Rob’s Ragg…. Tech Talk & Cool Toys for Grown up Boys

You Attended the TS2 Event, Now Where Can I Download that Content Again?

During my last presentation, I pointed everyone to my blog.  If you attended one of my events, then you found me!  The deck that I used for the presentation is located here: http://www.microsoftts2.com/contentDecks.aspx and it's the deck labeled SBS & EBS 2008, Response Point VoIP Phone Systems, S+S.  This is where you can find not only our current content, and the content from our prior presentations as well.

Don't worry, I'll keep this one short and sweet and just say Thank you for attending our event and please let me know if there is anything else I can do to help.

Until Next Time!

Rob

Virtualization and SBS 2008

People have been asking about this and now we have a document that discusses where SBS 2008 and Virtualization can work together.  Here's the link:

Using Hyper-V with Windows Small Business Server 2008

There are a copy of articles referenced at the link above, please review all the information to make sure all of your detailed questions are addressed, but I've tried to summarize some of the high points:

• The licensing agreement for Windows SBS 2008 Premium differs somewhat for the second server. You can install a second copy of Windows Server 2008 Standard. Then, you can also install Windows SBS 2008 into virtual machines on the Hyper-V host. With no additional licensing requirements, the terms of the license agreement allow you to use Hyper-V on a licensed server to do the following:
• Run hardware virtualization software.
• Provide hardware virtualization services.
• Run software to manage and service operating system environments on the licensed server
• If you enable the Hyper-V server role, you must deploy all other workloads into the virtual instance of the second server.
• Microsoft strongly recommends that a parent partition contain only the Hypervisor. Because of this, Windows SBS 2008 does not support using the primary server as a Hyper-V parent partition. However, when you install the 64-bit version of the second server, Windows SBS 2008 Premium allows you to enable a Hyper-V parent partition on the second server.
• Rob's comment: You are able to install the Hyper-V role on your SBS 2008 primary server, but this is not a supported scenario.  Please do not implement this this way in a production environment.  This is an unsupported scenario, and I'm afraid you will be disappointed.
• Review the Best Practices for Using Hyper-V with Windows Small Business Server 2008 document!  Please adhere to Best Practices, in the end, I believe you will be much happier with the installation.
• Read this Known Issues with Running Windows Small Business Server 2008 in a Hyper-V Environment word for word.  Here are a few high points:
• Windows Server 2008 Fax server role is not supported in Hyper-V
• USB support is not available in Hyper-V
• Do not back up or restore more than one partition at the same time.

If you're just wanting an overview; hopefully my summary has given you the highlights.  if you're going to move forward with deploying SBS 2008 on Hyper-V, please review all of the links I have listed above.

Until next time!

Rob

How big Should PageFile.sys be on a Server 2008 Hyper-V Server?

I received the following question:

Thanks for the article.  What do you do about your host system's pagefile?  I'm thinking more about size.  Do you leave the default?  I have a 16GB system and 12GB of that is allocated to VMs. 

Do I size the host pagefile for the whole 16GB or just for the 3 or 4GB not used by the VMs?  Of course, I want to reduce paging and disk I/O for the host, but if I don't need a huge pagefile, then I'd rather not.

Still researching to see if the old 1.5x RAM sizing is still applicable to x64 large-RAM Hyper-V systems.

Thanks!

Well I did some looking around and there is not a black and white answer to this one, but for the majority of your situations, I'd recommend that we let the system manage the pagefile.sys.  Pagefile.sys is around for two reasons:

1. Provide Virtual Memory to support the physical memory on the server. 1x-1.5x the amount of memory is the "suggested size" of the pagefile.sys, but usually that does not make "sense" on a 16GB machine, and this is "traditional guidance" that does not take Hyper-V into consideration.
2. Pagefile.sys has always been available as the dump location in the event of a crash, so in this situation, sometimes you need a pagefile.sys that is at least the size of your available RAM (plus a little more).  Check out the article below that discusses the details to be considered.

If the server crashes once, do you really want a dump of all of the RAM? If you do, then pagefile.sys needs to be larger than the available RAM, and the machine probably needs to be configured to allow all of the RAM to dumped. Be warned that if you do this, the memory dump could take a very long time (30 - 60 minutes?).  Most likely, you don't want to run with this big of a pagefile.sys, because machines don't bluescreen that often anymore.  If you do encounter repeated blue screens, you'll most likely work with a Support Professional that will help you configure the server to generate the appropriate dump anyway.

Now when we consider your situation, 4Gb is usually adequate since the other 12Gb is dedicated to the VMs.  Since the VM's require real RAM, not virtual memory, there's really no reason for pagefile.sys to support the VM memory for day to day operations.  Again, the only good reason I could find to have a 16Gb page file in *most* (but not all) instances is to be able to capture a memory dump in the event of a failure.

Here is the guidance on Server 2003 and WindowsXP pagefile.sys planning. While we have made some changes in Server 2008, this guidance is a very good starting place, check it out.  It asks you to profile your machine with your workloads, and then take that profile information to determine the pagefile.sys size.

How to determine the appropriate page file size for 64-bit versions of Windows Server 2003 or Windows XP

At this time, we do not have guidance specifically for Server 2008 and Hyper-V, but this plan should be fine in most scenarios.  One thing that has changed in Server 2008 and Vista is that you can now specify a different dump file, location and size of the dump files.  That's a different discussion, but the pagefile.sys guidance above should be adequate for "best practice" configurations.

As you can tell, I've hedged my bets boths ways on this because there is no one size fits all answer if you feel you need to customize the pagefile.sys configuration, but usually the pagefile.sys configuration is not an item that will impact system performance that much anymore. The pagefile.sys configuration is System Managed by default for both Server 2008 and Windows Vista.  If you want to conserve space, I can see the reasoning for no more than a 4Gb pagefile.sys on a Hyper-V machine.  Heck I can even see where only a 2 Gb pagefile.sys might make sense, but again, the system by default can take care of that for you. 

Of my three Hyper-V machines, I've configured two of them manually so that I could move the pagefile.sys file off of the boot drive.  My third machine is configured with the default configuration of System Managed.  If you really want to tweak performance, putting pagefile.sys on a different drive can reduce drive contention as long as the new destination isn't hosting any other disk IO intensive applications like Virtual Machines or databases. 

Until next time!

Rob

Response Point Town Hall Meeting

Let me just say that I hate just doing a copy and paste of content, but this is too valuable and too well written for me to mess it up. 

This is the big online event of the year! The Microsoft Response Point team is sponsoring a 1.5 hour Town Hall meeting for Microsoft partners who are selling and installing Response Point.  This is your best opportunity to find out what is going on with Microsoft Response Point and ask you business and technical questions! We have the General Manager, Marketing, Program Management, Development, and the OEMs on-line ready to go!

Town Hall Agenda:

1. Update the VARs on recent changes and programs (i.e. the website changes, Loaner Program, the campaigns, Specialist program, new partners, etc)
2. LISTEN to what the VARs want and need to grow their business
3. Microsoft Program managers, Developers, Product managers, and OEMs will be in the background answering your questions via the question manager in Live Meeting.
4. Give the Response Point VARs an opportunity to get business and technical questions answered directly from the Microsoft Response Point team and senior representatives from:

D-Link	Aastra	Syspine

Date: Thursday, Oct 30th, 9:00-10:30am PDT
Audience: Microsoft Partners who sell and install Response Point solutions
Location: Office Live Meeting
Cost: FREE
Attendee Registration for Microsoft Partners:
https://training.partner.microsoft.com/plc/details.aspx?publisher=12&delivery=255101

Response Point Partner Town Hall Meeting
The Microsoft Response Point Marketing and Development teams are hosting a question and answer webcast for any and all partners who are interested in Response Point and are currently selling Response Point.  With recent announcements on new SIP Trunking providers as well as new peripheral partners for T1 support and conference phone support, the solution opportunity for partners and Response Point expands. Additionally, our go to market plans for the year focus on demand generation activities with Partners being an important cog in these planned campaigns.

Microsoft will spend a few minutes updating partners on what is currently going on with Response Point and will open up the floor for marketing and technical questions.  This is a great chance to find out what the product and opportunity are and get some straight answers from the team who is building the product. We have also invited the OEMs to be online to answer your questions and listen to your concerns and comments.

Note: If you can't make it, the presentation will be archived and available for partners to view at the Microsoft partner learning center. It takes about 24 hours before the on demand link is ready. Register today and you will be notified.

Here's the Response Point blog if you haven't checked it out before:

http://blogs.technet.com/rp/

I don't copy and paste often, but I hope this one was worth it. 

Until next time!

Rob

Great White Paper on Hyper-V and Clustering

http://www.microsoft.com/windowsserver2008/en/us/white-papers.aspx

This site has a lot of Server 2008 White Papers, the Hyper-V and Clustering White Paper is the second from the bottom on the left hand side of this page.

While I was pleased that I got my cluster up and running and it was a whole lot easier with Server 2008 than it was with server 2003, I could not get Quick Migration to work.  Quick Migration requires identical hardware and identical processor architectures.  Unfortunately, each of my servers have a different CPU.  One's Intel, and the other two are AMD CPU's.  I clustered the two AMD CPU's, but one's a dual core and the other is a quad core.  Unfortunately, these two CPU's were not "identical" enough.  The cluster worked great, the cluster requirements are not as strict as the Quick Migration requirements so I was able to fail over file shares and such, but I could not perform a Quick Migration on a Virtual Machine.  I understand why the Quick Migration requirements are more strict, but I'm still bummed.

I've you've been successful with Hyper-V clustering and Quick Migration, please let me know.  I'd love to know how it works for you.

Until next time!

Rob

Clear up a Little More Disk Space in Windows Vista

I just ran across this article and I thought I'd share it with you.  If you installed Vista  RTM and then installed SP1 on top of it, you can recover a bit of disk space by removing some of the pre-SP1 files that are no longer needed.  Take note that you will no longer be able to uninstall SP1, but why would you? 

Here's the article:

VSP1CLN Command-Line Options

This will be a handy tool to use if you are deploying SP1 to all of your machines.  This gives you the ability to come back and remove some unneeded files a few days after the upgrade.  I suggest that you wait a few days after SP1 to make sure you don't have to roll SP1 back to assist with troubleshooting.

Until next time,

Rob!

Additional Reference Material on BitLocker

My last post walked through the process of installing and implementing BitLocker on a Hyper-V server.  During my research and testing, I found a lot of pretty useful documentation that helped me through the process.  I wanted to share this information so that you can gain "a well rounded knowledge" of BitLocker. 

Here is a great blog on using BitLocker on removable drives.  This blog also details the more popular commands used by manage-bde.wsf.  I'll show you the commands I use to set it up, but you should read David's article on the additional detail.

http://blogs.msdn.com/askdavid/archive/2007/06/08/enabling-bitlocker-on-removable-drives-usb-flash-drives-usb-hard-drives.aspx

 

Here is the link to a good article that discusses the Remote Administration Tools.

http://support.microsoft.com/kb/941314/en-us

If you are managing a Hyper-V Server, or a Windows Server 2008 Core installation, manage-bde.wsf needs to be used.  The GUI BitLocker application is not available on a GUI-less installation.

 

This is a great overview of BitLocker.  Please read this article before you implement BitLocker.  It will give you an overview of the requirements and some important details on implementation.

http://technet.microsoft.com/en-us/library/cc725719.aspx

Take note that ServerMgrCmd is not available on a Hyper-V Server, you must use ocsetup to install BitLocker.

Until next time,

Rob!

Installing BitLocker on Hyper-V Server

I recently received the following question: "How do you install and use BitLocker on Hyper-V Server".  Of course when I read the question, I thought, "That's easy", and then I started thinking about the process.  One of the struggles with a GUI-less server is that the GUI tools no longer work.  To compensate for the lack of a GUI, command line tools are the way to get it done.  Now I remember why people love the GUI interface!  I've highlighted all of the commands I used below.  I've also created a second blog post that includes a lot of the material I referenced to assemble this information. 

Installing and configuring BitLocker is not hard, but I did have to hunt to find the right way to install it for Hyper-V Server.  The same process should work for Server Core.  The full install of Server 2008 and your Vista installations should be able to use this process if you want to automate the deployment. 

Remember the BitLocker drive preparation tool?  I could not get it to work on Hyper-V server, so I had to manually configure my hard drive.  Check out the BitLocker Drive Encryption Step-by-Step Guide.  Just follow Scenario 1 for Hyper-V Server to partition the drive properly.  You should also check out my earlier blog on BitLocker.  I talk about the environmental considerations in an AD forest to ensure that your recovery key gets escrowed properly.

Once the hard drive is properly configured and Hyper-V Server is installed, now you need to install the BitLocker feature on the Hyper-V Server.  Here's the command to accomplish the installation:

ocsetup BitLocker

Once BitLocker is installed, you need to reboot the machine.  Hang in there, we'll be rebooting the machine a few times to get this installed and configured.  While we've eliminated a lot of reboots, we didn't eliminate any in this process.  The good news is that you only need to do this once per machine.

Once you install BitLocker, you'll now have access to manage-bde.wsf.  This is the tool that will let you manage BitLocker on your Hyper-V Server.  This is a very powerful script and it contains a lot of options.  I'm highlighting just the options we need to configure BitLocker.

You now need to take ownership of the TPM chip.  There can only be one owner, so if you are dual booting, you can only use BitLocker on one of the OS'. 

CScript Manage-bde.wsf -tpm -TurnOn

Now, you need to reboot your computer and follow the startup instructions. 

the shutdown command is:

shutdown /r /t 0  <-- The /r will cause the computer to reboot, the "/t 0" says that the time to wait before rebooting is zero seconds.

At this point, the TPM chip is now ready to be "paired to" your individual installation of Hyper-V Server. 

The command below pairs your installation to the TPM chip.

CScript Manage-bde.wsf -tpm -TakeOwnership 12345678 <--  The "12345678" is the test password to ensure that you can use a password.

Now that your installation "owns" the TPM chip, now all we have to do is turn on BitLocker and tell it to encrypt your drive. 

Here is the command we'll use to start the encryption process:

cscript manage-bde.wsf -on c: -tp 1234 -rp

The parameters from the command above are as follows:

-on <-- enables BitLocker

-tp <-- Tells BitLocker to use the TPM chip and a PIN. 

1234 <--  The PIN used for the TPM chip

-rp  <--  Requests a Recovery Password

Here is the output from the cscript manage-bde.wsf -on c: -tp 1234 -rp command:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Volume C:
[OS Volume]
Key Protectors Added:

    Numerical Password:
      ID: {A438547B-91C3-4DC8-B68D-619FD4C02E25}
      Password:
        584012-604868-288761-377025-269291-127160-526251-320551

    TPM And PIN:
      ID: {89054F39-A10E-4E09-93C1-73FA31EFCB20}

ACTIONS REQUIRED:

    1. Save this numerical recovery password in a secure location away from
    your computer:

    584012-604868-288761-377025-269291-127160-526251-320551

    To prevent data loss, save this password immediately. This password helps
    ensure that you can unlock the encrypted volume.

    2. Restart the computer to run a hardware test.
   (Type "shutdown /?" for command line instructions.)

    3. Type "manage-bde -status" to check if the hardware test succeeded.

NOTE: Encryption will begin after the hardware test succeeds.

Now take note that while we've turned BitLocker on, the encryption has not started yet.  Check out the section in red above. 

Before you reboot your machine, please ensure that you record your BitLocker recovery password.  In my example, my recovery password is 584012-604868-288761-377025-269291-127160-526251-320551.  This password MUST be kept secret.  Anyone that has access to your unique password has the ability to access the contents of your encrypted drives.  I configured my demo machine with Hyper-V Server and BitLocker as I wrote this article.  I'm sharing my actual recovery keys because I rebuild this machine all the time and I do not keep any confidential information on it.  I expect that I'll have my machine reconfigured within a week or two, so this BitLocker password will not be of any used to anyone.  Your BitLocker recovery password on the other hand, must be kept secure.  My earlier blog, that I referenced above, discusses how to configure AD to automatically record the BitLocker recovery key before a hard drive can be encrypted. 

Back to our latest command:  Before BitLocker actually starts encrypting your hard drive, it wants you to reboot your machine to ensure that the BitLocker boot process works properly.

You do have the option to add the "-SkipHardwareTest" to immediately start the encryption process, but I recommend against this option unless you've already successfully tested this hardware with BitLocker.  Please do not just add this option to expedite the installation process. If you do and your machine is not properly configured, you could end up with an encrypted drive that is unusable and will need to be reformatted. 

Now we are ready to reboot the machine and start the hardware test.  The hardware test isn't much more than just a reboot of the machine to ensure that the new configuration works properly before the encryption process begins. 

To reboot your machine again:

shutdown /r /t 0

If all goes well, when the machine reboots, it will prompt you for the PIN we entered above.  In my example, my PIN was "1234".  Once the PIN is entered, Hyper-V Server will continue the boot process and then encrypt your drive.

You can use

CScript manage-bde.wsf -status

to track the encryption process so that you'll know when the encryption is complete.  The encryption process is pretty fast, it should be finished in an hour or two.

This is the basic BitLocker configuration process.  I agree that it's not a simple one or two command process, but the value of BitLocker is that the encryption is unique to your machine and your instance of Hyper-V Server.  This is one of the things that makes BitLocker as secure as it is.

I'll add another post with some additional BitLocker reference material that would be worth reviewing before you try to deploy BitLocker in a production environment.

Until next time,

Rob!

There's an Urgent Security Update for Windows MS08-067

I've intentionally waited a day before posting this because we have some very good security sites and email notification subscriptions that should be your authoritative source.  I'm happy to provide insight, but we have a very good notification process, there's no reason for me to try and compete with that. 

For all Security notifications, you should check out the following URLs:

http://www.microsoft.com/security/default.mspx

This should be your first site to visit.  It provides the information and the actions we encourage you to take.

The Microsoft Security Response Center (MSRC) is another great real-time resource for education about overall security, as well as some of the latest information:

http://www.microsoft.com/security/msrc/default.mspx

Here's the TechNet Security Resource Center:

http://technet.microsoft.com/en-us/security/default.aspx

This one is more technical and contains a lot of other resources as well.

The last Microsoft site I suggest you check out is the MSRC blog.  This site contains the most up-to-date real time information.

http://blogs.technet.com/msrc/default.aspx

For the concern we have right now, please check out the following URL for information on our latest critical patch.

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

This vulnerability is VERY concerning because this can be remotely exploited by an anonymous user.  This vulnerability could allow the worst type of malicious software; a worm.  A worm is a piece of malicious software that not only can do damage to an infected machine, but it is also capable of replicating to other computers as well. 

We do not have many vulnerabilities of this degree anymore, but when we do, we ask that you take them seriously and take action as soon as you can. 

Here are my thoughts on your next steps;

1. Test the patch as quickly as practical while keeping an eye on the current security state of the Internet.
2. Take a look at some of the available workarounds.  While workarounds are not always the most pleasant solution, sometimes it's a great short term mitigation while the patch is being tested.  This particular patch suggests a workaround of closing a few TCP ports.
3. IF an exploit gets released, please patch your critical systems immediately!  If an exploit is released, you're really left with two choices. 
1. Install our patch and risk a possible compatibility problem.
2. Do nothing and risk the very real threat of infection.

Here is why I propose the installation of our fix is the best solution if a piece of malware is on the loose.

Microsoft stands behind it's patches and we offer no fee support for any security patch related problem.  Please check the URL below for our official support statement.  The bottom line is that if you have a problem with our patch, we'll help you get back up and running.  If you are infected by malware, we will still help you get back up and running, but the difference is that if you're infected, no one will be able to truly assess the damage the malicious software caused, or what information has been lost or compromised.

Check out our support policy.  Hopefully our support policy will provide one more assurance to help you expedite the deployment of this patch.

http://www.microsoft.com/protect/support/default.mspx

Until next time!

Rob

*This posting, like all of my postings, is provided "AS IS" with no warranties, and confers no rights.*

Yahoo to cut at least 1,500 from work force

Check out the article here:

http://www.msnbc.msn.com/id/27310518/

but the first line pretty much sums up the situation. 

Yahoo Inc. will fire at least 1,500 workers to cope with a crumbling economy that dented its third-quarter profit and turned up the heat on the Internet company’s management as investors stew over a missed opportunity to sell to Microsoft Corp. for $47.5 billion.

Dang!  I hate it for the 1,500 employees; that's 10% of their staff!  The thought of layoffs, staff reductions, RIF's, what ever you call it; it doesn't make it any easier.  During my career, I've had times when my job has felt very insecure, but I've been blessed with stable jobs and great opportunities.  Yes there are plenty of people that are regretting the missed opportunity with a Microsoft / Yahoo! combination, but personally, I'm glad we didn't acquire Yahoo!.  $47.5 Billion is a lot of money.  It's a whole lot of money and it really scared me.  My biggest concern with the proposed acquisition was that if it failed, it could cripple us.  I don't make decisions out of fear, and I don't feel that the fear of failure should have prevented the acquisition from taking place, but again, I think we're better off without Yahoo!

Yahoo! is facing a lot of uncertainty right now and I hate it for the employees, but I don't feel that bad for Yahoo! itself, their board, or Mr. Jerry Yang.  I wish people like Mr. Yang could go through the paralyzing fear of trying to support their families.  I'd like Mr. Yang to have to think about how his family would maintain healthcare, pay the mortgage, and continue to put food on the table while other people are trying to decide if he should stay or leave their company.  I understand that you must keep the stock holders happy, but the employees are stockholders too, aren't they?  How are we going to stabilize our economy with layoffs?  How are we going to stabilize our economy when we have upper management making egotistical decisions, not "sensible business decisions"?  Of course these people are loaded.  They don't have to work anymore, they do it because they want to.  They don't have to be afraid of failure.  If their decisions ruin their company; again, they are already financially set and will not have to worry about the financial security of their family. 

I hate this situation for the people at Yahoo!, but I don't believe that eliminating jobs, cutting the people that helped make your business successful, is the right answer.  Please don't misunderstand, I do not believe that people are "entitled" to keep their job, they have to continue to earn it.  I believe that jobs should be cut for poor performance and "I don't care" type attitudes, not because upper management makes a bad decision and takes it out on the employees.  I'm sick of tired of the employees that are here "just to get in their 8 hours", or attitudes like "They don't pay me enough to work any harder".  I have a suggestion, if Yahoo! has to cut costs, what's the cost of some of the upper management?  How many positions that are currently targeted for elimination could be saved by the reduction of one or two upper managers or members of the board?  Why can't they pay some of their profits back into the company?  That's where they came from, right?

I know this isn't a technical rant, and I'm sorry, but with the current economy, these fears are hitting everyone.  Let's at least talk about it, and face the situation head on.

More technical information to come; don't worry, but I'd love to hear your thoughts on this situation.

Until next time,

Rob!

Five Reasons Why Skipping Windows Vista Could Backfire

Shane O'Neill with CIO magazine just wrote this article.  It's an interesting read, check out the following article, it

http://www.cio.com/article/455911/Five_Reasons_Why_Skipping_Windows_Vista_Could_Backfire

While I thought the article was interesting, I've added my thoughts to his points below:

I agree that Windows Vista is a very good upgrade from Windows XP.  I moved to Vista at Beta 2 and while driver support has been infuriating at times, I have not regretted the early move.  While this article did highlight some good points, I DO NOT believe in scare tactics to get a person, or company to migrate to Vista. 

But even those companies are somewhat vulnerable to skipping Vista, Silver says, because, "Windows 7 is an unknown entity with unknown features and an uncertain time frame.

People have been saying that Windows Vista is "uncertain", and now they are suggesting that Windows 7 is uncertain too? 

1. Software Vendors Don't Support Old OSes Long Enough

I agree, it's not just the longevity of support for the OS, it's the support of the applications that run on top of the OS too.  This is application compatibility, and unless the authors of your applications also develop their new versions while the OS is being developed, there will be a lag in new application support.

2. OEMs Will Deliver Fewer PC Models with Old OSes Each Year

Yes, that makes sense.  This is always a struggle.  How many models of hardware, and software should be available.  The more models, the more options.  Unfortunately, the more options, the more difficult it is to provide adequate support for each model. 

3. ISVs Don't Support New OSes Soon Enough

Amen to that!  But honestly, how can you develop your applications when you're writing for a moving target?  This is the true challenge for everyone.  While Windows Vista was under development, our other development groups where trying to develop compatible applications.  This was a struggle since Vista itself was continuing to evolve through the development process.  I agree that we need application support sooner, but I also agree that this one is tough.

4. Microsoft's OS Delivery Schedule Is Unpredictable

Yup!  I agree!  We tried to deliver date driven software and we quickly realized we needed a better way.  We will deliver the software "when it's right".  With the right hardware, Windows Vista RTM was a great version of Windows Vista.  The problem was that there weren't many hardware platforms that provided the power and drivers for Windows Vista.  The lack of good driver support was the most infuriating part of my equation.  I kept trying to purchase Windows Vista ready hardware before Vista RTM'd, and it was a struggle. 

5. Remember You May Need to Pay Microsoft for Upgrades

OK, this one does not make much sense to me.  I've spent some time with our licensing, but probably not as much time as the author of this article.  He mentions Software Assurance (SA) and says if you don't own it, you can't predict your purchases.  Duh!  SA is a great addition to software purchases and it offers a lot more than just upgrades to the newest version of the software.  SA allows consistent budgeting for your software acquisitions.  Since SA is only ~1/3 the cost of the software, once you own the license, maintaining SA will provide all of the additional services included in SA, and the ability to always have access to the latest version. 

Until next time,

Rob!

Improve your Virtual Machine Performance

One of my peers just purchased a very impressive server class machine.  He's really proud of it, and he should be!  He has 2 quad core CPUs, 16GB RAM, and 2 TB of Disk space.  He built this machine to be a virtualization monster, so once he got it up and running, he created an EBS configuration, all in virtual machines.  I already have Virtual Machines of SBS 2008 and EBS 2008 running, so he pinged me to see if I had any suggestions on why his EBS installation was so sluggish.  Let me say this loud and clear: just because you can create a configuration in virtual machines, does not mean that these configurations are "supportable" in production environments.  We create a lot of virtual machines for demonstrations and education; not for production.  While Microsoft supports most of our workloads created in Virtual Machines in production environments, I have not done the "due diligence" to ensure that every one of my virtual machine configurations is 100% supportable in a production environment.  You must still do your "due diligence" to make the right decision for your situation. 

Back to the performance issue:  It turns out that you still need to tweak your host machine configuration to get the best performance possible out of your VMs.  Five years ago when I started working with Virtual Machines, I learned early on (especially on slower machines) that you have to work hard to put your VMs in the best possible position to be successful.  The rule of thumb is that you have to pay attention to Disk IO, CPU, and Memory (well what else is there??).  While these are not always ranked in this order, more often than not, Disk IO will be your first and most significant bottleneck.  While I was jealous of my friends 2 TB worth of disk space, it turns out that he only has two 1 TB drives.  Having three VMs running on two spindles creates a lot of disk contention since every Windows installation has its' own pagefile.sys and normal OS based disk IO.  When you factor in the host OS, you now have two OS' per spindle.  Killer CPUs and memory can compensate for some of the Disk IO contention, but CPU and memory cannot overpower this much of a deficit.  The lack of spindles can be the Achilles heel of this configuration.

Positioning your VMs on your "spindles" is crucial.  The faster the disks, the lower your disk IO and the better performance you will achieve.  I know it sounds simple, but when you mix in the complexity of virtual machines, you take on an additional layer of OS based IO.  Each VM also has its own pagefile.sys as well its OS based IO.  If you have a VM running on the same drive as your host OS, you now have two OS's competing for the same "spindle".  Drive performance has not improved that much over the last five years, and spindles are usually the first culprit when it comes to poor VM performance.  I actually have a Server Core VM that runs on my 8GB SD card.  It performs well, and it's kinda nice to have a second (small footprint) installation without adding an additional spindle.  Granted, there isn't a whole lot I can do with a small server core, but as I mentioned above, I create a lot of demo configurations, and showing off this additional VM does add some "pop" to my demonstration at a very little resource cost.

Windows Server 2008 now includes Resource Monitor, it's accessible directly off of the Performance Tab in Task Manager.  I really like this tool for its simplicity and "directness".  If the Disk graph stays "high", disk IO is most likely the culprit, but just like conventional performance tuning, it is usually a disk IO issue, but it could also be a "masked" memory issue.  Remember, if any machine does not have enough memory, the OS will spend all of its time paging virtual memory.  Since Hyper-V and VPC do not allow memory over-commit, I doubt memory on the Host OS will be an issue.  I usually suspect that disk IO is the true culprit.  I mention memory though because this is not an absolute rule; but 95% of the time, Disk IO is the problem.  There is a subtle memory problem that will look like a Disk IO problem, so lets take a look at it:  Let's say you create a VM with Windows Vista and you only allocate 512 MB of RAM.  Vista will install and run in 512 MB of RAM, but it's going to page like crazy, right?  So this VM is now paging like crazy into a VHD on a spindle.  You will see Disk IO as the bottleneck when in actuality, it's the fact that you didn't give your VM enough memory to adequately perform.  Again, use performance tuning common sense...

As a rule, I try hard to run only one OS per spindle.  I said OS, not VM, and I said spindle, not drive.  While spindles and drives can be the same thing, I usually take my primary drive and only carve out 40-60 GB as C:.  I then take the remainder of the primary drive and create a second partition with it.  If you put a VM on this second partition, you're in the same boat as if you had placed the VM on the C: drive itself.  Another thing to check; where is your pagefile.sys?  By default Windows puts pagefile.sys on the same partition as the OS, so unless you "tweaked" the pagefile.sys configuration, you should be OK, but it's giving it a quick check.  If pagefile.sys is on a different spindle, it will also create a lot of Disk IO.  I'd shy away from putting a VM on my OS drive, or my drive that hosts pagefile.sys.  Now if you put pagefile.sys on a separate spindle, your host OS will perform better, but you also loose the ability to generate some dumps in the event of a blue screen.  If your focus is to "totally tweak" a machine for performance, consider giving pagefile.sys its own spindle.  I've done a pretty often and I'm usually happy with the performance improvement.  Make sense?

When I create a "big" VM,  and my patience is low, I build the VM on my quad core, 8GB machine.  I've taken two spindles on this machine and striped them.  Striped drives (no parity) perform better than a single spindle since the Disk IO can be spread between the two drives.  Of course, the risks with striped drives still prevail; if one of the two drives fail, you loose the contents of your striped set, so be sure you have good backups.  This striped drive configuration has served me well when I've built VMs, or had VMs that I knew would create a larger than average amount of Disk IO.  SATA 3.0 drives have been very good to me as well, but I still have a ton of PATA drives and they make good spindles for VMs too.

I've also found that while Hyper-V does not support memory "over-commit" is does support CPU over-commit.  I usually have 3 or 4 VMs running on my quad core machine and I give each VM all 4 cores.  This configuration gives Hyper-V the ability to move the CPU resources to the VM that has the immediate need.  Since I, as a rule, give each VM as many cores as possible (4 is the current maximum per VM), I don't have to necessarily worry about CPUs as a potential bottleneck, I can almost always strike CPU bottlenecks from my list of immediate concerns.

As far as memory itself, I try hard to reserve at least 1GB for the host OS.  Hyper-V is very good at ensuring it has enough memory, so again, I don't have to worry about memory that much, so that puts us right back to the spindle performance concerns.  I have one 10K drive, and I've never seen that much of a performance increase with it so I finally just configured it as a boot drive for one of my Hyper-V machines and moved on.  At this point, it's just another drive that is still a lot more expensive than my larger 7200 RPM drives.  I'd much rather purchase two 7200 RPM drives than one 10K drive.  It just doesn't make sense to me since I try to build my hardware "on the cheap".

In summary, I try hard to allocate at least one spindle per VM, and if I know I'm going to have high performance expectations for a particular VM, I'll stripe a few disks to increase performance.  CPU's are the least of my worry, that's with the assumption that I've sized my CPU properly from the beginning.  Memory can still create 'wonky" behavior if you are too stingy with it, so be sure the scale your VM configurations just like you would any other configuration.

I hope my "informal" performance tuning thoughts have helped.  Please let me know if you have any tips & tricks to improve the performance of your VMs.

Until next time!

Rob

What's the Value of Server Virtualization

Virtualization has been a popular topic for a while now, but with this change in the economy, people are expecting Virtualization to take on an even larger role in helping us squeeze out every bit of efficiency possible.  I enjoyed reading the following CIO article, Virtualization Tops Gartner's 10 Strategic Technologies for 2009 .  Gartner now says Virtualization is the No. 1 strategic technology next year.  It's nice to see people recognizing the possibilities of Virtualization, but have you seen any real value from it? 

How's that for a question?  Virtualization has made a huge impact on the way I do business, but is it all really just hype, or is there real business value in this stuff?  To me, the answer is a resounding YES!  I've seen plenty of data points that show that Virtualization has made a positive impact on every customer that has been serious about using Virtualization as a tool, not as an answer.  Virtualization is another tool, and like any other tool, it should be planned and executed with discipline.  I hope you've seen business value in virtualization, but if you need more proof, check out this article I ran across today:  How Microsoft Hyper-V Helped My IT Shop Revamp Disaster Recovery.  I also read a few more articles on how Virtualization has reduced the server footprint, reduced electrical and A/C costs, and reduced the size of the Data Center itself.  Hopefully, the space savings in the server room hasn't just resulted in more office space.  The value of space savings, energy savings, or any other "savings' is only a "savings" if it actually helps reduce costs.  All of these are very good things and have a positive impact on the bottom line.  Now when you look at the value virtualization has also provided to DR, hopefully you can see this tool as a no brainer! 

I am nuts about Virtualization for all of the reasons above, but the biggest value I see in Virtualization is that it let's me squeeze every single CPU cycle I can out of my servers.  I'm tired of seeing the average CPU utilization sitting at less than 10%.  We must make sure we can get 80%+ utilization out of our CPUs.  I used to work for the highway department, and at the highway department they always had to plan and build highways that support peak usage.  Basically, highways are built to support rush hour.  If you could evenly distribute traffic throughout the 24 hrs of the day as opposed to the 2-4 rush hours a day, it would sure change the way we designed our highways.  This concept is a concept that Virtualization has already been solving!  With Virtualization, you can place some workloads that have their "rush hour" in the morning, and place a workload that has its "rush hour" in the evening on that same physical box.  This way, both applications are always available, but there's a give-get from a resource perspective. 

Of course, it's more complicated than the picture I've painted, we need to be more dynamic on managing our workloads.  When you couple Hyper-V with our System Center solutions, you can dynamically manage workloads and physical servers.  This gives you the ability to squeeze every bit of utilization you can out of your hardware while protecting your workloads from being choked out if one or two workloads start demanding more resources.  System Center gives you the ability to profile your physical servers to identify your best virtualization candidates, and then it gives you tools to "see" the current utilization and trending.  This trending information gives you the ability to predict workload increases before your environment becomes overwhelmed.  Not only do we need to manage our environment, but we still need to manage our backups.  System Center DPM also offers dynamic "near real time" backups for both your servers and your virtual machines.

Again, I've rattled off a lot of values Virtualization can provide to your environment, but planning is the most important step in Virtualization.  Virtualization is a great tool, but like any other tool, if it's not used properly its just another waste of time and money.

Until next time!

Rob

What's in a Name??

If you haven't been checking out the Windows Vista Blog, then you might have missed this.   We now have officially named the next version of Windows, code name "Windows 7".  And the new name is Windows 7!  Yes, it really is "Windows 7".  Why mess with a name that has worked so well?  Don't worry, this one will be short, but the truth is that we shouldn't be complicating our Operating Systems with hype around names. 

Windows 7 it is and I'm thrilled to see it.  Now I'm looking forward to seeing some of the features we have planned for Windows 7.  Bring on the PDC!

I have an update, We have a webcast that will talk about Windows 7 and the partner opportunities:

Windows Vista and the Road to Windows 7

Tuesday, October 28, 2008

12:30 pm PST

www.microsoft.com/digitalwpc

Presented by:

•          Rich Reynolds, General Manager of Windows Marketing

•          Allison Watson, Corporate Vice President of the Worldwide Partner Group

Topics include: 

•          Windows 7, the newest Windows Operating System from Microsoft

•          Opportunities around Microsoft Desktop Optimization Pack (MDOP)

•          Windows Vista and Windows 7 roadmap

•          Importance of continued investments in Windows Vista

•          Partner opportunities around Windows Vista mobility, security and PC management

•          Windows Partner Solutions – now for Enterprise SIs

Until next time!

Rob

First Thoughts on Installing Hyper-V Server

I installed Hyper-V server to see what we just released.  You can find setup information and the download bits here:

http://www.microsoft.com/servers/hyper-v-server/overview.mspx

The installation took no time at all, I was really impressed with the speed of the installation.  The "installation process" looks just like the Server 2008 installation process, just a whole lot faster.  This isn't a surprise since Hyper-V server is very similar (wink-wink) to a stripped down Windows Server 2008 with Hyper-V installation.  During the installation process, the Hyper-V role is the only one installed, or available.

Once the server is installed, the interface is very simple.  It starts with a menu that gives you just a handful of options to choose from.  The last option is to close the menu and go to a command prompt.  I tried that, and then I said (of course), gee I wish I had the menu back.  Well don't fret, you can always re-start the menu by executing the script Hvconfig.cmd.  It's located in the Windows\system32 directory, but just entering hvconfig.cmd from the command prompt should restart the menu. 

For the documentation, if you choose the Technical Resources drop down from the URL above, you can access the available content.  The Getting Started Guide will get you up and running, but the Configuration Guide contains a little more depth.  Honestly, the small amount of documentation on Hyper-V Server has left me a bit "Wanting", but there isn't that much to it, and it is designed to be managed remotely.

The remote management tools will run on Server 2008 (full installation), Vista SP1, and SCVMM 2008.

Take note that Hyper-V Server does have some limitations.  Of course we're not giving away all of the higher end features of Server 2008 Enterprise and DataCenter editions, but this a great option for your smaller configurations where one host machine running a few VMs is adequate. 

For the Virtual Machines, here are the limitations:

• 32-bit (x86) and 64-bit (x64) virtual machines
• Up to 4 virtual processors per virtual machine
• Total memory of all running virtual machines supported up to 31 GB.

For the Host machine, here are the limitations:

• x64 bit architecture with VIRT and DEP 
• Up to 4 processors, each can support 1, 2, or 4 cores 
• Hyper-V Server supports up to 32 GB of RAM.  Any additional memory will be ignored.

Here is the full FAQ, it's a good read:

http://www.microsoft.com/servers/hyper-v-server/faq.mspx

Some of the Hyper-V Server highlights:

• It's Free!
• There is no CAL requirement for Hyper-V Server itself.  Each guest VM must have its own CALs.
• Hyper-V Server supports all of the Windows Drivers; no subset, all of the drivers supported on Server 2008 are also supported on Hyper-V Server.
• BitLocker is supported on Hyper-V Server.  This makes Hyper-V Server a great solution for remote offices since you can still use BitLocker to secure your VMs from offline attacks.

Some of the Hyper-V Server limitations:

• You cannot manage virtual machines from the Hyper-V Server.  All of your VM management needs to be accomplished remotely. 
• PowerShell is not included in Hyper-V Server.  Again, we want you to manage it remotely. 
• Hyper-V Server does not offer High Availability.  If you need clustering, you need to move to Server 2008 Enterprise Edition, or DataCenter Edition.

The great part about Hyper-V Server is that it's an easy way (and free ) to get your feet wet on Virtualization if you haven't used it before.  But to be honest, if you haven't spent any time on virtualization yet, you'd probably be happier starting out with Virtual PC on your workstation or even the Server 2008 eval bits.  The reason I say that is that yes, Hyper-V Server is a quick and easy installation, but you must have a second machine to manage the server itself.  This means that you must have the remote management tools installed, properly configure the network, and then get both machines communicating.  Virtual PC installs faster and has a much more intuitive UI.  This was not built as a starter edition for virtualization, but it was built to be production ready and stable if you want to use it for that. 

Hyper-V is great at what it does, but some prior knowledge of Server, Hyper-V and management of Hyper-V will sure make the setup and configuration tasks of Hyper-V Server a whole lot easier.

Please let me know if you have any additional questions, I'll be happy to help.

Until next time!

Rob