With heavy server consolidation through virtualization comes some new things to thing about from the operations perspective. In many ways, you have to start thinking of a box in the same way as you used to think of a branch office or small data center. For example. now that a single box can host many VMs running critical workloads, you may have to change your view of who touches that box, for what reason, and when. Service/maintenance schedules for the host should probably be different than the schedule for patching the VMs, for example. Same for scheduled backups. If you let VM admins keep snapshots/images/backups on local disk, you may find new disk capacity management issues to get on top of with all those stored VHDs, not to mention that they will have different levels of confidentiality you must manage. Security boundaries - should you have VMs of differing admin security levels on the same host? How can you achieve role based security in Hyper-v?
Recently, I sat down to record a short 10 minute podcast with Brandon Baker on virtualization security, sparked by his blog post on Isolation of Virtual Machines, to chat about some of these issues.
Check out Brandon’s Blackhat conference presentation, including:
· Windows Server virtualization and Windows Server 2008 architecture and components
· How Windows Server virtualization virtualizes the CPU and enforces virtual machine isolation
· Best practices for Windows Server virtualization deployment
· Hardware futures [e.g., TXP from Intel, SVM from AMD, IOMMU]
· And more…
Blackhat also posted a .pdf of his Hypervisor architecture presentation
The beta of the next version of VMM (SCVMM 2008), which includes support for Hyper-V, and requires the RC version of Hyper-V, is available today on http://www.connect.microsoft.com/ (requires Windows LiveID sign in and beta program participation).
New stuff includes:
One of the key performance indicators (KPI) for good technical writing is conciseness. This is one reason why geeks (and the military) love TLAs so much, “Lookee, it only takes three keystrokes instead of twenty!”
Sidebar: my first year at Microsoft, I kept a Sharepoint list of TLAs I ran across each day. I stopped after 1,000...
Writing Well tells us “Conciseness and precision go together.”
Conciseness: Methods of Eliminating Wordiness, from the Purdue University online writing lab, includes 10 algorithms you can apply to reduce the wordiness of your writing.
If you think of writing like software engineers think of writing code, you can grasp the rule of thumb: reducing the number of lines of code by 50% yields a 500% reduction in time to analyze, debug, and maintain.
Reduce wordiness = increase conciseness.
Remember and apply Will Strunk's Rule #17: “Omit needless words, omit needless words, omit needless words.”
When you get down to the sentence level, check out Writing Concise Sentences for some more actionable steps you can take to reduce wordiness, increase precision, and generally de-cruft your writing.
Do as I say, not as I do.
If I were part of the response team for a Day 0 or other IT security response team, or doing training to prepare for that, or a parent who wanted to help a student research a project for school, I’d want to know about the SearchTogether beta (requires Windows Live ID). Click here to download.
ST comes out of Microsoft Research and includes group query histories, split searching, page-level rating and commenting, automatically-generated shared summaries, peek-and-follow browsing, and integrated chat. For a more complete discussion of SearchTogether's features, check out the tutorial and the SearchTogether beta forum. The forum enables you to post comments, feedback, and feature requests, and can meet and connect with others with whom they might wish to engage in a collaborative Web search.
Check it out. Leave comments here on how IT Pros might use this.
FYI we are fixing an error on page 60 of the Windows Server 2008 TS Gateway Server Step-By-Step Setup Guide as follows:
14. On the Authentication Delegation page, click No delegation, and client cannot authenticate directly, and then click Next.
14. On the Authentication Delegation page, click No delegation, and client can authenticate directly, and then click Next.
Following the instructions for setting this ISA web publishing rule results in users being continually prompted for credentials when trying to connect. Sorry for the error, we are getting out the fix as soon as we can for both the online and download center versions.
Wouldn’t it be cool if TechNet Library pages had the ability for me to post this correction directly on the page till we get the update through the publishing process? Over on MSDN this is called “community content” or the “MSDN wiki” and looks something like this:
Want this for TechNet library content? Leave comments.
You already knew about the free, agent-less Microsoft Assessment and Planning Tool, right?
Today the team blog shows you how to use it for Server Virtualization Candidacy Reporting. You are going to need the information in that report to plan your Hyper-V deployment.
You can also watch the MAP Demo Video
Running Virtual Server 2005 R2 SP1 and DPM 2007? Got backup? Offsite/Onsite/Or both? Two deployment cookbooks will help you:
Splogbane: If you are reading this on a blog other than http://blogs.technet.com/tonyso, why not stop patronizing a splog and come over to the original?
Download all the Microsoft Virtualization Deployment Cookbooks:
• Backup and Recovery using Microsoft Virtual Server 2005 R2 Service Pack 1 and Acronis True Image 9.1 Enterprise Edition • Deployment Cookbook: Branch Office—Microsoft System Center Virtual Machine Manager Microsoft Virtual Server 2005 R2 Service Pack 1 • Deployment Cookbook: High Availability with Virtual Server Host Clustering • Deployment Cookbook: Hosted Backup—Microsoft System Center Data Protection Manager 2007 and Microsoft Virtual Server 2005 R2 Service Pack 1 • Deployment Cookbook: Offsite Backup—Microsoft System Center Data Protection Manager 2007 and Microsoft Virtual Server 2005 R2 Service Pack 1 • Deployment Cookbook: Onsite Backup—Microsoft System Center Data Protection Manager 2007 and Microsoft Virtual Server 2005 R2 Service Pack 1 • Microsoft System Center Data Protection Manager 2007, Microsoft Virtual Server 2005 R2 Service Pack 1, and Microsoft System Center Virtual Machine Manager • Microsoft Virtual Server 2005 R2 Service Pack 1 and Microsoft System Center Virtual Machine Manager • Mobile User Access of Applications. Terminal Server running on virtual machines using Microsoft Virtual Server 2005 R2 Service Pack 1 • Quick Migration with Virtual Server Host Clustering Windows Server 2003 Enterprise Edition & Microsoft Virtual Server 2005 R2 Service Pack 1
P.S. After you read those, leave comments here about what content is missing.
Last week Glenn Derene declared in How Social Networking Could Kill Web Search as We Know It “the next generation of Web users may find what they want by using their social network rather than a search algorithm".”
Now, this article is really positing search in the broad “consumer” sense - search as in movie, restaurant, recipe, new electronic device, movie reviews and such. Whenever I want to search for facts or technical information, I think how it might be tagged and then search blogs.technet.com, or blogs.msdn.com, or del.icio.us, ma.gnolia, stumbleupon, etc. If ti was day zero, and I was part of the response team, I’d probably keep an eye on the twitter-verse.
One reason IT Pros use http://blogs.technet.com is that they grok that it is much easier to watch an IT Pro blog about technology X than it is to find all the technical content yourself (or just the subset that you need at the moment, thank-you-very-much). In the article, Udi Manber, Google’s vice president of engineering in charge of search quality, says “The art of ranking is one of taking lots of signals and putting them together. Signals from your friends are better, stronger signals.”
The tag cloud on msdn shows some interesting info, like how big PowerShell is (literally and figuratively), and how much of our content has bugs (who knew?).
Now, consider the possibilities for delivering you targeted technical information out of TechNet and MSDN that this guy has unleashed.
Back in the day, the folks who brought us PONG got it right. Here is the user manual:
When is the last time you were given such succinct, yet usable instructions? Leave a comment.
TechNet/MSDN Search PM Rob Veliz recorded a short podcast with me giving tips on Search Engine Optimization, and the new TechNet Enhanced Search Refinement that takes you direct to the Technical Library content called "Documents & Articles."
Splogaway: If you are reading this on a blog other than http://blogs.technet.com/tonyso, why not stop patronizing a splog and come over to the original?
His tips include:
1> Get the free adCenter Add-in Beta for Excel 2007 and use it to analyze and improve your keywords. This tool includes the Ad Intelligence model, which enables you to:
2> Use the data from 1 to optimize your descriptions. Writing an effective description tag for search is and essential step toward improving CTs in search results. Interesting: the meta description tag has no effect on a site’s rank in search results.
3> Use a backlink analyzer tool to increase the quantity and quality of your backlinks.
Read Rob's blog for more SEO Tips.
Jose Barreto has posted a detailed blog post with many screenshots walking you through his demo setup that shows how he configured his demo for Storage Networking World.
It is an excellent primer on how to configure Hyper-V with failover clustering on Windows Server 2008 core, using:
Yesterday Microsoft opened 150 “touch down” work spaces for temporary use by Microsoft employees as part of a broad company strategy to help Seattle-based employees deal with the ever-worsening commute.
Today, I took it for a test drive. I took the Seattle Metro bus to work instead of driving my SUV (Microsoft provides me a pass that sticks on my employee smartcard). I was the first to use the online reservation system for a cubicle, which was kind of fun.
The building is modern and airy, with a nice view of the Needle and the EMP to the west.
They have rooms to take speakerphone conf calls that don't disturb everyone nearby, and rooms to help me focus.
Even the toilets are new, and come with instructions (to help you save water). The green coating on the handle is to "reduce germs."
Press up for skinny flush (one drop) and down for full flush (3 drops). Back in the California drought days, the low-tech fix for saving water was to accumulate three number 1 ("fluid") deposits before flushing - same effect.
How do you find scripts? For example, I ran across this script today in the Windows Server 2008 Technical Library that installs IIS 7.0 on Windows Vista, but I didn't find it in the script center. In fact, the Script repository had no scripts for IIS 7.0...
Type the following command into a script:
If you use this script, you get the full IIS installation, which installs all available feature packages. If there are feature packages you don't need, you should edit the script to install only the packages you require.
I blogged earlier about the new troubleshooting content in Windows Server 2008, including an audio podcast with author Dan Brown. Seeing is believing and now the Edge has a video demo here. Once you see the new content, and hpw it will save you time, you'll consider the ~20 mins looking at the vid well spent. Here's the Edge informational blurb FYI:
"Have you noticed the "More Information: Event Log Online Help" links at the bottom of some event log entries? Ever wonder who wrote up all those? I had an opportunity to sit down with Dan Brown (no, not that Dan Brown) to talk about Windows Troubleshooting. He's part of a team that wrote 9000 online help entries, consisting of some 3 Million words. Many of those words are things like resolve and verify and troubleshoot - and they give you info you need to find out why that event log entry got made in the first place."
Brain plasticity is a wondrous thing, and may explain the age-old apparent connection between madness (or at least severe social dysfunction) and artistic ability.
Dr. Anne Adams, stricken by frontotemporal dementia (FTD), developed thickening in the area of her brain that deals with visual and spatial processing at the same time as the FTD was destroying the part that deals with with language.
Her visual interpretation of Pi (below).
Read more about her story here. View more of her art, including “An ABC Book of Invertebrates,” and an image of a migraine aura at two Web sites: members.shaw.ca/adms and memory.ucsf.edu/Art/gallery.htm.
Craig let the cat out of the bag and reveals a handy tip on navigating TechNet and MSDN in his blog post today.
Following on the earlier post asking you all what you thought about Twitter, I find this interesting TechCrunch post that indicates the tweetosphere is another attack surface you've got to monitor in the sense that it is serving some as an early-warning system for customer-sat issues.
A Tweet Scan on "TechNet" of a few minutes ago shows 30 some-odd tweets, including some actionable ones:
Dear Microsoft: You can detect that I'm running Server 2003 on Technet. Stop asking me to install the silverlight beta. This is a server. (2008-03-31 14:27:08)
Amazed that Microsoft have not heard of tinyurl (etc.) as a newsletter has a 6-line URL in the latest TechNet newsletter (2008-04-09 08:25:04)
TechNet Poo-bahs - Are you listening?
The new Windows User Account Control Step-by-Step Guide provides guidance on handling UAC behavior when you need to test applications, such as LOB apps, in both Vista and Windows Server 2008. It covers three scenarios:
Scenario 1: Request an application to run elevated one time
Scenario 2: Mark an application to always run elevated
Scenario 3: Configure User Account Control
You will also want to read Getting Started with User Account Control on Windows Vista, and Understanding and Configuring User Account Control in Windows Vista. For the developers, see Windows Vista Application Development Requirements for User Account Control (UAC).
You already knew that TechNet launched enhanced search with Live Search.
Search is an interesting tool, and reveals while writing this that my blog of Feb 19, 2008 on this was ripped verbatim by this splog.
TechNet enhanced search offers refinements, such as by topic and by source (show below) that let you filter out lots of content that you are not interested in, so that you can more easily find the content you want. For example, the search shown below shows that there are blog and forum posts, KBs, and even an Edge video available in the top results for RSAT. But, what I really want is the "official" content in the technical library.
Clicking on the "Documentation & Articles" refinement pops Server Manager Technical Overview Appendix to the top of the results in .9 seconds. Now, this content was in the original list of 20000 items, but is was "below the fold" and hard to detect amongst the other content.
IT Pros need content fast. TechNet enhanced search refinements helps get them there. The new "Documentation & Articles" source refinement is a big productivity booster if you suspect that the content you want is in the library.
Scott Hanselman's blog post on the the Usefulness of Micro-blogging stirs a couple thoughts. Aside from corp-to-consumer marcom aspects -how do IT Pros use twitter-like apps?
Security incident response? Networking at events? Hanselman warns:
"One thing to point out (warn you) about Twitter is that tweets tend to be more sarcastic, silly, non-technical, whatever than on a blog. It's important to remember that what you say on Twitter is public, indexable, and arguably permanent, which is both a good thing and a bad thing, but be aware - The Internet Remembers."
Twitter as Message Bus
Hansleman points out:
"There's a number of examples of Twitter being used as a message bus. For example, you can create a Twitter user as a "bot" to be used to send an receive information via an API. One such user is "commuter" that supports the http://commuterfeed.com/ website."
Any IT Pros pursuing this for Data Center alerts?
Share -discuss - tweet if you must, its allowed here.
Microsoft IT recently published a paper detailing their early-adopter experience with TS in Windows Server 2008. They share some server sizing best practice recommendations, viz:
By deploying Terminal Services 2008 in both small and large environments worldwide, the deployment team developed the following best practices that it considers important to the successful deployment of a Terminal Services environment:
This blog post breaks the awesome news: Over 18 TeraFlop/s Linpack Performance running the latest prelease of Windows HPC Server 2008
For more info on HPC, check out the community site, and blog. See Also, TN Edge videos, including a cool series on Turning a Mac Mini into a virtual Windows HPC cluster. 1 of 4
Detailed steps for migrating your Hyper-V beta VMs to RC are included in the How to Install Windows Server 2008 Hyper-V Release Candidate doc, viz:
Migration of virtual machine configurations from Hyper-V Beta is not supported. All virtual machine configurations must be recreated using Hyper-V RC. However, customers will be able to migrate VHD files for released operating systems (Pre-release version of Windows Server 2008 will need to be recreated with the RTM version). There are several important factors to consider and steps to be followed for migrating VHDs to Hyper-V RC. These steps are covered below. Please refer to http://support.microsoft.com/kb/949222 for instructions on how to move VHDs created on Hyper-V Beta to RC. The following steps provide a high-level summary:
Document existing settings for
Virtual machines (example: memory, CPU, virtual network adapter settings, etc.).
Virtual switches including all configuration information.
Network adapters within the virtual machine (example: IP Address, DNS address, etc.).
Your virtual machines must be shut down and all saved-states must be deleted.
All snapshots must be deleted or merged into the parent VHD. You cannot bring a virtual machine into Hyper-V RC if it has snapshots. Merging of your snapshots can take some time. Ensure that your snapshots have merged and all that remains is a single .VHD file.
Copy your VHD files to a safe location.
Apply the updates for RC as described in the section Enabling Hyper-V. After you upgrade to Hyper-V RC, your virtual machine configurations must be recreated.
Create new virtual switches and configure based on the information you collected in Step 1.
Create new virtual machines using the ‘New Virtual Machine Wizard’ in the Hyper-V Management Console. Use the information you collected during Step #1. When prompted, attach your existing VHD to the newly created virtual machine.
Once you launch your virtual machine, you should install the new integration components included with Hyper-V for supported guest operating systems following one of the options below: Pre Windows Server 2008 Guest virtual machines including Windows Vista SP1: Install the latest Integration Components contained in the VMGuest.ISO file. This is achieved by clicking on the ‘Action’ menu in the VM Connect session and selecting ‘Insert Integration Components’. Windows Server 2008 Guest virtual machines: Apply the same update (QFE) inside the child virtual machine that is used to update the parent partition to Hyper-V RC, choosing the appropriate x86 or x64 architecture. This QFE can be installed within the virtual machine in various ways including:
Adding a legacy network adapter to the virtual machine while the virtual machine is not running. Then, launch the virtual machine and download the QFE directly from Windows Update. Once the QFE is applied, you may wish to remove the legacy network adapter from the virtual machine configuration.
Download the QFE and burn the update onto a physical CD using the parent partition or a separate client computer. Mount the physical CD drive within the child virtual machine and install the update.
Download the QFE and create an ISO image. Mount the ISO image within the child virtual machine and install the update.
Note: Running the setup program contained in the VMGuest.iso within a Windows Server 2008 child virtual machine does not update the integration components. Following the steps listed above is the only method to install the latest integration components for Windows Server 2008.
Configure the network settings within the virtual machine using the information you wrote down in step #1.
Jeff Wolsey talks on the Edge about what's coming in the RC0 release of Hyper-V, described in this KB, including:
As of today, you can get the RC 0 off WSUS, since it is a Windows Server 2008 patch. For more info see How to Install Windows Server 2008 Hyper-V Release Candidate.
You'll want to read the Release Notes for This Release of Hyper-V.
You can find the Hyper-V manager mmc here:
Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=450931F5-EBEC-4C0B-95BD-E3BA19D296B1&displaylang=en
Vista x86 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=BC3D09CC-3752-4934-B84C-905E78BE50A1&displaylang=en
NOTE: Virtual machines that were created on the beta version of the Hyper-V role do not start after the Hyper-V role is updated to a later version. You can use the virtual hard disk (.vhd) files. However, the virtual machine configuration settings must be re-created. Stepwise instructions are in KB 949222 (http://support.microsoft.com/kb/949222/)
It has been a few weeks, but I wanted to mark the passing of an inspirational writer - Sir Arthur Charles Clarke, CBE.
Once, during part of his 60+ year writing career, for a Wired Magazine challenge to write a six-word story - Clarke "embraced and extended" the challenge to 10 words...
"God said, 'Cancel Program GENESIS.' The universe ceased to exist."
His book Childhood's End is a classic. I shall miss him.