I recently had the opportunity to chat with Brandon Baker, Senior Dev Lead on the Hyper-V team to get some security best practices. You can hear them in this 8 minute podcast on Virtualization Security Best Practices, including:
Check out Brandon’s Blackhat conference presentation, including:
· Windows Server virtualization and Windows Server 2008 architecture and components
· How Windows Server virtualization virtualizes the CPU and enforces virtual machine isolation
· Best practices for Windows Server virtualization deployment
· Hardware futures [e.g., TXP from Intel, SVM from AMD, IOMMU]
· And more…
The IT Showcase group inside Microsoft IT writes up how we do things at Microsoft. Their latest white paper is just released: How Microsoft IT Manages Physical Security through Strategic IT Convergence.
This paper details the strategy for physical security and "secure by design" technologies that support access control, monitoring solutions, and incident response and real-time communication solutions. It lays out cost savings, improved security, and other significant benefits.
Check out the podcasts:
The updated Windows Vista Service Pack 1 management tools for the Hyper-V Release Candidate 1 are now available from the Microsoft Download Center, including:
Download the Windows Vista x64 Edition (KB949587) package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=C420D8A3-F0A7-415A-B748-3726D66BF0C3)
By now you may have heard that all of MSDN and TechNet run in production (with 4 million hits per day) on a pre-release version of Hyper-V. If you are interested in the specifics of performance and architecture, read the technical article on how MSCOM Virtualizes MSDN and TechNet on Hyper-V.
For example, some perf info:
· Hyper-V CPU overhead (as measured by the parent partition utilization) was 5 to 6 percent with linear progression as the number of requests increased.
· CPU oversubscription (three four-processor VMs on an eight-processor physical server) resulted in 3 percent lower overall performance per physical server based on overall requests per second per 1 percent CPU.
· Requests per second per 1 percent CPU performance of MSDN over the previous physical server platform improved.
· Physical MSDN handled 21 percent more requests per second per 1 percent CPU than virtualized MSDN.
Note: Requests per 1 percent CPU was a primary performance benchmark for our MSDN deployment because it distilled Hyper-V's effects down to a simple, but meaningful, number for these Web sites.
The success of Hyper-V as a web platform for both MSDN and TechNet for performance and stability has given the MSCOM ops team confidence to accelerate plans to implement Hyper-V for many of the other sites, such as the live traffic testing of www.microsoft.com on Hyper-V. Costs savings forecasted from running both System Center Virtual Machine Manager (SCVMM) v2 with Hyper-V should justify the measured overhead. The lessons learned section of the paper says:
Read more about how this team runs some of the most trafficked web sites in the world on their Microsoft.com Operations TechCenter, Blog, and Forum.
Yesterday the Hyper-V Clustering Guide went live in the download center. The Step-by-Step Guide for Testing Hyper-V and Failover Clustering shows you how to test using Hyper-V and Failover Clustering together to make a virtual machine highly available.
Well, this technical writer at Microsoft I mean. This post started with a colleague’s request:
We want to capture some information for applicants to tech writing jobs at Microsoft about what the job really entails. In 300 words or less, tell us:
Note to self: using the Word Count tool built in to Windows Live Writer – I can see that up to the begging of this sentence my word count was 71. This data helps me plan the rest of the post, since word count is one of the success criteria. Hrrm.. not going to be able to get a narrative and the data I want into that word count. Going to have to embrace and extend the WC requirement and use some bulleted lists and acronymns…
So here goes – <word count on>
I am a technical writer on the Hyper-V team, writing for IT Pros. I also blog to IT Pros at http://blogs.technet.com/tonyso.
Having kept a loose running count of a typical today, I tally the following:
Tools used 1> today:
Challenges include our internal content-authoring managing distractions, tasks, and deadlines. Coping mechanism include music, humor, caffeine, and the tools above – without which, succeeding at this job would be impossible.
Words including this final sentence = 243, time spent start-to-finish = 18 minutes.
In this podcast with Hyper-V Senior dev lead Brandon Baker he discussed security best practices, including making sure that all your VMs, especially the ones that are “frozen”, waiting in the library, or otherwise offline are patched up before you turn them on.
Splogbane: If you are reading this on a blog other than http://blogs.technet.com/tonyso, why not stop patronizing a splog and come over to the original?
To improve security you should:
Today (till 8/1/2008) you can use the free Offline Virtual Machine Servicing Tool (Beta) to take care of this.
This Solution Accelerator depends on other Microsoft Software:
And requires hardware in the form of a “maintenance host”, with the following minspecs:
Other requirements include:
Using http://search.live.com/macros/ you can create your own custom search macros. For example, the Terminal Services UA Macro allows you to search just through the Terminal Services docs in the MSDN Library. You can use the side-by-side test page to see your macro's results. When you're satisfied with your macro, you can save it, customize its home page, and then start searching. You can even turn it into Vista gadgets like Chris did.
Stefan Stranger’s Blog post details how he extended the gadget to include his own website.
One of my favorite weekend pastimes is sailing. Garage sale-ing that is. (Note to self: that pun works better out loud than on screen…). Gslar.com has a nifty mapping app that allows me to chart a route to local garage sales, local estate sales, and multi-family yard sales. It includes a trip planner with directions. Imagine if TechNet/MSDN offered a version of this that allowed you to plan an itinerary of tech events and/or user group meetings? If you’d like to see something like that, leave comments here – better yet, why not mash it up yourself and let us all know about it here?
I browse for books, games and music. Nothing beats $.99 cds. On a recent trip I found the 1995 Bugs in Writing by Lyn Dupre. This got me thinking about applying Six Sigma methodology to technical writing. I was discussing it with a colleague that had some disappointments with previous attempts at applying SixSig to improve quality in writing.
We talked about defining the “defect” as “failure to meet the customer expectation." Teams he’d worked with in the past had trouble producing an action they could take to improve quality.
I tried a poker analogy on him that seemed to resonate. Using an FMEA approach:
If your goal is to win at poker, then the first thing you should do is stop losing (failure mode). The most important of the many causes of this failure mode is what the poker-types call “playing too many hands.” This just means that if you play fewer, higher-quality hands, you will loose less often than if you play any two cards. There is a whole poker book industry devoted to ranking the fine degrees of severity of this cause. Because of the frequency at which they win, some say you should only play the top 10 starting hands, or fold everything except the top 12 starting hands. Some say only play the top 20 hands. In any case, frequency is not really a challenge – you make the decision every hand pre-flop. Detection can be tricky, because it has two parts: you always see your hand, but sometimes you can figure out what your opponent is likely to have as well. This is called a “poker tell”, “read”, and sometimes “putting them on a hand.” Following this strategy will get you toward your goal, you will have easier decisions, and make fewer mistakes, with less disastrous effects, than if you played more hands.
Apply this to creating technical content. We have data that shows that one of the things that dissatisfy IT Pros the most is not being able to quickly find the content they need (failure mode). This is actually easy for us to detect, we have direct feedback on the general problem, and we have search terms data that tells us the specifics. So, the best starting strategy to tackle this problem is to make it easier for IT Pros to quickly find the content they need. We can use SEO tools and techniques on content that is already on TechNet, and then ensure that all new content has good keywords, and descriptions, and such. We can start with the trouble-shooting content, as we know this is the most dissatisfying content across our set of content.
What are your thoughts about trying to get content teams to look at it this way? Better metaphors? Alternate approaches? Leave comments – much appreciated in advance.