If you haven't heard by now, then I will tell you -- last week, Microsoft laid off 1,400 employees. I was one of those 1,400. I'm not telling you this because I am looking for sympathy, but rather because I want to extend my sincere appreciation. While I loved every aspect of my job and miss it for much more than a paycheck, blogging was my favorite. I appreciate every single one of you who read my blog, even if only infrequently. :)
One of the questions I have been hearing often involves my very first blog post on this site -- "What about the Blue Monster?" The truth is, I haven't regretted that tattoo since I got it and now is no exception. The Blue Monster is staying. :)
Working at Microsoft has been the greatest experience of my life and I have no desire to forget about it. And even if I don't get back into Microsoft right away (which is, by the way, my plan!), then I have a reminder that even outside of Microsoft, I need to do my best to change the world every single day.
I'm not sure how my lay-off affects my ability to blog here, but rather than risking a sudden loss of access, I have decided to start a new blog. I'm planning on keeping it focused on technology, much like this one was (mostly), but who knows where it will go? Update your bookmarks, RSS feeds, and stop by to say hello.
This is a phrase I have heard more than once when discussing security. It shouldn't come as a surprise -- it's why banks have vaults and secure facilities have fences. Technology security is no different -- physical access to a PC trumps all. What does that mean when you're considering IT security measures? It means that step 1 in any good security plan is making sure that your machines are stored safely. If, for instance, you have a server hosting sensitive data (like customer information, trade secrets, financial data, etc.), make sure that physical access to the server is limited. You may have firewalls, encryption, passwords, etc., but do you have a locked door to your server room? Does a janitor equipped with a screwdriver have the opportunity to open that server and pull out its hard drives? If he did, would you know? Of course, security doesn't just apply to servers. What about laptops and desktops? Are they secured? Are they physically connected to users' desks so that they can't "walk away"? Who else has access to the facility? Do you allow vendors in? What is the policy on access? Do you use sign-in sheets? Have multiple doors? Cameras? Alarms on all the external windows and doors?
I realized (in my third draft of this post) that a lot of security items relate directly to "physical access." Trying to include them all in one post would've made this quite long. Instead, I'm going to break this up into several posts. To get started, let me ask some questions relating to physical security:
- What is the password policy in your organization? Are you enforcing complex passwords? Have you educated your users about the dangers of using a password containing dictionary words and/or personally identifiable information, such as birthdates, pet names, etc.? Have you configured the "display logon screen on resume" functionality in the screensaver options? Are you using two-factor authentication so that it takes more than a password to get in?
- What is your policy on external devices? Do users have the ability to connect an external device, such as a USB thumb drive, to their machines?
- Do you use encryption software on your hard drives? If a hacker does get his/her hands on your laptop/desktop/server machine and remove the drive(s), can they access them?
The point of this is not to frighten you, but to get you to think about security in a holistic way. It's more than alarms and passwords -- it needs to be a comprehensive plan to cover all aspects of security in order to keep your data safe while allowing access to those who require it.
Watch for more posts on security-related topics. In the meantime, think about potential holes in your current security scheme.
Technorati Tags:
security,
Microsoft
Have you ever wondered? Truth is, I never have. And, as hard as I think about it, I don't ever remember seeing a president furiously punching keys as he types a text or an e-mail. Turns out, there's a reason for that: Bill Clinton, according to this article, sent only two e-mails during his term in office. (I know -- hard for me to believe, too.) George W. Bush stopped using e-mail in 2001. Now, I admit, during my SharePoint talks, I do point out that we, as a society, depend far too much on e-mail and expect it to do things it was really never meant to do (like achieve real-time communication and distribute files). That aside, I cannot imagine how I could get through my day with only 2 e-mails, let alone 8 years! But, that's probably one of the many, many reasons that I am not President of the United States. (I think that not being elected probably has something to do with it as well.) :)
But, I have noticed that I often see President-elect Obama with a portable device of some sort in hand. I didn't really wonder what it was until I saw an article discussing his device of choice. What does he use? A Blackberry. You might wonder why I, an avid evangelist of Microsoft products, is blogging about our competitor's technology. The reason for that is the rest of the article -- once Obama becomes President, he will be switching to an NSA-approved device running... you guessed it: Windows Mobile. The reason for this is the level of security needed to meet government regulations. While some form of encryption is available on most handheld devices, the Windows Mobile device is up to the task of securing the communications of the leader of the free world. As the old saying goes, "if it's good enough for him..."
And while this may seem like a light-hearted post, the truth is that security is something for which we all need to be responsible. It comes down to a trade-off between business continuity and risk management. The easiest way to secure your data is to simply not have any. No data = no risk of any unauthorized people accessing it. That, of course, is ludicrous. Since we need information to keep our business moving, the task becomes how to secure that data so that only those who should have access do have access.
Too often, when giving a presentation, I find that many people do not take security risks seriously. They consider "hackers" to be only the worry of governments and multi-billion dollar enterprises. This attitude could not be farther from the truth. Unfortunately, many do not heed this warning until it is too late. I know several businesses locally, for instance, that use unprotected wi-fi networks. I know this because they are in range of public hotspots, such as coffee shops, which I frequent. When connecting to the public network, I can clearly see the SSID of a local business attached to an unsecured wireless network. Even a "secured" network does not really mean that your data is secure. A wireless network running WEP, for instance, isn't really a safe network. WEP, which stands for Wired Equivalent Privacy, is an old technology which can, according to Wikipedia, be cracked within minutes with readily available software. Unfortunately, WEP is still being used to "secure" networks.
If you want to know more about what you can do to protect your own systems from unauthorized access, I can help. While I am not the NSA, I can offer some security best practices for you to follow. Stay tuned for future blog posts relating to how to better protect yourself and your data from intruders. You can also use the "tag cloud" on my blog page to find posts related to security simply by clicking "security" (as shown below).
Now that you're thinking about security, want to know more about the specialized NSA-approved devices the President can use? Read all about them here.
At the inauguration, Microsoft is going to help make history. If you saw my earlier posts about Photosynth, you know it has been featured in CSI. In that episode, the police used it to reconstruct a murder scene from cell phone pictures taken by students at a school function. In this case, CNN is going to use it to create a Photosynth of the moment of inauguration. Those attending the event are being asked to submit their photos of the moment President Obama is sworn into office. Assuming that even half of the people (millions are expected) attending the event submit a picture, this will be a HUGE Photosynth. It will also be an incredibly historic one! You can read all about it here.
The much anticipated beta version of Windows 7 is now available for download. You can find the link here. It's a limited-release beta, so get it before it's gone. (Actually, I just found out that the Windows Team has decided to allow unlimited downloads for two weeks before starting the 2.5 million download limit.)
You can learn more about what's new in the beta here. They've even got videos up showing the new features in Windows 7.
I'll be covering more about Windows 7 in future posts, but wanted to make sure you were aware of the beta as soon as I found out it was available!
Enjoy!
Technorati Tags:
Windows 7,
beta,
download
But probably not for the reason you think. The code is ready to go. It's actually the demand causing the delay. While the public beta was supposed to go live this afternoon, the demand for the beta (which went live for TechNet/MSDN subscribers yesterday) has been overwhelming. In fact, such a high demand exists that the Windows team is beefing up the infrastructure so as not to disappoint those trying to download it.
The official message can be found here.
Technorati Tags:
Windows 7,
Beta
I'm sitting in the local Microsoft Office today and it is simply abuzz, which is what I am going to talk about. I introduced some co-workers to Live Mesh this week (if you didn't know about that, you can watch the screen cast/read the blog from earlier this week). Today, as I was talking about how it works and discussing business value of such a tool, I had an inspiration -- one that apparently caught on because several of my co-workers have been testing it this afternoon, determining if it works and what steps are required to make it work. Specifically, my good friend, Russell LeCompte, who happens to be a Premiere Field Engineer that deals primarily with Internet Explorer did some work this afternoon turning my inspiration into reality.
Ok... I just looked through the archive for the Live Mesh distribution list (think e-mail group) and realized that I am not the first person to come up with this idea. I didn't really think I was, but I did come up with it on my own. ;)
Anyway, what we discovered is that Live Mesh is capable of syncing your Internet "favorites" across all of your machines, as well as providing you with access to those URLs from the Live Desktop. This means if you have multiple computers you use to surf the Internet (as I do), then you can sync all of your favorites automatically so that every one of your computers has the same favorites folder!!!
It's actually fairly straightforward and easy to do. All you need to do is install Live Mesh. On the first machine, go to your favorites folder, then move up one level (so that you see your favorites as a folder, rather than individual files -- see below).
Right click on the folder and select "Add folder to Live Mesh."
You will see a menu that looks similar to this one (once you click the arrow next to "synchronization options").
Select the computers you wish to sync to, then click OK. The folder is now a Live Mesh folder. On the devices you've just synced the folder to, you will need to put the Mesh folder in the correct place.
By default, Live Mesh puts a blue Mesh folder shortcut on the desktop of the machines it is syncing to. Double-click that shortcut and you will see a message similar to this one (except that it will be "favorites" instead of "downloads").
You can use the browse button to select the location of this folder. Put it into your user folder (where your current favorites folder is located) replacing the current favorites folder. (It's a good idea to make sure all of the favorites you want are located on the machine you started with, since the overwrite can (though shouldn't) erase favorites on your other machines).
That's it. Your favorites will now sync across all of your devices, giving you the same list of IE favorites on each machine you've synced to. You will also have your favorites available to you from your Live Desktop (which means from any machine with an Internet connection) provided you included your Live Desktop in your sync options.
Expanding beyond the horizons of the favorites folder, can you see the possibilities here? Custom dictionaries, music, videos, draft documents, customized program settings... all of these can be Meshed across your PCs, giving you the same experience from one machine to another, updating changes immediately! It's going to be a busy Live Mesh weekend for me! :)
Enjoy!
Fortunately, I am talking about Live Mesh, the program, not wearable mesh, which made an appearance in the 80s (and hopefully doesn't come back). Live Mesh is a program that is becoming more robust all the time. It started as a way to synchronize files between multiple PCs. (And it still does that quite well.) But, the Live team had added the ability to use Remote Desktop via Live Mesh in order to connect to your meshed PCs. It also contains cloud storage (called Live Desktop), which allows you to sync and store files in the cloud for anywhere-accessibility. Let's take a look at how this works.
This is my Mesh Ring. You can see I have three PCs connected to my Mesh Ring -- Jack, my home PC, DaniWoodHP, the machine I use for work, and Test Machine, which is an old PC that was lying around the office which I am using to demonstrate some of the features of Live Mesh.
Before I get too far into how it works, let's take a look at how to get it, set it up, etc. Rather than me typing all of this, I've done a screencast below to outline the installation, setup, and features in Live Mesh. Instead of spending the time writing a short novel (which is what I would have to do in order to tell you all about Mesh), I decided to make a screencast. So, here you go. You will need to have Microsoft Silverlight installed to watch this video. Double clicking on the video will open it in full screen mode, which will make it a bit easier to see. ;) Here's a link to the video in case the embedded video doesn't work for you.
Just a couple things before I go:
1. The whole reason I undertook this project was to explain a message my co-worker was seeing today with Mesh. When connecting to a remote PC (that was sitting on his desk right next to his other machine), he was seeing a message (on the "remote" machine) asking him to deny/allow the connection. This message appears if Mesh detects that someone is using the PC you are attempting to connect to. The reason for this is that connecting remotely will, by default, blank the screen on the remote machine, kicking off the user currently using the machine. If, for instance, you were trying to connect to your home PC and someone was using it at the time, they would have 30 seconds to click "Deny" on the connection screen. If they don't click anything in that time (or if they click allow), then the connection will go through. If Mesh does not detect that anyone is using the PC (it's locked, for instance), then there is no delay and the connection will happen immediately.
2. In the screencast, I mention that you can use this to connect to other peoples' PC for remote connectivity and troubleshooting. This is true, but only if that machine is running Live Mesh under YOUR credentials. If, as an example, I wanted to connect to my Dad's machine remotely, I would have to ensure he was signed into Live Mesh using my Windows Live ID. (You can't control machines that are logged in with others' credentials, even if they are sharing files with you.) While I don't suggest giving out your Windows Live ID, you can certainly set up Mesh for them using your ID and selecting "Sign me in automatically." This also gives you control over how they are sharing files and folders with you. (This only applies to remote connectivity. You can share files and folders with other people's PCs even if they are signed in with their own credentials.)
This gives you a good introduction to Live Mesh. Play. Explore. Benefit. Enjoy!
While iSCSI might have the little "i" so common in Apple's naming schemes, it has nothing to do with Mr. Jobs. In this case, the "i" stands for "Internet." SCSI (Small Computer System Interface) is an interface used for connecting PCs to peripherals such as hard drives. SCSI is nothing new. It's been around for a long time. It is, in fact, a preferred choice for production environments because of its performance. iSCSI adds a new dimension to the SCSI interface. It allows the SCSI commands to be sent via existing network cabling. What does this mean? It means that you can easily create a SAN (Storage Area Network) using your existing network infrastructure. (A SAN is an integral part of a clustered server setup.)
How Does it Work?
iSCSI requires the installation of a special piece of software, called an initiator, on the host machine. This allows the host to accommodate incoming iSCSI commands. Microsoft has released a free download for Server 2000 and Server 2003. Server 2008 comes with the iSCSI initiator included out of the box. The initiator, installed on the host, initiates and receives requests from the iSCSI target via the IP network.
In Plain English, Please?
It sounds more complicated than it is. The host machine (running the iSCSI initiator) is connected to your network. It sends special network traffic to the target machine (where the iSCSI devices are installed) to access the storage devices. The data being written to and read from the drive is encapsulated within that network traffic and sent back to the host machine. In essence, it's like having a really, really long drive cable connected from your host machine to your target machine. Since it all runs over TCP/IP (which is the same protocol used by most web traffic), there's no need to install specialized networking gear to make iSCSI work.
It Sounds Too Good to Be True!
Like a lot of innovative technology, this does sound too good to be true, which doesn't stop it from actually being true. Considerations must be taken to ensure that the performance of your iSCSI SAN meets your needs and expectations. While you don't need specialized networking hardware, you do want to use high-speed dedicated hardware for the SAN. This means gigabit Ethernet cards in your target and host machines. (This gigabit card should be in addition to the existing network card being used to access the public/internal networks.) Having such a card dedicated to the SAN traffic will help you achieve optimal performance. Isolating the SAN traffic onto a private network will also help boost your SAN's performance. Dual processors are also recommended in all of your iSCSI hosts.
Security is also a concern. By default, no security protocol is in place for IP traffic, even that being carried over an iSCSI connection. This is an obvious concern. Fortunately, CHAP and IPSec can be used to maintain security of your data being transmitted. CHAP is used as a negotiation between the host and target. If the host and target both know the secret password, the connection is established. If not, the connection is terminated. This prevents unauthorized machines from accessing your data via a direct connection, but does not protect your encapsulated data while it is in transit. For that, IPSec is required. IPSec is a security method which can be implemented on your iSCSI network to encrypt the traffic as it flows from point A to point B, protecting it from people attempting to intercept it.
SAN and Clustering
Clustering servers requires that they have access to the same shared storage. If we go back to the diagrams from the last post, we can see that centralized storage is an integral part of the clustering scenarios I outlined.
The SAN allows both clustered servers to access the data being written. If the storage were local to one of the servers and that server failed... you can see where that goes. It renders your cluster ineffective. Thus, centralized SAN storage becomes imperative to redundancy.
You can find more information on iSCSI SAN solutions and how to set them up here. Jose Barreto, member of the Storage Solutions Division, has some great blog posts on this subject, which begin here.
First of all, if you missed out on the whole digital pet revolution, a Tamagotchi is a virtual pet. It comes in a small computer (usually attached to a keychain) and requires attention to keep it from dying. It needs to be fed, played with, and cleaned up after, all accomplished via buttons on the computer. In exchange, it provides hours of entertainment for its owner (as much entertainment as a tiny little LCD screen utilizing block animation could provide). Now, I will be the first to tell you that a failover cluster probably isn't going to provide "hours of entertainment" (unless, of course, you're clustering your Call of Duty server). But, with some care and maintenance, it is going to ensure high availability of your clustered servers, allowing you to concentrate your attention somewhere else (like on your Tamagotchi, for instance). I gave you an overview of clustering and virtualization in my last post, but I want to delve deeper into how virtualization and clustering can work together to provide you with an easy-to-use, effective solution.
One of the concerns around creating a failover cluster in Windows is the need to use similar hardware for all of the nodes within the cluster. (This is the Microsoft recommended method of creating a failover cluster.) As my friend Jamie pointed out (after reading my last post -- he happened to be on vacation in the Dominican Republic at the time. That's a pretty dedicated blog reader right there!), one of the biggest advantages of using clustering with virtualization is that virtual machines, by default, are "similar." In fact, all of the machines created in Hyper-V have the same virtual hardware specs, regardless of what physical hardware the host OS is running on. Thus, planning a virtual cluster eliminates the "similar hardware" requirement.
One of the main concerns when building a failover cluster is, "Where do I store my files?" Since a virtual machine is really just a file stored on a hard drive, it becomes important to consider not only where you will store data used by the machine, but where you will store the machine file itself.
There are a couple different ways to create virtual clusters, depending on your needs. You can cluster virtual machines together to create a cluster of virtual machines or you can cluster physical hosts together to make a single virtual machine highly available. Let's take a look at some diagrams to understand exactly what the differences are.
In this picture, we can see that two virtual machines are connected to a SAN (Storage Area Network). The virtual machine files are stored locally on each of their respective physical hosts. The data being used by the virtual machines (the data for applications running on the machines, for instance) is hosted on the shared SAN. The two virtual machines are clustered together. When one of the virtual machines fails, the other takes over, leveraging the data stored on the shared drive. In this way, the applications running on the virtual machines are highly available.
The second way to handle this scenario is shown in the following diagram.
In last week's post, I implied that clustering two physical machines together could potentially cause a problem, as the physical machines are monitored by the cluster, but not the virtual machines. (Actually, I may have come out and said it, rather than implied it.) The truth is, that's only partly true. My goal was to help you understand the basics of clustering before getting down into the details. It is possible to have a workable solution using clustered physical machines and virtual machine failover, as shown in the diagram above. In this case, two physical servers are clustered together and are both connected to the SAN. The virtual machine, in this case, is stored on the SAN, rather than on one of the physical machines' local drives. The virtual machine is set, in the cluster management tool, to be a highly available "application." Thus, if one of the physical machines fail, the other machine will automatically launch the shared virtual machine.
In a manual failover (such as for planned maintenance on the physical machines), the virtual machine will actually be saved, shut down, transferred, and started again -- all with one click in the cluster management console. It is a quick process (the time it takes is dependent upon factors such as amount of virtual memory to be saved to disk) and allows the state of the virtual machine to be transferred from one host to the other. In the event of an actual disaster (and an automated failover), the state would not be saved (as the physical hardware would've failed at this point) and the virtual machine would start clean (as if it had been rebooted) from the files on the shared SAN device.
Each of these scenarios has its benefits. They are semi-interchangeable (they have functionality overlap), but as we dive further, you can see where one is more appropriate for certain situations. Think, for instance, of licensing. Which of the following scenarios do you think involves more Windows licenses?
Diagram A
Diagram B
In both scenarios, we have 6 highly available machines. We are using virtualization to create the machines. But as you can see, the results are completely different. In Diagram A, we're looking at 8 instances of Windows Server and one cluster to manage. In Diagram B, we have 14 instances of Windows Server running and 6 individual clusters to manage! Clearly, Diagram A is the superior solution, right? Not always. Imagine, for instance, that we have two servers which have been removed from production duty as part of our virtualization consolidation. These two servers are not remotely similar. One is an AMD machine and the other is an Intel machine. Both are capable of running Server 2008 and Hyper-V, but that's where the similarities end. Are they going to be acceptable for solution A? Maybe. Remember, though, that similar hardware is important in a cluster. Will it work anyway? Maybe. Is it supported? Maybe not. But, in the solution in Diagram B, we don't need them to be similar. Those machines can be anything capable of running Server 2008 and Hyper-V. As long as they each have enough memory and processing power for the virtual machines which will be hosted on them, they will work for scenario B.
But, you mentioned licensing earlier. Certainly, Diagram A represents the less expensive route from a licensing standpoint.
Ah.... you were paying attention! Good. I did mention licensing. But, is Diagram A really less expensive? Consider, for instance, that you really did free up two servers during your server consolidation to virtualization. And suppose each of those servers is running Windows Server 2008 Datacenter edition... that allows for unlimited virtual instances to be hosted. Under those circumstances, licensing wouldn't enter into the picture at all. Now, scenario A may be the costlier, as you may need to purchase a server to match one you have in order to create a supported cluster.
This is like a philosophical question - there is no "one truth." In this case, several factors will dictate which of these solutions best meets your needs, taking all considerations into account.
Stay tuned for the next exciting episode!
I had set a goal with my manager earlier in the year to achieve at least one more certification before the end of the year. I'm happy to say I accomplished my goal with (in his words) hours to spare. I headed down to Springfield on New Year's Eve to try my hand at the Hyper-V certification exam (test #70-652). And, as you already guessed (since I mentioned that I met my goal), I passed. I won't say it was easy, though. It made me realize that there are still some things about Hyper-V and Virtual Machine Manager (VMM) that I don't fully understand. What's that mean to you? It means you can expect to see more posts here regarding virtualization! (Not a bad thing at all, right?)
I'm actually going to start by attempting to explain some features in Microsoft's Hyper-V product. Because I received an e-mail about this on Monday (pretty interesting timing, eh?), I'm going to start with clustering in Hyper-V.
What is clustering?
Clustering simply means tying some servers together so that they are able to share the load of an application (this type of clustering is called Network Load Balancing (NLB)) or pick up in the event another server in the cluster fails (this type of clustering is called Failover Clustering). While both of these are lumped into the category of "clusters," they are very different and serve very different purposes.
Network Load Balancing
Network Load Balancing (NLB) is used to provide high availability for stateless network applications. You can tie two or more servers together in order to provide more processing power than a single server is able to provide. The NLB cluster acts as a single server (from the perspective of the user), automatically managing the user load to ensure that incoming requests are directed to an individual server within the cluster which can process the request. This can be very helpful in scenarios involving an application with heavy user load or an application which consumes a lot of resources per user. It is important to note that this only works with stateless applications. According to Wikipedia, stateless applications are defined as applications which have "relatively small data sets that rarely change (one example would be web pages), and do not have long-running-in-memory states." It also provides failover capabilities. In the event that one of the servers in the cluster fails, the load will be distributed among the remaining machines. Once the failed server is repaired, it can be brought back online and resume servicing its share of the user load.
Failover Clustering
Unlike NLB, failover clustering does not distribute the load among the members of the cluster. Failover clustering is designed to allow one or more servers to be on standby in the event that a server fails. Much like an understudy in theater, the other servers in the cluster wait to go on in the event that something happens to "the star." (Unlike the theater, however, you don't have to worry about the understudy servers trying to do harm to "the star" in order to get their moment in the spotlight.)
Clustering and Virtualization
Virtualization opens up whole new possibilities in the realm of clustering. It also introduces complexities and subtleties which require extra steps during the planning process. Because you can cluster the host machines (the servers actually running Hyper-V and hosting virtual servers) or cluster the individual virtual servers (or even a combination of both!), planning can be tricky. In order to understand these subtleties, we need to delve a little deeper into how clusters work.
Once multiple servers have been turned into a cluster, the individual servers in the cluster are monitored by one another using a "heartbeat." A heartbeat is simply a ping to the individual servers to make sure they are still responsive. This is how the other servers know if/when a machine within the cluster has gone offline. This heartbeat doesn't tell the cluster that all applications on the server are still functioning -- just that the server is still online and responsive. Since a virtual machine is, for all intents and purposes, an application, clustering the physical host servers may mean that a virtual machine can fail and the cluster won't be aware of the failure. If the host servers are running other applications/services which are the reason for clustering, this might not be a problem. If the virtual machine was the reason for clustering, this might be disaster. Confused yet? Let's take a look at a picture.
In this diagram, the lines represent a cluster. We have three physical machines, all running a single virtual machine, clustered together. The heartbeat will travel those lines, meaning that if one of the physical servers fails, the other physical servers will know about it and step up to take its place (in a failover cluster) or stop directing traffic to the server (in a NLB scenario). But, what if one of the virtual machines fail? There's no heartbeat there (because the virtual machines are not clustered together), so the cluster is unaware of what the status of the virtual machine is. Again, if the virtual machine is not the reason for clustering, then you'll be fine. But, if it is, this is clearly not going to work.
If we change this up a bit, let's see what happens:
Now, you can see I have clustered the virtual machines, rather than the physical machines. If one of the virtual machines becomes unresponsive, the other virtual machines will step in and take over for the failed server (in a failover cluster). The interesting thing here (and one of the subtleties I mentioned earlier) is in regard to the physical server. In our last example, the heartbeat only monitored the physical machine. Thus, a failed VM would go undetected. In this instance, the heartbeat is only monitoring the virtual machines. But, what happens if one of the physical machines fails? The virtual machine hosted on that server would become unresponsive, triggering one of the other servers to step up and take its place. Thus, clustering virtual machines in a Failover Cluster does, in actuality, failover in the event of a catastrophe on either the virtual or physical machine!
Does this mean that clustering the virtual machines is always the way to go (since it essentially monitors both physical and virtual machines)? No. It very much depends on the situation and what you are really trying to accomplish with your cluster.
Clearly, there is a lot more to discuss regarding how clustering works with virtualization, but this is a good introduction to the concepts. I'll continue to delve into clustering with Hyper-V in future posts!
In the meantime, want to find out how easy it is to actually set up a failover cluster in Server 2008? Check out the TechNet lab.
Enjoy!
In case you haven't heard, an out-of-band security update was released today for Internet Explorer 7.
What Does This Mean?
"Out-of-band" means that this release was important enough to be released outside of the normal monthly update cycle.
Why is This Update Important?
The update is marked "urgent" because it fixes a publicly disclosed IE vulnerability. Publicly disclosed means that the vulnerability is known to the public and exists "in the wild." Thus, you (and your users) could be impacted by this vulnerability now.
How Do I Get It?
You can find all of the details for this update here.
Recommendation:
Download the update as soon as possible. If your users are using IE7, update it throughout your organization as soon as possible. Make it a priority to keep your organization safe.
Wondering where I have been and what I have been up to? Well, a LOT of my free time has been poured into this project. (And I do mean a LOT.) I know I usually keep this blog on point with tech talk, but I figure a glimpse here and there into my non-work life isn't such a bad thing. With that in mind, here's my latest non-work project -- my coffee table.
I have been looking for the perfect coffee table for some time now. I couldn't find anything that I thought was just perfect. I found this awesome coffee table on eBay. The guy that had it had dirt in it and was thinking about making it into a planter of some kind. That sounded good to me. But, once I actually got it, I realized I could do more. Why settle for a planter when I could make something really, really cool?
Before Pictures:
I started out by taking out all the dirt, fake plants, etc. I started thinking "terrarium." My original idea was to just create a terrarium with some plants and a little waterfall or something. But, then, I started doing some research and I found this site about keeping Poison Dart Frogs. These guys have some serious terrariums. (Of course, since they have animals living in them, they call them vivariums.) That got me to thinking that I could do something unbelievable with this coffee table.
The Process:
First step for me was to make sure the inside was waterproof. That meant a lot of silicone and elbow grease. (Not to mention fumes.) I coated the entire inside in black silicone. (You should see the caulking gun I used during that process. Looks like something straight out of The Toxic Avenger.)
Once I was fairly sure it was waterproof (oh, I hope it is, oh I hope it is), it was time to create my water feature. I was thinking a river running through it with a waterfall would be cool. In order to make the river, rock walls, etc., I used Great Stuff expandable foam. A lot of it. I got the whole river done, the walls, etc., then realized that I had made it WAY too high. A little work with a knife and a razor blade and I had myself a decent, foam colored riverbed. A little more silicone and I had a nice, black, waterproof riverbed.
Since I was creating the river and waterfall, I would need some kind of false bottom to hold the water reserve. I found this stuff called hydroton that they use in hydroponics. It's a lightweight, expanded clay aggregate. Basically, it is similar to gravel, but weighs like 1/10th of what gravel weighs. In order to keep the substrate (basically, the dirt-type stuff that the plants will grow in) from falling down into the false bottom and making a mess, I used fiberglass screen over the top of the hydroton. Then, to keep the jungle feel, I used eco-earth on top. It's basically shredded coconut husks. It works like dirt, but looks like jungle floor. It's what is also on the walls -- black silicone covered with eco-earth to make jungle-looking walls. Let me tell you -- I inhaled enough silicone fumes to choke... well... me. :)
A bunch of plants, some moss, a hidden pump, and wah-lah. My very own jungle-in-a-coffee-table. And, since I don't want to write a million words, how about some pictures? I used Microsoft Photosynth to create this.
My Coffee Table! (in case the embedded viewer above doesn't work)
Now that this project is complete (and I've gotten over the fumes), you can expect to see me back to my old blogging self. :)
What does the iPod have going for it? It is ubiquitous. It was out before the Zune and, frankly, more people own an iPod than own a Zune. What does the Zune have going for it? EVERYTHING else. :)
This is a post that I take a little evil delight in writing. I have friends who own iPods. Quite a few of them. I also have friends that own Zunes. The friends that own iPods are a little uppity about it. I've heard questions like, "Why'd you buy a Zune, dude?" When asked of me, that's a pretty obvious answer -- I work for Microsoft. For some of my friends, it was to support me and my affiliation with MS. For most, it was simply that the Zune was a better fit for their needs (or because I make it sound really good when I talk about it). The reason I bring it up is because the Zune was already, in my opinion, light years ahead of the iPod in certain areas -- and now, it's just gone farther. The Zune Pass is my favorite feature of the Zune. It is the subscription service that you can purchase for $14.99 a month. Essentially, you can download any music in the Zune Marketplace. You can download that music on up to three PCs and two Zunes, which means a whole family can easily share a subscription (or two, depending on the size of the family). As long as you continue to pay the subscription fee, you can continue to enjoy all the music you've downloaded. This lets me discover a lot of new music that I may not otherwise listen to. But, the Zune got better. First, there was the introduction of the new wireless feature, letting you download music directly from the cloud to your Zune at any wireless hot spot. Nice! But, it got even better this week. Microsoft has introduced a new feature with the Zune Pass. Simply, you get to keep 10 of your downloads forever and ever. Yes. You did read that right. Every month you have the Zune Pass, you get 10 free song credits to use as you see fit. That means that you can add 10 new songs (that you already know you like because you downloaded them via the subscription) to your permanent music collection. If you do the iTunes math here, at $.99 per song, that means you are getting $9.90 worth of music free every month. Assuming you would spend that anyway, it knocks the overall cost of the subscription down to $5.09 per month.
It reminds me of the old Domino's Pizza commercial. The deal was unlimited pizzas (I think) for $5 after the first was regular price. One of them showed a guy asking the girl to clarify the pricing structure:
Guy: "So... a medium pan with sausage, a medium with pepperoni, your phone number, and a medium with pineapple."
Domino's girl: "Regular price, 5 bucks, not for a million bucks, 5 bucks."
In the Zune commercial, it'd be:
Guy: "So... access to download millions of songs and keep 10 of my favorites. Net result?"
Zune: "$14.99. Nothing extra. 5 bucks."
iPod: "Wait. You want to do what now?"
Hear that? That's the sound of Zune owners everywhere cheering. :)
As you may have noticed, I typically try to keep these postings somewhat related to the business side of IT. Today, however, Microsoft announced the new Xbox 360 experience and it is almost too cool for even me to put into words. A ton of features have been added to the 360 interface, including animated characters you can customize to reflect your own individuality and Xbox LIVE Party, which allows you to create a virtual party on your Xbox and connect to up to 7 of your friends.
But, by far and away, the most anticipated feature (and that's MY anticipation, mind you) is the new interface with Netflix on-demand. You can use the Xbox 360 to stream movies from Netflix's connection of on-demand movies. In addition, Netflix is offering HD on-demand!!!! The Xbox 360 is currently the only Netflix HD ready device! How cool is that???? Can you tell I am excited? (All of the punctuation really gives it away, doesn't it?) The HD offerings currently include over 300 choices of movies and television shows, but I expect we will see a lot more in the near future.
I can't wait to get home and play with my Xbox! (And all of this just in time for the Thanksgiving break. What could be better after a huge meal of sleep-inducing, tryptophan-laced turkey than moving into the living room and watching some of my favorite television shows in HD on-demand??? Well, if you're a sports-person, I guess football. But for me, I'll take the HD TV, please!!!)
All of these new features combined with the ability to act as a Windows Media Center extender (to experience all of your recorded television, music, photos, etc. streaming straight from your Windows Media Center) means the Xbox has been promoted from gaming console to the new center of your digital living room!
You can read all about all of the Xbox enhancements here.
