Posts Tagged ‘ Security ’


I like the IBM Edge conference because it tries to showcase how infrastructure can provide a large company with a competitive edge. While the event clearly contains content on IBM products and services, the emphasis appears to be on getting things. This year’s event also offered a snapshot of how IBM is adapting to address one of the most massive changes the technology market has yet made.

Remember, the Fountain of Youth Is a Myth
Perhaps the strongest metaphor for the problem that IBM faces was the opener for the first keynote talk: A brilliant guitarist who’s only 11 and has been playing for just three years. (I found that personally depressing.) An older musician soon joined him; he was able to keep up, and perhaps even outplay him, thanks to his experience.

This older musician represents IBM’s potential. IBM can never again be an amazing young company, but its experience and history should let it step up and at least match any young firm. The key here is that the older musician matched the younger musician’s tune and didn’t try to step in with classic rock. IBM must be agile enough to play as well as the young companies entering the market to make its experience seem like an advantage.

As the youngster left the stage, and he was asked who he wanted to be like, he said he just wanted to be himself. There’s the problem with the young company – it’s still trying to figure out what it will be. That’s a painful path that the older company has already completed. IBM knows what it is – and that’s the sustaining advantage that any older company must remember. IBM’s most iconic CEO, Thomas Watson Jr., said it best: To succeed, you have to be willing to change everything but who you are.

IBM Partnerships, Products Position Company Well
Perhaps IBM’s most powerful and interesting move to the sale of the IBM System X group to Lenovo. This goes to the heart of the “change everything” part of the equation. System X wasn’t working inside IBM. Lenovo’s own server group represents an increasing threat, but it’s not growing very quickly. System X brings low margin to IBM, but Lenovo is a low-margin company, so it could take this division and actually increase its margins. In short, IBM is trying to eat its cake and have it, too.

In addition, the ongoing drama between the U.S. and China on data security makes it nearly impossible for U.S. companies to sell in China and vice versa. IBM and Lenovo clearly execute better than most companies, but this issue still hampers them both. The deal surrounding the acquisition provides an answer: Lenovo can take the lead selling IBM products in China, while IBM can take the lead selling products in the parts of the U.S. where this conflict poses problems (such as the U.S. government). Neither company has ever been identified as working against its customers, and both firms’ ability to assure a willing outcome should be a common competitive advantage.

That said, IBM does have another clear advantage: Watson. IBM is the only company working on artificial intelligence at enterprise scale, and Watson represents the next big step in real-time applied analytics-based decision support.

Integrated into IBM offerings, this system should significantly improve the decision accuracy of IBM executives and IBM customers as well. Watson stands out in IBM’s line as a massive competitive advantage, as it turns the rest of IBM’s data analytics solution into something that’s nothing short of industry changing.

One IBM customer, a huge healthcare company, said its goal was an enterprise-scale solution using cloud methods and technologies. Buyers at this size need the compliance of an enterprise company and want the cost advantages of the cloud.

Everything Old Is New Again
That’s what IBM presented this week – and it demonstrated that IBM’s transition to a very different company continues. Once complete, IBM will have offerings such as Watson and partnerships with firms such as Lenovo that are unique, powerful and unmatched in the rapidly changing technology world.

IBM Edge 2014 provided a unique view into the future of at-scale cloud computing infrastructure and the near-term future of IBM as a company that plans to be the very best at providing what you need when you need it.


.MCTS Certification, MCITP Certification

Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com

 

According to leaked screenshots and secret sources, Microsoft will scrap ‘Metro’ and roll boot-to-desktop as the default in the Windows 8.1 update coming in March.

If you hated the Live Tiles presented as the default on the Windows 8.x Start screen, then Microsoft allowed users to tweak the setting in Windows 8.1 to bypass the “Metro” interface at boot and instead boot to desktop. But boot-to-desktop will be the default, according to leaks from Microsoft insiders and screenshots of the upcoming Windows 8.1 update. Rumor has it that the update will roll out on Patch Tuesday in March.

The Russian site Wzor first posted leaked Windows 8.1 test build screenshots showing the change enabled by default.

Leaked Windows 8.1 test build, no more Metro Start screen, boot to desktop as default
Then Microsoft insiders, or “sources familiar with Microsoft’s plans,” told The Verge that Microsoft hopes to appease desktop users by bypassing the Start screen by default, meaning users will automatically boot straight to desktop. “Additional changes include shutdown and search buttons on the Start Screen, the ability to pin Windows 8-style (“Metro”) apps on the desktop task bar, and a new bar at the top of Metro apps to allow users to minimize, close, and snap apps.”

Of course, Microsoft continues to lose millions upon millions of customers to iOS and Android. That desperation is likely what drove Microsoft to force a touch-centric operating system on customers. If customers can’t easily use a Windows OS on a traditional desktop, then Microsoft hoped its “make-them-eat-Metro” strategy would force people to buy its tablet to deal with the touch-based OS. For Microsoft, it was like killing two birds with one stone. But despite the company’s “One Microsoft” vision, we’re not birds and we don’t like having stones thrown our way.

Microsoft claimed that telemetry data justified the removal of the Start button in Windows 8, and then its return in Windows 8.1. That same telemetry data shows “the majority of Windows 8 users still use a keyboard and mouse and desktop applications.” The Verge added, “Microsoft may have wanted to push touch computing to the masses in Windows 8, but the reality is that users have voiced clear concerns over the interface on desktop PCs.”

“Microsoft really dug a big hole for themselves,” Gartner’s David Smith told Gregg Keizer, referring to the Redmond giant’s approach with Windows 8. “They have to dig themselves out of that hole, including making some fundamental changes to Windows 8. They need to accelerate that and come up with another path [for Windows].”

Back in December, NetMarketShare stats showed that more people were still using the hated Windows Vista than Windows 8.1. January 2014 stats showed Windows 8.1 on 3.95% of desktops with Vista on 3.3%. Despite Microsoft warning about the evils of clinging to XP, and the April death of XP support, Windows XP, however, was still on 29.23%. Many people still hate Windows 8, which may be why the company plans to jump to the next OS as soon as possible.

Microsoft plans to start building hype for “Windows 9″ at the BUILD developers’ conference in April. The new OS is supposedly set to come out in the second quarter of 2015. While it seems wise for the company to want to ditch the hated Windows 8.x as soon as possible, Microsoft had better to do something to encourage developers as the expected boot-to-desktop change will mean folks won’t see the Metro apps on the Start screen.

Windows 8.1 update leaked screenshot of test build
According to the test build screenshot, Microsoft is urging people to “switch to a Microsoft account on this PC. Many apps and services (like the one shown for calendar) rely on a Microsoft account to sync content and settings across devices.” Note that “sign into each app separately instead” is “not recommended” by Microsoft. Of course, setting up a Windows 8 computer without it being tied to a Microsoft email account was “not recommended” either…but it can be done with about any email address or set up as a local account tied to no email address. If you use SkyDrive, aka the newly dubbed “OneDrive,” then why not just log in when you need it?

Trying to keep its developers “happy,” may be part of the reason Microsoft does not recommend signing into your Microsoft account on an individual app basis. Sure there’s still the Windows Phone Store, but some people complain that the Windows Phone Store is full of junk and fake apps. Of course, since Windows 8’s dueling tablet-PC interface was a flop, perhaps Microsoft will follow Apple’s lead and come up with a separate OS for tablets. That move might help out Microsoft and developers; without developers, there’s no apps. Without good apps, even a new OS for tablets won’t help Microsoft from continuing to decline and falling into the abyss of irrelevancy.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

The Syrian Electronic Army hacked all of Skype’s social media accounts and accused Microsoft of helping the government spy and monitor our email.

It’s said there is no rest for the wicked, and New Year’s Day had Skype social media managers scrambling to scrub evidence of being hacked off of its Skype blog, Twitter and Facebook accounts. That evidence was planted by the Syrian Electronic Army and accused Microsoft of spying for the “governments.”

After the SEA’s attack, Skype sent out a pair of tweets to its 3 million Twitter followers, warning:

Hacked Skype tweet warns against using Microsoft products

Skype tweet stop spying on people

Those Skype tweets were deleted and then replaced with this tweet: “You may have noticed our social media properties were targeted today. No user info was compromised. We’re sorry for the inconvenience.”

The SEA also hacked the Skype blog:

Skype blog, Facebook, Twitter hacked by Syrian Electronic Army

Hacked Skype blog says don’t use Microsoft products

These posts were mirrored on Skype’s Facebook page before quickly being deleted.

Skype Facebook hacked posts removed

Then reporter Matthew Keys tweeted this screenshot “proof” of the Skype hack sent to him by the SEA.

Screenshot Skype hack

The SEA also tweeted Steve Ballmer’s contact information along with the message, “You can thank Microsoft for monitoring your accounts/emails using this details. #SEA”

Although the SEA has successfully hacked many major companies, the Skype hack seems to be referring to Microsoft’s alleged cooperation with the NSA. Microsoft denied providing backdoor real-time access, but revelations provided by Edward Snowden indicated that the NSA can successfully eavesdrop on Skype video calls. Although Microsoft vowed to protect users from NSA surveillance, the Redmond giant “forgot” to mention Skype in its promises.

As security expert Graham Cluley pointed out, “Chances are that Skype didn’t read my New Year’s resolution advice about not using the same passwords for multiple accounts.”

In fact, Skype seems to have disregarded its parent company’s advice. Microsoft’s Security TechCenter has a post regarding “selecting secure passwords.” Regarding “Password Age and Reuse,” it states:

Users should also change their passwords frequently. Even though long and strong passwords are much more difficult to break than short and simple ones, they can still be cracked. An attacker who has enough time and computing power at his disposal can eventually break any password. In general, passwords should be changed within 42 days, and old passwords should never be reused.

Skype itself has a few password “rules” such as:

A password must:

Be at least 6 characters and not longer than 20 characters.

Contain at least one letter and one number.

Not have any spaces.

Not contain your Skype Name (case insensitive).

Not be a part of Skype Name (case insensitive).

Your password also cannot contain any of the following words:

1234, 4321, qwert, test, skype, myspace, password, abc123, 123abc, abcdef, iloveyou, letmein, ebay, paypal.

However, after the Skype hack gave Microsoft a black eye with spying accusations, it’s a pretty safe bet that whoever controls Skype social media will no longer resuse the same password to protect all of the company’s accounts. And if you reuse the same password on different sites, it would be a great 2014 resolution to change all your passwords, keep them in a password safe, and make sure you don’t use the same one for multiple sites.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

A decade after it started, Microsoft excels at addressing security concerns when compared with its competitors

Today marks the 10th anniversary of the debut of Microsoft’s Patch Tuesday program, through which it would regularly issue fixes to its software on the second Tuesday of every month. It had been possible to check for updates via the Windows Update application in Windows XP, but now Microsoft was actually going to push out fixes.

Steve Ballmer introduced Patch Tuesday at the Worldwide Partner Conference in New Orleans in October 2003. “Our goal is simple: Get our customers secure and keep them secure,” Ballmer said in a statement. “Our commitment is to protect our customers from the growing wave of criminal attacks.”

RELATED: Microsoft finally patches gaping IE exploit with Patch Tuesday update

Patch Tuesday brought order to the patching process but allows network administrators to plan for network-wide upgrades ahead of time, since Microsoft would put out an alert the Thursday before Patch Tuesday to say what was coming. Microsoft always had to be judicious in how much information it released ahead of time because it didn’t want to tell the bad guys where it found a problem.

The day after the patches are pushed out, Microsoft holds a live chat, usually at 11 am Pacific time, to discuss the fixes.

In addition to Patch Tuesday, there has been the occasional Super Patch Tuesday, where Microsoft issues optional and non-security updates. Plus, if a really bad exploit is found, Microsoft has been known to ship what are called out-of-band patches.

It’s also had to issue patches of patches, because sometimes things get fouled up. Just this past August Microsoft had to recall six patches because they introduced new problems that, in some cases, rendered the PC unusable.

In 2008, Microsoft introduced the Microsoft Exploitability Index, which told people how severe the exploit was and whether or not an IT manager should rush out the fix. While most of us just update on patch day without a second thought, some people do actually have to be careful that the fix doesn’t break their existing apps.

At the same time, Microsoft introduced security-related programs to share early information with partners to help coordinate efforts to protect them from attacks in the wild before they become widely known. The program also provides additional information and guidance to help customers evaluate risks and prioritize the deployment of Microsoft security updates.

Critics have accused Patch Tuesday of being a gift to hackers, because if they have an exploit that isn’t fixed in one month, they have a full month to exploit it with their malware. Also, by issuing so many fixes at once, Microsoft tells the bad guys where the bugs are. They very well might rush out malware to exploit the hole in PCs that are slow to patch. This led to the term “Exploit Wednesday.”

All of this is true; and Microsoft has on a few occasions let Patch Tuesdays go by with big exploits unpatched. But compared to the track record of other firms, Microsoft is on top of things. Apple has had several instances in the last few years where exploits went for many months before being fixed. It doesn’t have a structured patch cycle like Microsoft does.

And then there’s Oracle. Since inheriting a complex and often-buggy piece of software in Java when it acquired Sun Microsystems, Oracle has been very sluggish in responding to Java problems. The result of Oracle’s flat-footed responses is that Java is the top target for hackers, according to a report from security software developer F-Secure (PDF).

Java is so insecure that 95 percent of all exploit attacks can be found in five security flaws, four of which are in Java (the fifth is a Microsoft True Type font exploit). The best thing you can do to secure your infrastructure is turn off Java, F-Secure says. That’s sad, especially given that Oracle has a huge investment in Java-based products. You’d think it would move heaven and earth to secure Java.

You can see by the fact that most exploits are in apps, browsers and Java that the company has hardened the OS significantly. Patch Tuesday isn’t flawless or without its share of problems, but it did force Microsoft to move a lot faster in addressing its problems, certainly faster than Apple and Oracle.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification,
Microsoft MCITP Training at certkingdom.com

 

Don’t waste any time – get that thing rolled out quick because it’s wide-ranging and already being exploited.

Normally companies should proceed at their own pace when deploying Microsoft’s monthly updates, known as Patch Tuesday, since they come out on the second Tuesday of every month.

This month’s batch, though, is pretty hefty in terms of impact and volume, so you may want to make them a priority. This month’s Patch Tuesday consists of seven bulletins addressing a total of 34 vulnerabilities, and half of them are in Internet Explorer. Six of the seven bulletins are critical, a little more than usual, that can give attackers power to execute code on victim machines.

Fortunately, the bugs in Windows and IE require the end user to do something, like use their browser to visit an infected site or click on a link in an instant messenger. “So they all require end-user actions. If you don’t browse or use instant messenger, it won’t affect you. So on servers you can take your time, they are not that urgent,” said Wolfgang Kandek, CTO of the security firm Qualys.

For desktop users, however, these are critical because that’s how most PCs get infected – by user interaction of one form or another. Kandek called attention to two of the Bulletins. Bulletin MS13-055 rounds up 17 known vulnerabilities and exploits in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

Kandek said at least one of the vulnerabilities is already being exploited by hackers, so either patch IE or use another browser until you do.

MS13-053 handles two publicly disclosed and six privately reported vulnerabilities in Windows, the most severe of which could allow remote code execution if a user views shared content that embeds TrueType font files.

With so many critical fixes to the OS and browser, Kandek said the desktop users should prioritize rolling out the fixes. “I don’t see why you would extensively need to test it,” he said.

Lost in the hoopla of Patch Tuesday was a trio of important bulletins from Adobe Systems, which issued significant fixes for Flash, Shockwave and ColdFusion.

Also, there will be a Java patch issued by Oracle next week, which appears to be running its own Patch Tuesday cycle, except it’s on the third Tuesday of every month.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

The 5 worst mobile threats of 2012

Written by admin
November 3rd, 2012

New types of mobile malware make headlines every day, but what are the most prevalent threats out there? The team at Nominum decided to find out by analyzing Domain Name System (DNS) data of approximately half a million users from various countries.

Most malware uses the DNS to communicate and our technology processes about 30% of the worlds’ DNS traffic, so we were able to identify the top five mobile-only malware threats.

We defined greatest threat as the most widespread malware that meets a baseline level of risk to the end user — for example, malware that attempts to steal a person’s identity and/or money. What follows is a summary of the current mobile malware landscape and a short description of each malware threat, along with some thoughts on what can be done to protect end users.
But how bad is it, really?

The mobile malware threat is real with a significant number of infections in existence today that are capable of stealing mobile phone users’ identity, and this number is growing everyday. Our research shows that Android remains the top target of malware writers.

Despite that finding, our data was not extensive enough to prove just how prevalent threats were in the U.S. specifically, but recent research has shown that malicious links within text continue to be the biggest concern for mobile device users in the U.S. with 4 in 10 American users likely to click on an unsafe link.

Although Androids topped the list of mobile malware targets, there are still major regional differences in mobile malware prevalence. For instance, “Notcompatible” has a much higher infection rate in Latin America, while “SMSPACEM” and “Netisend” are much more prevalent in the Asia Pacific regions.

These regional differences may be explained by end users’ personal networks. Like a cold or virus in the real world, once someone in a community gets infected with a mobile malware, they are more likely to spread it to others in that community — instead of a sneeze, it is through SMS. As the mobile malware area is less mature than its fixed counterpart, it may take more time for mobile threats to “jump” networks; this will change soon, though, as malware threats get more sophisticated.

Mobile malware writers are leveraging many of the same social engineering techniques (e.g., spreading through end users’ contact lists) and technical capabilities (e.g., rootkits) to spread and make money they’ve used on the Fixed side for years. As the proliferation of smartphones continues and the mobile ad market matures, the incentive of higher profit possibilities will encourage malware writers to write more sophisticated malware.

With multiple mobile operating systems and a vast array of devices, device-based anti-malware software alone isn’t a scalable solution to the problem. The DNS enables a network-based approach for preventing malware that works regardless of what type of device is infected.

The DNS is primarily thought of as a functional technology to navigate the Web, as its original role was to facilitate ease of use of the Internet. DNS eliminates the need to type in long strings of numbers (IP addresses) to access content and translates the numbers into words. Due to its history, DNS has become an often-overlooked layer but it is essential to the network running. As network activity has advanced (think the proliferation of applications, mobile banking, etc.), the DNS layer has evolved into an efficient network infrastructure tool that guides high-performance transactions.

In the case of mobile malware threats, the DNS layer can be analyzed to detect and mitigate suspicious activity. Accordingly, solutions have been invented that enable mobile carriers to layer security applications upon their pre-existing DNS network. These applications can conduct a number of roles from detecting and thwarting hackers’ efforts to alerting users of potentially dangerous mobile websites.

Compared to other solutions, utilizing the DNS layer allows for a faster response time and cost-effective options — both important benefits to a mobile carrier and its subscribers. The DNS’s ability to secure networks should be a part of the modern mobile operator’s security playbook because the mobile malware problem is only going to get worse before it gets better.

Here are the top threats that we’re up against:

* NOTCOMPATIBLE — The worst of all malware created in 2012 is a drive-by Trojan which can infect Android phones via their mobile Web browsers. When a browser’s download is completed, it will ask for user permission to install as depicted below. After infection, the Android phone can work as a proxy. It is widespread and growing every day. [Also see: “For the first time, hacked websites deliver Android malware”]

* SMSPACEM — This is the second-most widespread malware for Android phones in 2012. It will change a phone’s wallpaper and send anti-Christian jokes by SMS to all the user’s contacts. Here is an example: “Looks like Jesus is a no-show, maybe Judaism was on to something Cannot talk right now, the world is about to end Just saw the four horsemen of the apocalypse and man did they have the worst case of road rage Prepare to meet thy maker, make sure to hedge your bet just in case the Muslims were right.”

* LENA — This Android-based malware is capable of taking over a user’s phone without asking permission by using an exploit such as gingerbreak or appearing as a VPN app. Once gaining root access, LENA can start to communicate with its command an control site, download additional components and update installed binaries.

* NETISEND — An information stealer on Android phones, it can retrieve information like IMEI, IMSI, model information and installed applications. After downloading, the malware will ask permission to connect to the Internet and open a backdoor with its C&C domain site.

* BASEBRIDGE — It can get an Android phone root access by exploiting netlink message validation local privilege escalation vulnerability. Once infected, Basebridge can disable installed AV software, download additional malware components and open a backdoor with its C&C site. It will steal IMSI, manufacture and model info. It can also send SMS messages, delete SMS messages from inbox and dial phone numbers.

These five mobile malware threats are just the tip of the iceberg. New types of mobile malware are designed everyday by ill-intentioned individuals, and hardware-based security is just a temporary Band-Aid to defend against sophisticated mobile threats. Staying aware of what is out there and abreast of the latest threats is the first step in protecting yourself, but a joint effort is necessary and carriers will soon need to start arming their networks with security layers for their customers’ sake too.

Nominum is the worldwide leading provider of integrated subscriber, network and security solutions for network operators. Nominum is the provider of the N2 Platform that leverages more than 1 trillion DNS queries daily and enables the rapid development and seamless integration of applications that leverage DNS data. These applications are generated by the Nominum IDEAL ecosystem, an open ecosystem of application providers. The combined value of the N2 Platform and the IDEAL ecosystem provides network operators with the ability to deliver a differentiated subscriber experience with cost efficiency and agility. Nominum is a global organization headquartered in Redwood City, Calif.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification,
Microsoft MCITP Training at certkingdom.com

In a recent interview, Kaspersky Lab founder and CEO Eugene Kaspersky claimed that Apple is “10 years” behind Microsoft on security, as evidenced by the recent malware attacks affecting Mac OS X

There’s been a lot of chatter lately that the recent Flashback and Flashfake malware infestations plaguing Apple’s Max OS X are a sign that the Mac is not nearly as secure as Apple and its devout fans would like you to believe.
MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com

Eugene Kaspersky, however, founder and CEO of Kaspersky Lab—a leading producer of security software—claims things are much worse. He says that Apple is in a potentially dire position and must change its approach to patches and updates, much in the same way Microsoft did year ago to more quickly and efficiently address vulnerabilities in Windows.

In a recent interview with CBR Online, Kaspersky said,

“I think they are ten years behind Microsoft in terms of security. For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.”

Of course it’s possible to develop malware for OSX. Malware could be developed for any OS. As far as malware exploiting vulnerabilities, is that what’s been happening on Windows systems for ages?

Before we go on, we should point out what we believe to be a serious flaw in that statement. When Kaspersky says “there is no big difference between Mac and Windows,” that may be true on some level because they are both consumer operating systems, but the underlying technologies in OS X and Windows are fundamentally different. OS X is based on UNIX, which is decades more mature than Windows. And with that maturity also comes strong security.

Kaspersky goes on to say, “They will understand very soon that they have the same problems Microsoft had ten or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software.”

This may or may not be the case. Kaspersky asserts that the success of Flashback / Flashfake will result in more malware being released for OS X. We’re not so sure. Most malware producers are in it to make a quick buck, not for notoriety. And the success of one piece of malware, doesn’t guarantee more will follow. Flashback / Flashfake may be getting some attention now, but targeting the Mac just doesn’t make as much financial sense as targeting Windows.

The fact of the matter is, even with relatively strong Mac sales, Windows-based systems far outsell the Mac and malware producers are always going to more aggressively target the largest install base. At least that’s our opinion. What say you?

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com

Introduction
In the first part of my three-part series on increasing productivity when using SharePoint and SQL Server, we will focus on searching product data from the Adventure Works database, including the use of meta-data and managed properties. The second part will show how to link the search results to a page highlighting some of the Business Intelligence (BI) features of SharePoint based on product data. The third will focus on maintaining expertise in MySites in a managed fashion.
MCTS Training, MCITP Trainnig
Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com

Searching Product Data from the Adventure Works Database
One of the great benefits of using SharePoint is that it provides search, business intelligence, collaboration and portals on a unified platform. This provides a huge benefit in terms of cost-savings and productivity. To take advantage of the search functionality and provide the capability to search products in an intranet or public-facing website, it can be done by defining the taxonomy, putting that taxonomy into SharePoint and tying it to a crawl of the products database.

The products in the Adventure Works database are broken down into categories and sub-categories. Go into your Managed Metadata Service and define an Adventure Works Group.

Then, create a term set for both the categories and sub-categories. Now, add the items from the database. These can also be imported using the term store import functionality.

The next step is to create a view in the database that joins the products, sub-categories and categories to be indexed.

In order to connect to the data, go into your secure store application and create a target application to connect to the database. Name the target application “Adventure Works”. Use a Target Application Type of Group. Set the user name and password for Windows. Then, map the Members group to an AD Group that should have access to connect to those credentials.

Now open SharePoint Designer 2010 and connect to your site to create an External Content Type.

Click on External Content Types and choose the option to create a new one.

Enter the name of the content type. In this case, we will name it Adventure Works Products.

Choose Generic List as the Office Item List Type.

Hit the link named “Click Here to Discover External Data Sources and Define Operations” and choose SQL Server.

Enter the database server and database name and choose Connect with Impersonated Custom Identity. Enter the name of the desired secure store application used to connect to the AdventureWorks database.

Create “Read Item” and “Read List” operations for the view we created to expose the products, sub-categories and categories for searching by right-clicking the view name and choosing the new option for each. Accept all defaults on both.

Choose “Create Lists and Form” and name the list “Adventure Works Products”. Now, browse the list to ensure it pulls the products from the database.

Next, go into the Search Service Application to create a crawl of the external content type.

In central administration, open the search service application you wish to use.

Click on Content Sources, then choose New Content Source.

Once the full crawl completes, the next step is to map the Metadata Properties. Click the link to Metadata Properties under Queries and Results in the Search Service Application. Also, ensure the service account used to crawl the products has access to the Adventure Works BCS service application.

Click “Categories”, then “Business Data”.

At this point, there will be a list of properties from the products view.

Click the ProductCategory property and map it to the ProductCategory Managed property. Do the same for ProductSubCategory.

Run the full crawl again on the Adventure Works content source in the search service application.

Next, setup the action to view the product once it is returned by the search. Go to your business data connectivity service for Adventure Works Products, open it, and click the “View Profile” action and set it as follows:

Now we are set on the search of the products. Go to a search center or create one in your SharePoint environment. Add refinement filters to include the product and product subcategories.

Edit the search web page and modify the Refinement Panel web part.

Expand the Refinement grouping in the web part and de-select the Use Default Configuration option.

Add two <Category> tags to the XML in the Filter Category Definition property:

<Category Title=”Product Category” Description=”Use this filter to restrict results authored by a specific category” Type=”Microsoft.Office.Server.Search.WebControls.ManagedPropertyFilterGenerator” MetadataThreshold=”1″ NumberOfFiltersToDisplay=”4″ MaxNumberOfFilters=”20″ SortBy=”Frequency” SortByForMoreFilters=”Name” SortDirection=”Descending” SortDirectionForMoreFilters=”Ascending” ShowMoreLink=”True” MappedProperty=”ProductCategory” MoreLinkText=”show more” LessLinkText=”show fewer” />

<Category Title=”Product Subcategory” Description=”Use this filter to restrict results authored by a specific sub-category” Type=”Microsoft.Office.Server.Search.WebControls.ManagedPropertyFilterGenerator” MetadataThreshold=”1″ NumberOfFiltersToDisplay=”4″ MaxNumberOfFilters=”20″ SortBy=”Frequency” SortByForMoreFilters=”Name” SortDirection=”Descending” SortDirectionForMoreFilters=”Ascending” ShowMoreLink=”True” MappedProperty=”ProductSubCategory” MoreLinkText=”show more” LessLinkText=”show fewer” />

Search for Accessories and view the results. You can now search for products by product information, category and sub-category. Hover over the link to the product results and view the URL.

In the second part of the article series, we will create a product page with some BI features. .
MCTS Training, MCITP Trainnig
Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com