Microsoft “Geneva”: Single Sign On & Online Services

Microsoft Geneva:

“provides companies with simplified user access and single sign-on, for on-premises and cloud-based applications in the enterprise, across organizations, and on the Web to facilitate collaboration, increase security and reduce cost.”


There are 3 components to Geneva which now have more official names:

Geneva Framework = Windows Identity Foundation: provides developers pre-built .NET security logic for building claims-aware applications

Geneva Server = Active Directory Federation Services (ADFS) 2.0: a security token service (STS) for issuing and transforming claims, enabling federations, and managing user access

Geneva Cardspace = Windows Cardspace: helps users navigate access decisions

The aim of Geneva is to provide a true “Single Sign On” (SSO) experience to users across the various platforms that they come across, be they corporate and/or personal.

For example, once a user is logged in with their corporate domain credentials they could then access Microsoft Online Services such as Hotmail, MSDN, LiveSpaces etc; without being prompted to enter their @hotmail/@live credentials. All this requires is 1 Geneva Server and a Windows Live Tool currently called “Microsoft Online Services Federation Utility”.

Federation Gateway

The Microsoft Federation Gateway is a cloud based identity service, that extends beyond your corporate domain out into the internet. This is the hub for all the connections users want to make to external MS technologies, be it Azure, Live or BPOS (MS use CRM Online as an example on the MSDN site).


The above shows the federation of identities between partners. An example of how the data flows between the different points of the SSO setup can be seen below:


You can find more information about the Microsoft Federation Gateway on MSDN here.

A slide from PDC 2008 showed an example of Geneva working with a BPOS component for the US:


The full 1hour+ video of the “Identity Roadmap for Software + Services” presentation video from PDC 2008 can be viewed here on Channel 9.

I know that BPOS, Microsoft’s hosted offerings of Exchange & Sharepoint (among others) will start using ADFS 2.0 at some stage next year. Most likely when the 2010 versions are deployed to the cloud, which I expect to be around late calendar Q3 so August/September. This is where I’m particularly keen to see what Geneva can do for SSO…it should make it pretty much seamless for corporate users whether they’re accessing on-site applications such as Exchange, their Online brethren, custom developed applications, hotmail, MSDN and more…and that will be excellent!

I use a variety of different MS Online Services and have at least 3 different logins for them…I’ll be interested to see if Geneva can look after that for me :-) BPOS currently comes with a separate SSO client which needs to be installed for each user and comes with it’s own unique set of issues, so having a corporate wide SSO would definitely be better. Also, you currently need to re-enter your details for OWA with BPOS as it’s on an HTTPS connection…I assume Geneva would remove that need?

Some great technical documents, step-by-step guides and Virtual Machine demos of Geneva can be found on the Technet site here.

PDC 2008 Wrap Up

I think we can all agree that the PDC 2008 was pretty special. Azure, Windows 7, Office Web, Azure Services, Live Mesh..the list goes on. The sheer amount of information given out at these conferences often means that we miss bits that are interesting and/or pertinent to our jobs & lives (this was certainly the case when I was at the WPC in Houston!).

Fear not, as Mike Swanson over at MSDN Blogs has put together a wonderful collection of all the Keynotes and sessions, and where possible he’s included the Powerpoints and sample code!

Some of the sessions I’m glad to see are below. The main links go to the video on Channel9, the Powerpoint link will download the .pptx presentation.

A lap around the Azure Services Platform (Powerpoint)

Microsoft Office Communications Server & Exchange: Platform Futures (Powerpoint)

Office Communications Server R2: Enabling Unified Communications (Powerpoint)

Microsoft Silverlight 2 for Mobile: Developing for Mobile Devices (Powerpoint)

The whole, wonderful list can be found here. There are countless sessions on SQL, Azure, .NET, Windows 7 and more!

I really want to give a big thank you to Mike for doing this..there are sooo many sessions on there I didn’t know about that are really interesting and useful!

Microsoft after PDC 2008

Where is Microsoft after this year’s PDC Conference?

I think Microsoft is in a very strong position-at the head of many points of the market, and hot on the heels of the leaders in others..Cloud computing, Web applications, Desktop OS, Collaboration and more..

Windows Azure & Windows 7 have had a massive amount of buzz around them, and it nearly all seems to be good! I’ve got a few colleagues in the “Anti-Vista” camp but even they are cautiously optimistic about what Win7 will bring us…I am ridiculously excited and everyone else is looking forward to it :-)

Azure instantly puts MS in the top 3 players in the Cloud space, and I don’t think it will be long before the No.1 spot is theirs.

Office Web Apps shows that Microsoft ARE taking the web seriously and as an answer to Google, it’s a pretty good one! This will bring online apps to a whole new section of users..I don’t use Google Apps for many reasons..but I’ll definitely use Office Web…

Live Mesh was another big part of PDC 2008 and this could seriously make peoples lives easier, faster and more fulfilling…if it’s executed correctly. Mesh isn’t a huge concern for me personally (at the moment) but could be important for so many others.

All in all I think the most important thing that PDC 2008 has done is breathe new life into Microsoft, it’s partner eco-system and the end users, who let’s face it are the ones that REALLY matter! People once again believe in Microsoft, are excited by Microsoft and dare I say it, people LIKE Microsoft!!! :-)

As Steve Clayton says, this really is Microsoft 3.0.

So hats off to Bill, Steve(s), Ray and the 1000’s of others who have helped with this and long may it continue!

Windows 7 Features Announced

A number of Windows 7 features have been announced today (28/10/08) at the Microsoft PDC 2008. The vast majority of the features we saw today were for the consumer but fear not, Microsoft promise there are numerous Enterprise related additions too! These include:

  • Federated Search: Deliver a consistent experience finding file across PCs, networks, and Microsoft Office SharePoint Server systems.
  • DirectAccess: To link users to corporate resources from the road without a virtual private network.
  • BranchCache: To make it faster to open files and Web pages from a branch office.
  • Bitlocker ToGo: Data protection for removable devices.
  • Refined Universal Access Control: To give fewer prompts for users and more flexibility for IT.
  • PowerShell and group policy management.
  • Client virtualization: With virtual desktop infrastructure enhancements, to improve memory utilization and user experience.
  • Device Center: To provide a single place to access all connected and wireless devices with Device Stage, to see status and run common tasks from a single window.
  • HomeGroup: To make it easier to share media, documents, and printers across multiple PCs in offices without a domain.

Direct Access:

“DirectAccess in Windows 7 and Windows Server 2008 R2 enhances the productivity of mobile workers by connecting them seamlessly and more securely to their corporate network any time they have Internet access—without the need to VPN.”

Anything that means we don’t need to use VPN’s is brilliant! I find they rarely work as well as end users need them to and they can make a System Admin’s life difficult, so removing VPN’s could be enough to make the detractors forget all about Vista!

“With DirectAccess, IT administrators can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on.”

“To keep data safer as it travels public networks, DirectAccess uses IPv6-over-IPsec to encrypt communications transmitted across the Internet. DirectAccess can use split-tunnel routing, which reduces unnecessary traffic on the corporate network by sending only traffic destined for the corporate network through the DirectAccess server (running Windows Server 2008 R2)…”

Bitlocker To Go:

With all the lost data flying around these days, BitLocker To Go extends the proven BitLocker technology to removable USB devices, securing them with a passphrase. “In addition to having control over passphrase length and complexity, IT administrators can require users to apply BitLocker protection to removable drives before being able to write to them”.

Administrators can still allow unsecured USB devices to be used in a Read-Only mode and policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device.

A related addition is AppLocker which is “a flexible, easy-to-use mechanism that enables IT professionals to specify exactly what is allowed to run on user desktops.” It uses “publisher rules” that are based on digital signatures so, with correctly structured rules, you can deploy updates etc without having to create new rules.

Virtualization Enhancements

Virtual Desktop Infrastructire (VDI) in Windows 7 is closer to the experience of a local PC now with support for Aero, video viewing in Media Player 11 and multiple monitor configurations. New microphone support enables remote desktops running WIndows 7 Enterprise to provide VOIP & speech recognition functionality. Last, but by no means least, is Easy Print which allows users to print to local printers without installing drivers on the server.

You can see more info on the Microsoft site here.

The guys over at ActiveWin have got a great, in-depth review of the Windows 7, M3 Preview which contains any number of screenshots and a whole host of info. Some of the bits that caught my eye were:

Location Aware Printing:

In Windows 7, you no longer need to select the printer to match your location. When you change network locations, such as taking your work laptop home for the evening, the default printer setting can change to reflect the best printer for that new location. When you print at work, Windows 7 will print to your work printer. When you print at home, Windows 7 will automatically select and use your home printer.

Media Player 12 will ship with Windows 7 and according to ActiveWin: “this new version features radical changes to its menu structure, with some menus positioned on the left and right sides of the interface…and features two thick toolbars of controls, the second one focusing on traditional features such as Organization, Sharing, Playlist and Search…Common media formats supported include WMV, WMA, MPEG-4, AAC and AVC/H.264.”

Ultra Wideband (UWB) and Wireless USB (WUSB):

UWB and WUSB are new technologies that provide wireless alternatives to USB cables. Support for UWB and WUSB in Windows 7 lets you take advantage of new wireless devices and wireless USB hubs.

Libraries also seem like a really cool multimedia feature. I’m forever duplicating files as I can’t find where I saved them, creating numerous folders in different places all with the same names and finally just keeping stuff on my desktop so I don’t lose it. None of this leads to a brilliant user experience at home or at work and this is where Windows 7 libraries come in.

With Libraries, you can not only organize, but view and manage files that that are stored in more than once place. This reduces the need to view files even when they are stored in different folders. Libraries are so powerful that they even span different disk drives and/or PCs on your home network. There are a range of options for organizing and browsing, by type, date taken or genre depending on the file type.”

On top of this, there is the already well known addition of touch and multi touch capabilities to Windows 7. If you’ve got a touchscreen monitor, or more likely a Tablet PC, you can open things from the Start Menu etc by pressing them. MultiTouch will let you zoom in and out on images by moving 2 fingers together/apart as needed and more..

Another new feature of Windows 7 will be the ability to re-order applications on the taskbar…I think this is awesome! This is one of those little things that has annoyed me for years and will finally be gone. I have a certain order that I like my applications to be in and I always have Outlook as the first program. However at the minute if I have to re-start Outlook it ends up buried on my Taskbar between to IE windows or something..and then it takes me a little while each time I need to go back Outlook.

I’ve asked around the office and this addition is met with unanimous approval!

Something else I’ve just seen on is that you can schedule desktop background changes with WIndows 7, I think that’s quite a neat touch!

Over at ZDNet, Ed Bott has got a great gallery of Windows 7 Screenshots which you can find here. Below is a shot of the desktop which shows another new feature, that gadgets are no longer confined to that bar on the right hand they can reside anywhere on the desktop :-)

Windows 7 Desktop

Windows 7 Desktop


Microsoft Office Web Applications

Microsoft Office Web Applications has been announced today (27/10/08) at the Microsoft PDC 2008.

This is awesome!! Microsoft Office is coming to the Browser to compete directly with Google Apps et al, and will work across browsers including IE (obviously), FireFox & Safari for the editing and creation of Word, Excel, PowerPoint & OneNote documents. The aim is to provide an easier, more consistent experience for users across all  their various access pc, home pc, laptop, mobile device etc..

Office Web apps will be made available via Office Live, which will have both a free ad-supported version and also a subscription based, ad free version.

It seems that Corporate customers will be able to take up subscriptions via their existing Volume Agreements (Open Value, Select, Enterprise Agreements etc) according to readwriteweb.

Readwriteweb also have a nice comparison between Office LIve Workspace & Google Docs here.

You can sign up for Office Live Workspace at

Microsoft Windows Azure

Microsoft Windows Azure and the Azure Services Platform is here..the actual name for Red Dog, Strata et al is with us.

LIve Services, .NET Services, SQL Services, Sharepoint Services & Dynamic CRM Services all sit on top of Windows Azure and support the Online versions of Microsoft’s key software including Live, Exchange Online, Sharepoint Online and CRM Online.

The Azure Platform

The Azure Platform

Azure will enable people to build and use completely new services in the Cloud, at a lower price point than before.

Pay as you grow and reduce costs. Pay for the services you use and reduce the capital costs associated with purchasing hardware and infrastructure. Reduce operational costs by running applications on the services platform and decrease the need for maintaining on-premises infrastructure. Increase business efficiency and agility by dynamically adding and subtracting capacity in real time. Envision building an e-commerce Web site that you can scale at the click of a mouse to meet seasonal demands or spikes in traffic based on sales and promotions. The Azure Services Platform helps reduce IT-related costs, freeing up time and capital to focus on your core business. runs atop Windows Azure.

I’m really excited about this, both as a Microsoft “Enthusiast”/Fanboy (depending who you ask!) and a Microsoft Partner. I get the impression that Azure is going to take us to some pretty amazing places; as business partners, customers and web users we’re witnessing something special!

A big shout out to Steve Clayton for breaking this news to us :-)

If you’re a developer and want to try out Azure for yourself, you can register for the Community Technology Preview (CTP) here.

Mary Jo Foley has got a nice breakdown of how Azure is composed. She also mentions that MS have committed to delivering Microsoft Hosted versions of all it’s Enterprise apps; she mentions that she’s heard rumours of ForeFront Online & System Center Online already!

Microsoft are really making a big push on Software+Services and as a Gold Partner actively looking into S+S, these PDC announcements are very interesting.

What is a Bluehoo?

There are, apparently, 100,000s of Bluehoo’s all over the web according to

**I know what a BlueHoo is..kind of!**

“Bluehoo is a mobile app that helps you make new social connections with the people around you – for business or for pleasure. Bluehoo uses Bluetooth to discover “hoos” around you right here, right now, shows you those people’s profiles and helps you start conversations”

Now this could be pretty cool. A way of finding other tech enthusiasts/Microsoft fans/MS staff etc while you’re out and about could, used properly lead to some good stuff. However what happens if all and sundry start using BlueHoo? Will it then become as ubiquitous and dare I say it, pointless as MySpace, FaceBook etc? I hope not becuase they’re done a great job at generating a buzz around this so here’s to a successfull future Hoobert!

You can download the beta software here.

I downloaded the Software last night and installed it on my HTC Diamond, no issues, no problems-nice and smooth; which is great for a brand new beta! It worked well, ran quickly and looked good-so far so good..

My big problem with it is it’s data use. It warns you that it constantly talks to it’s home servers and thus constantly uses your data allowance-which I think could be a problem. I’m really paranoid about getting stung with a £gazillion data bill so I don’t like things that use it up quickly! It could be the case, and I hope so, that BlueHoo isn’t really that bad..but I think I’m going to let other people discover that ;-)

I had Bluehoo on my Diamond when I went down to Microsoft Reading a couple of weeks ago, and although it picked up a whole host of Bluetooth devices, none of them had their BlueHoo profiles completed; I didn’t find another Hoo all day which was disappointing. To be honest, I think BlueHoo will stay under the radar used a lot by a few but never breaking out further than that. I’ve got to give them props for their viral marketing though, I was really excited leading up to PDC…just waiting to discover what a BlueHoo was..but now I feel slightly let down :-( runs on Microsoft’s new Cloud Computing Service Windows Azure and was the first non-Microsoft application to do so…

Hoobert the BlueHoo

Hoobert the BlueHoo