Get safe online

Posted on By Mark Wilson

I was at Microsoft’s UK campus last night where, since last week, lots of plastic cubes (just like the logo below) and even stickers on the mirrors in the washrooms have appeared displaying the message “Get Safe Online”.

Get Safe Online

No-one from Microsoft was allowed to say what it’s all about yet, but some quick googling turned up the National High Tech Crime Unit (NHTCU)’s Internet safety campaign – Get Safe Online (Project Endurance), which is a joint government and private sector initiative aimed at helping consumers and small businesses to use the Internet safely (due to be launched at the end of October) with partner organisations including the UK Government, BT, Dell, eBay, HSBC, LloydsTSB, MessageLabs, Microsoft UK, the NHTCU, Securetrading and Yell.

So far GetSafeOnline is just a single page, but I’m sure more will follow.

Other Internet safety sites include the United States GetNetWise initiative.

Exchange Server 2003 SP2 is now available

Posted on By Mark Wilson

Back in July, I blogged about what to expect when Microsoft ships service pack 2 (SP2) for Exchange Server 2003. I’ve just heard that SP2 has been released for downloadread more on the You Had Me at EHLO (Microsoft Exchange team) blog or check out the top 10 reasons to deploy Exchange Server 2003 SP2 on the Microsoft website.

How to get a free copy of Virtual Server 2005 R2

Posted on By Mark Wilson

I blogged a couple of months back about how Microsoft Virtual Server 2005 service pack 1 (SP1) has been repositioned as Virtual Server 2005 release 2 (R2), effectively meaning that existing users need to re-license to take advantage of the new features. There may, however, be a glint of hope for some of us in that I heard a rumour recently that registered Virtual Server 2005 SP1 beta testers will get a free copy of Virtual Server 2005 R2 when it is released.

You can register (using a Microsoft passport) at Microsoft Beta Place, providing vssp1BetaTester as the guest account (this must be entered exactly as shown) and then self-nominating for the MS Virtual Server 2005 with SP1 program. You should receive an e-mail notice when you’ve been accepted into the program.

Microsoft virtualisation futures

Posted on By Mark Wilson

Last week, John Howard presented a Microsoft TechNet UK event about virtualisation. I’ve blogged about Virtual Server before and there is a good overview white paper on the Microsoft website. What I found particularly interesting was the insight which John gave into where virtualisation technology is heading (at least in the Microsoft space).

Microsoft are keeping quiet about where Virtual PC is heading (the official answer to various questions that I raised about the future of Virtual PC was “Virtual PC is not going to be quietly killed off – however we have not made any announcements about the Virtual PC roadmap at this stage”) but there is lots happening with Virtual Server.

First of all, we have Virtual Server 2005 release 2 (R2), formerly service pack 1 (SP1), which is expected to provide a number of improvements over the current release, including:

  • A 64-bit port of the Virtual Machine Manager to support Windows Server 2003 x64 Edition and Windows XP Professional x64 Editions as hosts.
  • Support for Windows Server 2003 service pack 1 as a guest operating system (currently SP1 is newer than the Virtual Server 2005 virtual machine additions and so does not perform well as a guest – as detailed in Microsoft knowledge base article 900076, although Microsoft product support services will also supply the latest additions on request).
  • Support for non-Microsoft guest operating systems (with rumours of virtual machine additions for SUSE and Red Hat Linux, and a revival of the OS/2 support inherited with the purchase of the original Connectix product which Microsoft developed to become Virtual Server).
  • Improved manageability through pre-boot execution environment (PXE) boot support within the virtual machine BIOS.
  • Bug fixes.
  • Performance improvements (up to a 60% improvement for memory intensive applications and 50% better host CPU utilisation).
  • A SCSI shunt driver (i.e. better support for SCSI mass storage device driver installation at bootup).
  • iSCSI clustering support.
  • Virtual hard disk (.VHD) pre-compaction tool.
  • Saved state (.VSV) hard disk space reservation.

Also, when R2 is released there will be a free download (and supporting white paper) called Virtual Server host clustering. This is Microsoft’s answer to VMware Vmotion, allowing virtual machines to fail over between hosts using shared disk clustering (direct attached storage, SAN, or iSCSI). Virtual Server host clustering will be agnostic of guest operating system and Microsoft see two scenarios where it will add significant value:

  1. Planned downtime – allowing live migration of a virtual machine whilst running (effectively a save and restore state). Initial figures indicate that on an iSCSI disk, a virtual machine using 128MB of RAM would fail over in 10 seconds.
  2. Unplanned downtime – migrating virtual machines to another cluster node in the event of failure, albeit with a restart as the virtual server state would be lost when the original node fails.

Post-Virtual Server R2, a service pack is expected (although the cynic in me asks whether it will be repositioned as a new release…) which will offer support for Intel virtualization technology (formerly codenamed Vanderpool) and equivalent technology from AMD (codenamed Pacifica). These technologies will provide hardware assistance for virtualisation, enabling improved performance for non-Windows operating systems (Windows performance is already improved through the use of virtual machine additions, which will no longer be required). Current milestones (obviously likely to change) are for a public beta in the first quarter of 2006 and release to manufacture (RTM) in the third quarter.

VMM arrangements

Further out, in the Longhorn Server wave will include technology called Windows virtualisation for servers (codenamed Viridian), avoiding the requirement for a host operating system.

Windows Virtualisation Architecture

Windows virtualisation for servers is based on a thin, trusted software layer, sometimes referred to as a hypervisor (although this term actually belongs to IBM, hence the long-winded Microsoft product marketing name) and a separate, small, management partition, designed as a foundation role to reduce the attack surface (sometimes known as “MinWin”). Windows virtualisation for servers does require hardware support (there are no device drivers as such as these would impinge on the trusted status of the hypervisor, although an API for independent software vendors is provided at a higher level) and is supplemented by a virtualisation stack with a WMI provider and virtual machine worker processes as well as a system of virtualisation service providers (VSPs) that provide a hardware sharing architecture (for storage, video, keyboard, mouse, USB devices, etc.) and virtualisation service clients (VSCs) that expose the hardware to the kernel, linked by a high-speed in-memory interconnect called the virtual machine bus. The final element of this technology has been christened “enlightenments” – optimisation technologies possibly best illustrated by way of an example:

  • In today’s virtual environments, guest operating systems are unaware of the fact that they are running on virtual hardware. This means that both the host and the guest operating system(s) perform their own memory management. If the guest were to be enlightened and made aware that virtualisation is in use, then this “doubling-up” could be avoided.

The ring numbers in the diagram refer to the four privilege levels within the Intel x86 processor architecture, with -1 being a new level for the hypervisor layer. Windows currently uses ring 0 (kernel mode) and 3 (user mode), with virtualisation additions running in the rarely-used ring 1 to allow non-trappable instructions to be trapped, thus avoiding negative impacts on the host environment (a technique known as ring compression).

There is no doubt in my mind that virtualisation is becoming ever more important, particularly as an enabler for the dynamic data centre. These enhancements to Microsoft Virtual Server, supported with by the new processor designs from Intel and AMD mean that Microsoft is finally set to become a real player in the enterprise virtualisation market.

Using ADS to deploy Windows XP

Posted on By Mark Wilson

One of the main reasons for needing to SysPrep my Windows XP installation was that I wanted to see if it is possible to use Microsoft Automated Deployment Services (ADS) to deploy Windows XP.

Microsoft has a plethora of deployment solutions and the main one for workstation deployment is the solution accelerator for business desktop deployment (BDD); however the enterprise edition of this relies on the use of Microsoft Systems Management Server (SMS) and the standard edition requires third-party imaging tools.

Microsoft Remote Installation Services (RIS) is a perfectly good PXE boot server included within Windows 2000 Server and Windows Server 2003 but what I like about ADS is that it uses PXE to boot a miniature version of Windows Server 2003 (not Windows PE) called the ADS deployment agent (DA), which allows control from the server end. Using this technology, sequences can be built up to powerful jobs that control most aspects of a server build and I wanted to do this with a Windows XP workstation build.

The official line from Microsoft is that ADS is not supported for Windows 2000 Professional or Windows XP. Microsoft states that it is not possible to use ADS to deploy Windows XP or Windows 2000 Professional because:

“In addition to licensing constraints, the design of ADS is limited to servers as follows:

  • There is no ability to migrate user state, thus all user information is lost when a new image is applied.
  • ADS is designed to run on server-class hardware and cannot handle the diversity of client hardware.
  • ADS deploys images using a ‘push’ method and does not allow users or staff to initiate a deployment from the client computer.
  • Clients often exist behind slow links and ADS is designed to operate over a well-connected network.”

But ADS works with Windows 2000 Server and Windows Server 2003 (which is very similar to Windows XP in many ways) so I thought it must be possible. In addition, Windows Vista deployment will use Windows Deployment Services (WDS), and although I haven’t looked at WDS, the Windows Automated Installation Kit (WAIK) User’s Guide for Windows Code named “Longhorn” says that:

“WDS enables companies to remotely administer and deploy the latest operating system, using Windows PE and WDS Server. This deployment scenario can be fully unattended, and is customizable and scalable. [WDS] replaces the existing Remote Installation Services (RIS) deployment technology.”

(that sounds like a development of ADS to me!)

One of my ex-colleagues at Conchango pointed me to Paul Edlund’s blog post on using ADS with Windows XP.

This gives advice on SysPrepping the source machine to dump all of the plug and play IDs into the sysprep.inf file (thus avoiding issues with the variety of client hardware).

Quoting from Paul’s article (with minor edits for flow and grammar):

“This allows you to take an image from one machine and use it on a different desktop (assuming the HAL is the same). To perform this step, create a blank sysprep.inf file in the same directory as sysprep.exe. Now open the sysprep.inf file and add the following text to the first line of the file:

[SysprepMassStorage]

Without this tag in the file, SysPrep will run but it won’t put anything in the file (so you can’t forget this). Now save and close sysprep.inf and run sysprep -bmsd. This will dump all of the plug and play IDs from the driver.cab file into the sysprep.inf file. These IDs are used to populate the critical devices database in the registry.

Now copy the contents of the [SysprepMassStorage] section and paste it into the actual sysprep.inf file you want to use from the ADS sysprep.inf templates. The problem is that you will now have populated a huge number of entries in the critical devices database which means that every time your XP machine tries to start, it will try to load each of these drivers, resulting in a very long startup time. So to stop this from happening, add the -clean switch when running SysPrep.”

The SysPrep syntax which Paul gives for the next step didn’t work for me, but I ran sysprep -clean followed by sysprep -reseal -mini -pnp -reboot (although I think the last switch should have been -noreboot as my source computer booted into the mini-setup wizard after SysPrep had completed and I really wanted it to shut down).

There’s some more information in Paul’s article about the various SysPrep switches and the need for a blank administrator password on the source PC (Microsoft knowledge base article 302577 details the usage of SysPrep including the various command line switches).

Screen shot with the ADS deployment in progress

Using Paul’s article, combined with the information in the ADS quick start guide (part of the ADS installation), I was able to successfully capture and deploy a Windows XP image in a Virtual Server environment although there were a couple of gotchas (two of which are related to my use of a virtual environment):

  • Because I’d already SysPrepped the source PC, I couldn’t use the supplied capture-image.xml sequence without editing it to drop the first step (actually I just used the boot-to-da.xml sequence and a one-time job to run the /imaging/imgbmdeploy.exe command with the imagename \device\harddisk0\partition1 "description" -c -client parameters).
  • Also, my use of dynamically expanding virtual disks in Virtual Server meant that the volume size was recorded by ADS as 17166127104 bytes and so I had to use the ADS sequence editor to edit the parameters in the da-deploy-image-wg.xml sequence to use /C:16371 before the deployment was successful.
  • Finally, as the current version of Virtual Server doesn’t include PXE boot capabilities, I needed to use a virtual floppy disk with the contents of the RIS boot floppy (for details, see my earlier post on trials and tribulations with RIS, although Roudy Bob’s virtual RIS boot disk has moved so the link in my original post seems to be broken).

It’s also worth noting that because I was using Virtual Server, all of my hardware was standard. I’d be interested to hear how anybody gets on with this using a variety of physical workstations, but I didn’t have the time or resources to take the experiment that far.

To summarise, capturing and deploying Windows XP using ADS works, but it is not supported by Microsoft. It’s still something to think about if you’re willing to take that risk (I’m not prepared to risk an unsupported solution on my current project with 16,000 workstations spread across hundreds of sites) but if nothing else it’s a good way to spend some time familiarising yourself with SysPrep and ADS.