Just realised I hadn’t yet posted about my new book, Windows 8 for Tablets Plain & Simple, is out. It’s perfect for getting to know Windows 8 on a Tablet, a great gift for Christmas for you mum, sister, husband, wife or dog. If you review the book ping me an email and I’ll send you a little something.
In a couple of weeks time Andrew, Planky and I will be hosting a slew of experts for TechDays Online. If you’ve been unable to get to our Windows Server 2012 camps you’ll find some really great walkthroughs at TechDays Online. It’s not only Windows Server 2012 we’ll be covering though, we have Windows 8, Azure and System Center half days sessions that you should sign up for.
It’s free and online and signup is here:
Signup for Day 1
Signup for Day 2
We all want to store more information. Be it our ever growing email archive, our collection of family photos, or our customer invoices the information that we and our businesses need to store is an ever increasing volume. The amount of storage available to you or your organisation may of course not quite be able to grow at such a rate because while disk is an every cheaper resource, it’s still not free. There are many options increasing your storage capability, off premises archiving to cloud storage for example but that can mean moving the cost elsewhere (bandwidth for example). A better option could be to decrease what you need to store.
Of course I’m not suggesting that you should go around deleting a whole bunch of user’s files, which would be bad and probably result in a P45 saying hello. You could ask your users to delete their own files which some may do, many however will take the view that their time is more important than the storage costs. Some would also be pig headed and ask why, when a disk costs £70 for 2TB, they should have to delete their stuff. Many will also be completely clueless as to their disk usage.
Windows Server 2012 comes to your rescue with a great feature called Deduplification (dedup) which works some magic and actually cuts down the amount of data you need to store without losing any of the data. Frankly it’s a little bit like magic.
Essentially what Dedup does is looks at what’s stored in a volume and looks for matches between chunks of data. When it spots two chunks that are identically it removes the second copy of that chunk freeing up the disk space that was consumed by that duplicate chunk of data and pointing any disk requests for that data chunk to the other copy of the chunk. A simplified example will help understanding, don’t get too hung up on the detail here – like the fact we’re using words, those are just an abstraction for illustration.
Your disk stores words, the words HELLO MARY HOW ARE YOU and HELLO DAVID HOW ARE YOU TODAY. All we really need to store is what’s unique, everything else is just duplication, so we store HELLO MARY HOW ARE YOU DAVID TODAY. Doing that saves us the second HELLO, HOW, ARE and YOU, or 11 letters, or about 38% of the storage originally needed for the 37 letters of the original sentences.
Dedup doesn’t however look at your data and workout what words are duplicated over and over, that would be inefficient as you store other data in many formats that might not be actual words. However all data is stored in bits on your disks, so Dedup looks at the bits on a disk but of course looking at bits is too granular (they are all 1 and 0 obviously) so context would be lost. Dedup instead looks at chunks of data that have identical patters. When a chunk is spotted with an identical pattern it is considered a duplicate and deduplicated. What is very clever though is how dedup decides on those chunks by looking how to make the most efficient savings and changing the size of the chunks of deduplication. Another example will help, again with words.
Your disk stores words, the words HELLO MARY HOW ARE YOU TODAY and HELLO MARY HOW ARE YOUR CHILDREN TODAY. This time the deduplicated disk only stores HELLO MARY HOW ARE YOU TODAY R CHILDREN. In this second example we don’t need to store the word YOUR even though it’s a new word because it still matches a smaller chunk for the most part.
One of the coolest things about dedup is that it works at this lower than the file, higher than the bits level so it can dudpe across file types, across file boundaries and any physical disk boundaries such as disk block size. This means that for example should an Excel file contain the word CONTOSO and that exact same word is in a TEXT file the two could theoretically duplicate against each other.
We’ve been introducing this topic at our IT camps and getting the audience to test their own file servers using the DDPEVAL.EXE tool. You can get this tool from any Windows Server 2012 computer with Dedup enabled and run it, non-intrusively, on any volume or share to evaluate how much space dedudp will save you (just follow up to step 2 below and you’ll find the exe in Windows\system32). Attendees are seeing between 22% and 75% potential savings on profile, development and file server shares.
If you’re sat there reading this thinking about data integrity then you get extra marks. If you’re deduping you do put extra reliance on the one copy of the data that you do have. For that reason dedup will only use one deduplicated chunk 1000 times, then the 1001st occurrence of the same chunk is spotted it leaves it and dedups against that chunk for the subsequent 1000 duplicates found. Furthermore the deduped chunk is maintained by re-writing the chunk when a process writes any data that contains that chunk. This along with other controls maintains consistency.
If you’re using BranchCache you should also be jolly happy because the two technologies work together to reduce duplication in branch environments too.
Enabling Dedup is a case of adding the feature in to Windows Server 2012, which it’s self is easy to do.
1. From Server Manager select Manage > Add Roles and Features then select the server you want to add Dedup to.
2. On the Server Roles wizard page expand File and Storage Services > Files and iSCSI Services and check Data Deduplication then complete the wizard to install the feature.
3. Select the File and Storage Services node in server manager.
4. Select Volumes and locate the server you enabled deduplication on (hint – if you don’t see it you need to add the server into Server Manager). Then select the volume on the server you wish to dedup.
5. Right click the volume and select Configure Data Deduplication.
6. Check Enable data deduplication. From here you need to select a minimum age for files to be duduplicated, this prevents files that are changing too frequently from needless deduplication saving server resources. Enter any particular file types to skip, VHDs are skipped for example because they are open for long periods, you can also specify specifc folders to include or exclude and specify a schedule for running dedup jobs. Click OK to apply the changes.
That’s all there is to it to enable deduplication, the first dedup job will run when the schedule allows. There is much more that can be done with PowerShell, but by way of a teaser the following commands are useful:
Get-dedupjob Shows the current dedup job status if a job is running.
Get-dedupstatus Shows how much deduplication has occurred – this will show the savings.
Start-dedupjob Starts immediate deduplicaiton.
Dedup is a great tool in the arsenal of any IT guy struggling with data storage costs, give it a try using DDPEVAL and see if this one feature alone is going to make Windows Server 2012 right for you, it just might!
If you want more technical information on Data Dedup then checkout Data Deduplication TechNet library and download the Windows Server 2012 Evaluation.
Some thoughts on another form of the Bring Your Own trend that you may have missed and how to take it one step too far (although this is probably already happening). A mobile hotspot, a strict web filter and an a social networker inadvertently crack a hole in IT policy.
Last week I was doing a tour of the UK seeing friends and generally having fun. I met a friend of mine who happens to be a gadget geek, he has everything for the latest TV to a thin tablet device. We got to talking about how his wife uses the tablet and where and she said that she’d love to use it more at work, but her company ban anyone from attaching devices to the network. Incidentally they also ban Facebook, YouTube and other “fun”, non-work stuff.
She still takes this device to work though, and just occasionally takes work home on it – I found how fascinating.
My friends company aren’t entirely stuck in the dark ages, so they give her a laptop (it’s black and boring but solid) but it gets locked in her desk drawer over night because it’s too heavy to bother taking home. They do let her take it home and to enable that she can connect to WiFi networks of her choosing.
When she does take it home it works just fine on their home network (which by the way is 50mb fibre and faster than the office).
She wasn’t overly impressed by the idea of the tablet when they first got it, so to save money she insisted her husband only got the WiFi version, which he did. A couple of days later they realised it was a bit limited when they went away with the kids for a few days camping so they got a MiFi adapter and were happy campers again.
A few days later she took the tablet to work, along with the MiFi adapter and was using it at her desk to check Facebook etc. So that policy of stopping access to Facebook because it distracts employees just shot out of the window. Nothing new there, she’d had a smart phone for a while and had been doing that anyway.
Then it happened. A brain wave. She connected her work laptop to the MiFi and got on Facebook. You see the company does require everyone to go through a proxy to control access when they’re on the work network – very sensible for security and stopping dropped productivity of employees. The proxy was set to autodetect because people with laptops go mobile. Then she worked out that she could get to her web based email too, so she emailed over some work documents and received them on her tablet.
I found this interesting because rather than just taking her own device to work, my friend took her own network.
It’s worth pointing out that this is no different to her going into a coffee shop or using her laptop at home. She can still get to “fun” sites in both of those cases too and she can still email documents home, the difference being that it’s now easier for her to do, she doesn’t need to lug a heavy laptop home.
What could IT do differently: they could manually (group policy) set the proxy and force everyone through the VPN, but what would that achieve…no access to “fun” sites, yes. It would also mean the end to their mobile working policy since so many coffee shops and hotels require you to sign into a webpage to gain access to the Internet.
Really what IT need to do is review their mobile working policy and their web access policies and make them congruent. IT rules have gotten in the way of the user, who found an easy way around the policy.
I wonder what else you could do by taking your own network to work…
Ok if this was was me I’d do one thing more than my friend, I’d go into the network adapter order and make sure the wireless NIC is of higher priority than the wired NIC, then I’d plug the laptop into the wired network. What would happen? My internet traffic would route through the MiFi and my local network traffic would route through the wired NIC, I’d have free reign to get to anything on the internet and my work network.
Things would get seriously hinkey if I bridged the two networks, but I might not bother to do that.
So if you’re blocking “fun” sites, are you really blocking them or making users more “creative”?
For some time I’ve been trying to work out with colleagues how to articulate what I see as a solid model for dealing with consumerisation of IT in the workplace or even allowing people to bring their own devices. It’s quite tough to find some mental model to help people to understand the kind of approaches that work. I’m looking for a way to help you manage more than the standard IT desktop, to make more sense of productivity at work and with a view of IT security risks.
The key is balancing the approach: do more with less, more permissive access to less secure stuff. Most of an organisations “stuff” tends to require less security than IT think. Be a guide not a gate keeper.
Good, Better, Best, seems to be the most applicable that I’ve found.
GOOD is most open, your users being able to access your network, get IP addresses, get to some apps / services / data. They probably have to keep entering credentials and they may be storing those credentials on their device.
BETTER is having some modicum of remediation over the device – the ability to remote wipe it for example.
BEST is having an authenticated connection with general purpose security (you could say domain joined PC)
N+1 is having the ability to ensure end to end security, encrypted device, encrypted communications, rights managed documents, remote wipe, policy based management, policy based enforcement.
Not all devices will fit into all categories, in-fact probably only Domain joined Windows PCs will be able to enter the N+1 category (that’s because all the things mentioned are built in from the ground up). That said most people probably don’t need everything in the N+1 category. Most organisations will also see their users adding GOOD and BETTER devices to their mobile worker armoury along with a BEST or N+1 devices.
A further note on N+1 is that this is where I see private cloud hosted apps and desktops and there is no reason that a GOOD, BETTER or BEST device can’t be used to access an N+1 hosted app or desktop.
*caveat: this is a simple model, there will be many exceptions, the key is mixture.