Support  |  News & Events  |  Blog  |  About  |  Help  

Category Archives: Microsoft

The Case for Office 365

May 7, 2015 11:00 amLeave a Comment

Update - May 7, 2015
In the original post below, we talked about the 20,000 “item” limit in OneDrive for Business. It turns out that even our old friend and Office 365 evangelist Harry Brelsford, founder of SMB Nation, and, more recently, O365 Nation, has now run afoul of this obstacle, as he describes in his blog post from May 5.

Turns out there’s another quirk with OneDrive for Business that Harry didn’t touch on in his blog (nor did we in our original post below) - OneDrive for Business is really just a front end for a Microsoft hosted SharePoint server. “So what?” you say. Well, it turns out that there are several characters that are perfectly acceptable for you to use in a Windows file or folder name that are not acceptable in a file or folder name on a SharePoint server. (For the definitive list of what’s not acceptable, see https://support.microsoft.com/en-us/kb/905231.) And if you’re trying to sync thousands of files with your OneDrive for Business account and a few of them have illegal characters in their names, the sync operation will fail and you will get to play the “find-the-file-with-the-illegal-file-name” game, which can provide you with hours of fun…

Original Post Follows
A year ago, in a blog post targeted at prospective hosting providers, we said, “…in our opinion, selling Office 365 to your customers is not a cloud strategy. Office 365 may be a great fit for customers, but it still assumes that most computing will be done on a PC (or laptop) at the client endpoint, and your customer will still, in most cases, have at least one server to manage, backup, and repair when it breaks.”

About the same time, we wrote about the concept of “Data Gravity” - that, just as objects with physical mass exhibit inertia and attract one another in accordance with the law of gravity, large chunks of data also exhibit a kind of inertia and tend to attract other related data and the applications required to manipulate that data. This is due in part to the fact that (according to former Microsoft researcher Jim Gray) the most expensive part of computing is the cost of moving data around. It therefore makes sense that you should be running your applications wherever your data resides: if your data is in the Cloud, it can be argued that you should be running your applications there as well – especially apps that frequently have to access a shared set of back-end data.

Although these are still valid points, they do not imply that Office 365 can’t bring significant value to organizations of all sizes. There is a case to be made for Office 365, so let’s take a closer look at it:

First, Office 365 is, in most cases, the most cost-effective way to license the Office applications, especially if you have fewer than 300 users (which is the cut-off point between the “Business” and “Enterprise” O365 license plans). Consider that a volume license for Office 2013 Pro Plus without Software Assurance under the “Open Business” license plan costs roughly $500. The Office 365 Business plan – which gets you just the Office apps without the on-line services – costs $8.25/month. If you do the math, you’ll see that $500 would cover the subscription cost for five years.

But wait – that’s really not an apples-to-apples comparison, because with O365 you always have access to the latest version of Office. So we should really be comparing the O365 subscription cost to the volume license price of Office with Software Assurance, which, under the Open Business plan, is roughly $800 for the initial purchase, which includes two years of S.A., and $295 every two years after that to keep the S.A. in place. Total four-year cost under Open Business: $1,095. Total four-cost under the Office 365 Business plan: $396. Heck, even the Enterprise E3 plan (at $20/month) is only $960 over four years.

But (at the risk of sounding like a late-night cable TV commercial) that’s still not all! Office 365 allows each user to install the Office applications on up to five different PCs or Macs and up to five tablets and five smart phones. This is the closest Microsoft has ever come to per-user licensing for desktop applications, and in our increasingly mobile world where nearly everyone has multiple client devices, it’s an extremely attractive license model.

Second, at a price point that is still less than comparable volume licensing over a four-year period, you can also get Microsoft Hosted Exchange, Hosted SharePoint, OneDrive for Business, Hosted Lync for secure instant messaging and Web conferencing, and (depending on the plan) unlimited email archiving and eDiscovery tools such as the ability to put users and/or SharePoint document libraries on discovery hold and conduct global searches across your entire organization for relevant Exchange, Lync, and SharePoint data. This can make the value proposition even more compelling.

So what’s not to like?

Well, for one thing, email retention in Office 365 is not easy and intuitive. As we discussed in our recent blog series on eDiscovery, when an Outlook user empties the Deleted Items folder, or deletes a single item from it, or uses Shift+Delete on an item in another folder (which bypasses the Deleted Items folder), that item gets moved to the “Deletions” subfolder in a hidden “Recoverable Items” folder on the Exchange server. As the blog series explains, these items can still be retrieved by the user as long as they haven’t been purged. By default, they will be purged after two weeks. Microsoft’s Hosted Exchange service allows you to extend that period (the “Deleted Items Retention Period”), but only to a maximum of 30 days – whereas if you are running your own Exchange server, you can extend the period to several years.

But the same tools that allow a user to retrieve items from the Deletions subfolder will also allow a user to permanently purge items from that subfolder. And once an item is purged from the Deletions subfolder – whether explicitly by the user or by the expiration of the Deleted Items Retention Period – that item is gone forever. The only way to prevent this from happening is to put the user on Discovery Hold (assuming you’ve subscribed to a plan which allows you to put users on Discovery Hold), and, unfortunately, there is currently no way to do a bulk operation in O365 to put multiple users on Discovery Hold – you must laboriously do it one user at a time. And if you forget to do it when you create a new user, you run the risk of having that user’s email messages permanently deleted (whether accidentally or deliberately) with no ability to recover them if, Heaven forbid, you ever find yourself embroiled in an eDiscovery action.

One way around this is to couple your Office 365 plan with a third-party archiving tool, such as Mimecast. Although this obviously adds expense, it also adds another layer of malware filtering, an unlimited archive that the user cannot alter, a search function that integrates gracefully into Outlook, and an email continuity function that allows you to send/receive email directly via a Mimecast Web interface if the Office 365 Hosted Exchange service is ever unavailable. You can also use a tool like eFolder’s CloudFinder to back up your entire suite of Office 365 data – documents as well as email messages.

And then there’s OneDrive. You might be able, with a whole lot of business process re-engineering, to figure out how to move all of your file storage into Office 365′s Hosted SharePoint offering. Of course, there would then be no way to access those files unless you’re on-line. Hence the explosive growth in the business-class cloud file synchronization market - where you have a local folder (or multiple local folders) that automatically synchronizes with a cloud file repository, giving you the ability to work off-line and, provided you’ve saved your files in the right folder, synchronize those files to the cloud repository the next time you connect to the Internet. Microsoft’s entry in this field is OneDrive for Business…but there is a rather serious limitation in OneDrive for Business as it exists today.

O365′s 1 Tb of Cloud Storage per user sounds like more than you would ever need. But what you may not know is that there is a limit of 20,000 “items” per user (both a folder and a file within that folder are “items”). You’d be surprised at how fast you can reach that limit. For example, there are three folders on my laptop where all of my important work-related files are stored. One of those folders contains files that also need to be accessible by several other people in the organization. The aggregate storage consumed by those three folders is only about 5 Gb – but there are 18,333 files and subfolders in those three folders. If I was trying to use OneDrive for Business to synchronize all those files to the Cloud, I would probably be less than six months away from exceeding the 20,000 item limit.

Could I go through those folders and delete a lot of stuff I no longer need, or archive them off to, say, a USB drive? Sure I could – and I try to do that periodically. I dare say that you probably also have a lot of files hanging around on your systems that you no longer need. But it takes time to do that grooming – and what’s the most precious resource that most of us never have enough of? Yep, time. My solution is to use Citrix ShareFile to synchronize all three of those folders to a Cloud repository. We also offer Anchor Works (now owned by eFolder) for business-class Cloud file synchronization. (And there are good reasons why you might choose one over the other, but they’re beyond the scope of this article.)

The bottom line is that, while Office 365 still may not be a complete solution that will let you move your business entirely to the cloud and get out of the business of supporting on-prem servers, it can be a valuable component of a complete solution. As with so many things in IT, there is not necessarily a single “right” way to do anything. There are multiple approaches, each with pros and cons, and the challenge is to select the right combination of services for a particular business need. We believe that part of the value we can bring to the table is to help our clients select that right combination of services – whether it be a VirtualQube hosted private cloud, a private cloud on your own premise, in your own co-lo, or in a public infrastructure such as Amazon or Azure, or a public/private hybrid cloud deployment – and to help our clients determine whether one of the Office 365 plans should be part of that solution. And if you use the Office Suite at all, the answer to that is probably “yes” - it’s just a matter of which plan to choose.

Posted in: Best Practices, Cloud Computing, Microsoft, Office 365Tagged: , ,

Windows Server 2003 - Four Months and Counting

March 12, 2015 5:19 pmLeave a Comment

Unless you’ve been living in a cave in the mountains for the last several months, you’re probably aware that Windows Server 2003 hits End of Life on July 14, 2015 – roughly four months from now. That means Microsoft will no longer develop or release security patches or fixes for the OS. You will no longer be able to call Microsoft for support if you have a problem with your 2003 server. Yet, astoundingly, only a few weeks ago Microsoft was estimating that there were still over 8 million 2003 servers in production.

Are some of them yours? If so, consider this: As Mike Boyle pointed out in his blog last October, you’re running a server OS that was released the year Facebook creator Mark Zuckerberg entered college; the year Wikipedia was launched; the year Myspace (remember them?) was founded; the year the Tampa Bay Buccaneers won the Super Bowl. Yes, it was that long ago.

Do you have to deal with HIPAA or PCI compliance? What would it mean to your organization if you didn’t pass your next audit? Because you probably won’t if you’re still running 2003 servers. And even if HIPAA or PCI aren’t an issue, what happens when (not if) the next big vulnerabilty is discovered and you have no way to patch for it?

Yes, I am trying to scare you – because this really is serious stuff, and if you don’t have a migration plan yet, you don’t have much time to assemble one. Please, let’s not allow this to become another “you can have it when you pry it from my cold dead hands” scenario like Windows XP. There really is too much at stake here. You can upgrade. You can move to the cloud. Or you can put your business as risk. It’s your call.

Posted in: Best Practices, Microsoft, SecurityTagged: , ,

Licensing Office in a Remote Desktop Environment - Updated

January 12, 2015 12:00 pm29 Comments

Update - January 19, 2015
After posting the last update a week ago, I spent more time rooting around the Microsoft Web site, and ended up in a relatively painful 45-minute chat session with a Microsoft “Licensing Specialist.” A large portion of that time was spent just trying to get said Licensing Specialist to understand the question I was asking. Ultimately, I had to give up on my attempt to get an answer as to why Microsoft still had a live link to a Volume License Brief that appeared to be out of date and that apparently contained information that was no longer valid…because the Licensing Specialist couldn’t get to the document in question. According to her, when she clicked on the link below, she received an error message stating that the document had been removed from the Microsoft Web site. As I write this update, the link to the 2009 Volume License Brief is still live, and I just verified that the document is still there. I will leave it to you to figure out why I can still get to it but she couldn’t. She offered to have a Microsoft manager call me the next day. It’s been a week now, and I have yet to receive that call. (It’s possible that the manager attempted to call me, but, if so, did not leave a voice mail message.)

In the absence of any other information at this point, my best advice is to assume that this Volume License Brief supersedes the information in the earlier one (even though the earlier one is still available on Microsoft’s Web site), and that, to be on the safe side, you should insure that, if you are accessing Office applications via RDS, the edition and version on your RDS server(s) match the licenses you have for your client devices.
…end January 19 update…

Update - January 12, 2015
A few days ago, Markus challenged my statement (see comment below) that it was permissible to access Office Standard via Remote Desktop Services if your client was licensed for Office Pro Plus, and that it was also permissible to access an older version (e.g., Office 2010 Pro Plus) via Remote Desktop Services if your client was licensed for a newer version (e.g., Office 2013 Pro Plus). I can state definitively that this was the case, as recently as November, 2009. This Microsoft Volume License Brief, originally published in 2007, and updated in November of 2009, contained the following graphic (click to enlarge):


This graphic clearly shows that it was permissible to access Office Standard from a client device licensed with Office Pro Plus, and that it was permissible to access an older version of Office from a client device licensed with a newer version. However, a later Volume License Brief suggests that this may have changed. I am attempting to get clarification from Microsoft, and will update this post again as I get more information.
…end Jan. 12 update…

Judging from the questions we continue to be asked, lots of people are confused about how to license the Microsoft Office Suite if you are accessing it via Microsoft’s Remote Desktop Services (a.k.a. Terminal Services) and/or Citrix XenApp. Hopefully, this will help clear up the confusion. We’ve also updated this post to include information about how to license the applications in a Cloud hosting environment.

First of all, it is important to keep in mind that desktop applications such as the Office Suite are licensed per device, not per user. According to the latest Microsoft “Product Use Rights” document dated April, 2014, a “Licensed Device” is “the single physical hardware system to which a license is assigned.”

That begs the question of what “assigned” means, and the answer - particularly for devices like thin clients, where you couldn’t install the application locally if you wanted to - is that you are on the honor system. You decide, in the privacy of your own conscience, which licenses you are assigning to which devices - with the caveat that, if you’re ever audited, you’d better be able to produce a license for every device people are using to run Office apps. You can reassign a license from one device to another, but not more often than every 90 days, unless it’s due to permanent hardware failure.

Once you’ve assigned each license you acquire to a device, you have the following rights (again quoting from the Product Use Rights document, with my commentary in italics):

  • You may install the software on the Licensed Device and a network Server.
  • Unless you license the software as an Enterprise Product or on a company-wide basis, you may also install the software on a single portable device. That would cover a user who, for example, had both a desktop PC and a notebook PC.
  • Each license permits only one user to access and use the software at a time. So, technically, it would be a license violation for someone else to run Office on your desktop PC while you’re in a hotel somewhere running it on your “portable device.”
  • Local use of the software running on the Licensed Device is permitted for any user. So it’s OK to let someone else use your desktop PC to run Office, as long as you’re not simultaneously running it on your “portable device.”
  • Local use of the software running on a portable device is permitted for the primary user of the Licensed Device. So, technically, it would be a license violation for you to let someone else run Office on your “portable device” under any circumstances.
  • Remote use of the software running on the Licensed Device is permitted for the primary user of that device from any device or for any other user from another Licensed Device. So if your Licensed Device is your desktop PC, it’s OK for you to use GoToMyPC or some similar remote access method to access and run that copy of Office, using whatever kind of client device you want - including, say, an iPad. However, any other user could not remotely access your desktop PC to run that copy of Office unless they were doing so from another Licensed Device.
  • And now the most important point relative to the subject at hand… Remote use of the software running on a network Server is permitted for any user from a Licensed Device. A Remote Desktop Server falls under the definition of a “network Server.” So any user who is accessing Office via Remote Desktop Services must be doing so from a Licensed Device.

In other words, if you can walk up to a device and use it to access a Remote Desktop Server and run Office, you must have an Office license for that device. It doesn’t matter whether that device is a PC or laptop that has the Office bits installed on its local hard drive, or whether it is a thin client device that only knows how to connect to a XenApp server, you need to have “assigned” a license to that device.

It’s also important to note that all of the above came from the Product Use Rights document for Microsoft Volume Licenses. You do not, never have had, and probably never will have the right to access Office on an RDS or XenApp server from a device that has an OEM Office license installed on it. If your PC or laptop came from the manufacturer with Office pre-installed on it, then you have an OEM license, and you do not have “network storage and use” rights. There is an excellent blog post over on the Microsoft SMB Community Blog that explains this in detail. Yes, it’s an old post (from July, 2005). No, the policy hasn’t changed.

Things get a bit more complicated when you move to the Cloud. For example, if you are a VQOffice® customer, and you want to run Office apps on our cloud servers, we can, of course, bundle the Office licenses into your monthly fee under our Microsoft SPLA (“Service Provider License Agreement”). But what if you already own volume licenses for Office? According to the Product Use Rights document, we can use your licenses “provided all such Servers and other devices are and remain fully dedicated to your use.” Given the highly virtualized environments of nearly all Cloud hosting providers (including us), that’s going to drive the cost of the solution up significantly unless you have enough users to justify dedicating hardware in our data center just for your use. For most small businesses, it will be less expensive to pay us for the use of our SPLA licenses than to pay us for dedicated hardware so you can use your own licenses.

What about Office 365? Office 365 is governed by a completely different use rights document - the Online Services Use Rights document. If you read through that document, you will find that, under the E3 plan for example, each user has the rights to activate the Office software on up to five devices, which is a pretty good deal. You will also find the following statement: “Each user may also use one of the five activations on a network server with the Remote Desktop Services (RDS) role enabled…” At first blush, you might think that means you could use your Office 365 E3 licenses to cover running Office apps in our Cloud hosting environment - and you would be right, provided that you’re running on dedicated hardware. So, basically, the same rules apply to Office 365 licenses as apply to volume licenses. We’d be delighted if the rest of the world added their voices to ours to try to get that policy changed.

Disclaimer: I do not work for Microsoft, nor do I define their license terms, which are subject to change, particularly when new product versions are released. I have, however, worked with them for a very long time, and had lots of discussions about what is, or is not, legal under the terms of various license models. The foregoing is my own interpretation of information that is publicly available on the Microsoft Web site - and I have helpfully provided you with links to that information. I highly recommend that, if you have any questions, you download the relevant Product Use Rights document and read it for yourself.

Posted in: Citrix, Licensing, Microsoft, XenAppTagged: , , , ,

eDiscovery Part 4 - the eDiscovery Process

December 12, 2014 2:58 pmLeave a Comment

This is the fourth and final installment in our series of blog posts on eDiscovery, containing video excerpts from the presentation we made on September 26 at the O365 Nation Fall Conference in Redmond. This installment is a bit longer (14 minutes), but it deals with the question of how you search for and retrieve the content we’ve discussed in previous posts. To review:

  • Part 1 discussed the lifecycle of an Exchange email message, what the “Recoverable Items” folder is all about, and the role of the “Single Item Recovery” feature in Microsoft Exchange.
  • Part 2 discussed PST files - why you may not want people using them, how to prevent their use, and why the archiving function that is built into Exchange 2010 and 2013 is a better option.
  • Part 3 discussed discovery hold - the different kinds of discovery hold available in Exchange 2013, how they work, and how they differ from what was available in Exchange 2010.

In this installment, we address the discovery process itself, and specifically how to configure and use the eDiscovery Center that’s available in SharePoint 2013:



Finally, as you moved through the video series, you saw a number of URLs in the PowerPoint presentation that led to various Web resources that would provide more information on the topics discussed, and you may have wished that you could see them more clearly so you could write them down. Not to worry - here they are for your convenience:

Posted in: Best Practices, eDiscovery, Microsoft, SecurityTagged: , , ,

eDiscovery Part 3 - Email Discovery Hold in Microsoft Exchange

November 21, 2014 2:15 pmLeave a Comment

This is the third in our series of blog posts on eDiscovery, containing video excerpts from the presentation we made on September 26 at the O365 Nation Fall Conference held in Redmond. Part 1 dealt with the lifecycle of an Exchange email message, what the “Recoverable Items” folder is all about, and the role of the “Single Item Recovery” feature in Microsoft Exchange. Part 2 discussed PST files - why you may not want people using them, how to prevent their use, and why the archiving function that is built into Exchange 2010 and 2013 is a better option.

In this segment, we dive into discovery hold, and talk about the different kinds of discovery hold available in Exchange 2013, how they work, and how they differ from what was available in Exchange 2010.

Posted in: Best Practices, eDiscovery, Microsoft, SecurityTagged: , , ,