is especially important if changes have taken place in your company during the past year that affects your liability. Be proactive, have a declarations page ready in a PDF and save it to the server, should any clients ask.


Review marketing campaigns.

The end of the year is a great time to take a look at which marketing efforts are driving business and which aren’t. Don’t hesitate to make changes if current efforts aren’t paying off. Keep in mind that a lot of ads will automatically renew, so there is an ad in your portfolio you don’t think is helping the business, you’ll want to make a change before committing to running it for another year.


Review all vendor contracts.

Take a close look at how much business is being done with each vendor. Are you getting the best rates based on how much work is being done together? Is the relationship mutually beneficial? If not, don’t be afraid to make a change. On the other hand, if you’re happy with your vendors, tell them! Let vendors know you want to create a great relationship with them. They’ll appreciate that you’re taking the time to make sure they’re happy in the relationship, too. Let them know you want to be their favorite customer.


Review all systems from top to bottom.

Carefully examine what’s working and what’s not. Decide where the problems are, and figure out what can be fixed. A system review can be an eye-opening experience –and users are surprised to find their work has fallen into habits that are hindering them from being more productive.  PSS Enterprises has a comprehensive system review process that documents current technology uses and suggests what changes are necessary to provide a successful 2012.


Overhaul the website. 

In the same way that retail stores move around their floor sets, make changes to the website to keep people coming back. Make sure all information is updated, and post any articles that have recently mentioned anything related to the industry.  Set all homepages to, so help is just a click away when deciding to have the website updated!


Consider technology upgrades.

If you need new computers or a new phone system to help things run more smoothly, the end of the year is a great time to make those upgrades. A new computer, phone system or other technology upgrade can make a huge difference in the daily lives of employees by enabling them to spend less time attending to such problems as computer crashes or attending to voicemails and focus more attention on the things that really matter.  PSS Enterprises offers training with all new technology upgrades!


Make 2012 a year to remember.  Last but not least, make an appointment with the solutions specialists at PSS Enterprises to schedule a time for a certified expert to look at technology systems, telephony systems, or create a support structure for users.  Just call 1-800-285-2448 or email us at and we will contact you!


Take a moment to check out our favorite company: MVP-Graphics!  They make us look good!


Voice, Data, and Wireless in One Box- Exemplary Unifed Communications

Looking for an affordable unified communications appliance that provides voice, data, voice-mail, Automated Attendant, video, security, and wireless capabilities while integrating with existing desktop applications such as calendar, email, and other third-party applications, look no further than the Cisco 520 system. This easy-to-manage platform can support up to 64 phones and voice mailboxes and provides flexible deployment options based on needs – a wide array of IP phones, public switched telephone network (PSTN) interfaces, and Internet connectivity.

Components of the Cisco Unified Communications 520 include:
• Cisco Unified Communications Manager Express for call processing of Cisco Unified IP Phones, providing a phone system rich in features
• Cisco Unity® Express for voice messaging and Automated Attendant, to help improve communication among employees and with customers
• An integrated 8-port Power over Ethernet (PoE) local-area network (LAN) switch
• Network security functions including Cisco IOS® Firewall, which protects the wide-area network (WAN) entry point into your network, and virtual private network (VPN), which gives up to 10 remote users highly secure access to your network
• Optional integrated wireless LAN (WLAN) capability on some models or external access points and Cisco Wireless LAN Controller Modules, to enable mobile networking, which can help increase employee flexibility and productivity
• Cisco Configuration Assistant so you can easily configure devices and technologies including unified communications (phones and software), switching, routing, security, and wireless
• Optional remote system-monitoring capabilities

As a key component of the Cisco Unified Communications 520, Cisco Unified IP Phones and communications devices are designed to take full advantage of converged voice and data networks. These devices offer the convenience and user friendliness found in business phones, and can help improve productivity by meeting the needs of different users throughout your organization.

We recommend the Cisco Unified IP Phone 7900 Series that offers the following:
• IP phones with LCD displays, including dynamic soft keys for call features and functions
• A range of wireless, conference, and desktop phones to choose from
• Support for Cisco and third-party XML and MIDlet applications

This system is more than just a phone system. A router, wireless access capabilities, and voice contained in one easy to manage box. Backed by CISCO, this is reliable technology that PSS Enterprises would like to tell you more about.

Call today for a free consultation regarding current phone systems, needs, and forecast growth. 1-800-285-2448 option 1, or email at


Take a moment to check out our favorite company: MVP-Graphics!  They make us look good!

Need to increase productivity and cut costs? PSS Enterprises has your solution.

2010 is quickly closing and 2011 is upon us.  Prepare to have a spectactular 2011 by having resources in place for success!  Paying an overpriced IT guy to play games all day until something breaks?  Have an HR person doing nothing until open enrollment except spread holiday gossip?  Struggling to put the finishing touches of the budget for 2011, having too many variables or unknowns due to 2010’s roller-coaster?  PSS Enterprises prides themselves on exceeding their clients expectations.  We want to be a member of your team, working to grow and develop your business without draining all the resources. PSS Enterprises has several business to business solutions to assist small and medium sized business owners in these tough times. Technology, Human Resources, Accounting, SEO, Websites, and more.  How can we help you today?

Denton IT is PSS Enterprises’ Technology Department.  Denton IT offers a range of services from outsourcing technical support to on-site resolutions.  Upgrades, Server maintenance, PBX, Unified Communications, IP Telephony, VoIP, Cabling, Security, and much more. Call for your free technology/productivity assessment. 1-800-285-2448

PNK Box- Denton IT is the proud creator of the PNK Box, the Ultimate Threat Management Gateway. This product will protect one of the most costly assets of any business, the technology at the internet gateway level.  Fend off vicious spyware, malware, viruses, SPAM, and everything else that is trying to take your company down.  Control employee productivity and protect your company from lawsuits by blocking inappropriate websites.  Interested? Go to and click to talk to an online tech right now!

PSS Enterprises offers great outsourcing for Human Resources, OSHA compliance, A/R Management and Property Management.  Instead of paying full price for employee overhead, see what outsourcing can save you. Mention “PowerPaks” for our discount services. Call 1-800-285-2448 today and let a solutions specialist walk you through the money saving process.



Take a moment to check out our favorite company: MVP-Graphics!  They make us look good!

Posted in Uncategorized