TechEd 2010 Day 4

I’m in the final stretch now, here on the final day of TechEd. There is always something sad about the last day. People start leaving to return home, sessions are a little more empty than usual, and you have to start thinking about going back to work. At least, that’s how it used to be. With the move to a four day format this year, things have changed. Most people are staying for the full day and evening party.

My first session was “SIA309 – Secure Endpoint – What’s in Forefront Endpoint Protection 2010” up in 388. We’ve been using Forefront Client Security for quite a while, and I was interested to find out some more details about the much delayed replacement. I came away pretty excited and eager to get my hands on the early bits. The addition of CPU throttling is a big win, as we often receive complaints from our users that FCS has started a scan and is impacting performance right when they need to get something ready for class. The addition of “sequencing” to its behavioral analysis will help catch things that are getting past FCS today. While individual events may look safe to the scanner, by looking at the events as a sequence, the combination of events can indicate a malware attack.

Forefront Endpoint Protection will also be better able to access updates as needed and automatically upload malware samples. The Dynamic Signature Service will go a long way towards shortening the cycle between new variants of malware and the release of updated signatures. Lastly, Dynamic Translation is a new feature that translates code from accessing actual resources to only using virtual resources, allowing Forefront to keep your system safe while it analyzes the behavior of the software it is scanning.

Next it was on to more Forefront family content in “SIA325 – Secure Endpoint: Virtualizing Microsoft Forefront Threat Management Gateway.” This session was heavy on PerfMon analysis to monitor the load on your TMG server to determine whether virtualization will work. They showed an interesting table that listed each feature of TMG and the relative CPU and I/O hits from each one. Malware scanning was far and away the biggest impact on the system which is why they recommend placing the volume used for scanning on its own LUN and away from other activity. I have a feeling that our load would be well-suited to virtualizing, but I’ll need to look into it some more when I have time (as if that will ever happen!). The presenter offered to provide the data and PerfMon settings from the presentation, so I stopped by the booth and had it copied to my thumb drive.

I asked (at the booth, not during the session) whether they had considered adding multiple scanning engines in TMB, and he said that they had, but they didn’t feel the performance impact justified the benefits of the additional engines.

I ran into the guys from Med School so I had lunch with them (and apparently missed quite the discussion over at the Krewe table) before heading off to a meeting with @TechEd_NA, @expta, and @thekrewe. We had an interesting conversation about the event in general, the value of community at TechEd, and the phenomena that is The Krewe.

After the discussions, most of us were going to go to the Russinovich session, so we hung out for a while before heading down to the Auditorium. Even though we had met earlier in the week, @TiffanyWI hadn’t connected that I was @Ladewig until we were standing there waiting around. Since I use my last name for my Twitter name, anyone who looked at my badge knew right away who I was on Twitter. So that earned me a big hug and added another person to a growing list of friends thanks to Twitter, TechEd, and the Krewe.

Anticipating a packed house for “WCL315 – The Case of the Unexplained, 2010: Troubleshooting with Mark Russinovich”, we headed down to Auditorium B early. That turned out to be a good decision because we managed to be near the front of the line and secured decent seats once the room opened. Mark was in great form as always as he walked us through a number of puzzling problems. As he showed us how to use several Sysinternals tools to identify the causes of the problems, he managed to get in a number of digs at Microsoft, Outlook, and Google. How does a guy get to be that funny and so wicked smart? If you haven’t been to one of his sessions, make an effort to do so the next time you’re at a conference where he is presenting. Absolutely amazing!

With our brains just a little bit more full than before, it was time for everyone to leave the Convention Center for the last time and say good bye to the educational part of TechEd for 2010. I headed back to the hotel, changed clothes, and killed some time before heading down to the lobby to catch the bus to the Closing Party.

The Closing Party (used to be the Attendee Party in previous years) was at Blaine Kern’s Mardi Gras World. This place is a little bit hard to describe. Blaine Kern Studios creates floats, sculptures, and props, and entire parades for Mardi Gras, Universal Studios, and other locations around the world. Mardi Gras World encompasses the actual sculpture and prop studios where they do their work with huge and unique event spaces. Check out their web site to learn more.

I arrived at the party just before the doors opened, so I was one of the first people in. At first you walked into a huge warehouse between rows of sculptures from various floats and then past entire floats from which costumed people were throwing beads. I collected several, enough to make myself look festive, and then walked through the area and the out into the open space along the river. Here they had a number of tents setup with food stations. A little bit of this and a little bit of that, and I had had enough food to tide me over for the evening. As it was still quite warm outside, I moved into the indoor area and found @TiffanyWI and then @wcaubrey. The band from the opening Keynote, Rockin’ Dopsie, Jr. and the Zydeco Twisters, was playing there, so we found a table for us and @expta. At the same time, the rest of the Krewe were securing tables in the Grand Oaks Mansion area, so we eventually moved over there where it was a bit cooler and a little more relaxed.

If you’ve ever been to the Blue Bayou at Disneyland, the Grand Oaks Mansion area is very similar with a replica antebellum mansion under a night sky with walkways and courtyards under moss-draped trees. Very cool. We managed to carve out our own area and spent the rest of the evening hanging out and enjoying everyone’s company on our last night together listening to a Dixieland-style band play.

After a lot of photos, hugs, and promises to stay in touch, people started to disperse. I left around 11 PM and headed back to the hotel. It was pretty late as usual, so I decided to save the packing for the morning and get some sleep.