Could the virtual appliance replace traditional software distribution?

Posted on By Mark Wilson

For some time now, VMware has been pushing the concept of virtual appliances as a new method of software distribution – a pre-built, pre-configured and ready-to-run software application packaged with the operating system inside a virtual machine – and the company has many pre-configured VMware virtual machines ready for download. Now Microsoft has come onboard, encouraging users to download pre-configured .VHD virtual hard disk images for Virtual PC or Virtual Server.

Microsoft sees this as an opportunity for customers to quickly evaluate Microsoft and partner solutions for free in their own environment without the need for dedicated servers or complex installations. VMware’s vision is a little broader and their Virtual Appliance Marketplace holds links to hundreds of virtual appliances from software companies as well as the open source community.

It’s certainly an interesting concept. Instead of installing an application on an operating system and then configuring it to suit, I can take an existing image, pre-configured by the software developers according to their best practice and greatly reduce the time to deploy an application. Of course, there will be issues around standard operating system configurations (many organisations will not accept an application unless it runs on their hardened operating system build) but this use of virtualisation technology has huge potential – and not just for demoware.

Getting iChat AV to work with users on other IM services

Posted on By Mark Wilson

I find the PC vs. Mac ads that Apple is running at the moment amusing, but it does strike me as odd that a company with a brand as strong as Apple’s would drop to what is effectively bragging (even p***s envy?). It seems I’m not the only one either – from listening to TWiT episode 76 earlier today, it seems that “virtually everyone who watches it comes away liking the ‘PC guy’ while wanting to push the ‘Mac guy’ under a bus“!

PC guy - Mac guy

But hey… what’s my point exactly? Well, according to Apple’s get a Mac website (at the time of writing), reason number 1 to get a Mac is:

It just works. How much time have you spent troubleshooting your PC? Imagine a computer designed by people who hate to waste time as much as you do. Where all the hardware and software just works, and works well together. Get a Mac and get your life back.”

Wake up and smell the coffee guys. I love my Mac, but it does not “just work”. That’s why I’ve spent hours (literally) using a third party utility to get iChat AV working without forking out for a .Mac account. It’s not the first time either, I’ve blogged before about how getting things to work on a Mac is not always as straightforward as it should be. I love my Mac but it has problems, as does any PC running any operating system (open or closed, proprietary or open-source).

This is what I had to do…

Apple iChat AV (I’m using v3.1.5 on Mac OS X 10.4.8) supports .Mac and AOL Instant Messenger (AIM) logins. It also supports Jabber – so I thought I’d prove the concept by getting it working with Google Talk (which is also based on Jabber). That turned out to be pretty straightforward – Google even provide instructions for configuring iChat for Google Talk. That’s all very well, but my contacts all use ICQ or MSN/Windows Live Messenger – wouldn’t it be great to get them all working within iChat? ICQ is another easy one… just add an AIM account to iChat and enter your ICQ number as the AIM screen name, but that still doesn’t help with any of the other services.

Luckily Melvin Rivera at All Forces has written a comprehensive article about iChat to MSN through Jabber. In theory, this should work for any service, since Jabber acts as a gateway for communication with the various IM networks. I followed Melvin’s article to:

  1. Download and install PSI.
  2. Create a Jabber account – I chose a UK provider – tuff.org.uk – largely because their site gives a lot of information.
  3. Register the Jabber account within PSI.
  4. Select the required services (I chose MSN and ICQ – I’ll probably add more later but an account is required on each connected service).

At this point, my MSN contacts all started to appear in the PSI client… although each one needed to be authorised (and the multiple alerts meant I had to force quit PSI a couple of times). Incidentally, if a load of contacts are stuck on waiting for authorization (this happened to me, and from reading the comments on Melvin’s article it’s not uncommon) right-clicking and selecting rerequest authorization from seemed to fix things (I then needed to open the alert which came back for each contact). I thought at first this meant getting all my contacts to approve me again but as long as the MSN servers know I’m not blocked from these contacts, the authorisation is immediate.

Now, here’s the bit that I didn’t work out immediately… once the contacts have been sucked out of MSN (or elsewhere) and into Jabber, quit PSI… otherwise all the IM conversations occur within PSI, instead of iChat.

Next, I configured iChat to use the tuff.org.uk Jabber server – the settings were the same as for Google Talk (except for the account name/password and the server). After that iChat was working with MSN and ICQ. For cross-platform instant messaging at least.

The next stage was to get video/audio conferencing working. This is where I roped in a friend, using another Mac, connected via ADSL from his home a few miles away. It took us a while to get things going – in the end it was a MacRiot article about port forwarding to avoid iChat AV no audio/video woes that gave the answer, referring us to Apple’s document about using iChat AV with a firewall or NAT router.

After opening TCP ports 5190, 5220, 5222 and UDP ports 5060, 5190, 5678 and 16384-16403 on my Internet-facing router, my friend was able to successfully invite me to an audio/video conversation (although for some reason I don’t see the icons to invite him). Incidentally, on a local network there will be additional ports required for client firewall configurations (UDP 5297, TCP/UDP 5298 and UDP 5353) and my Internet connection is NATted, so that is handled too. I just need to work out why I can’t see the options to invite contacts to audio or video chats (and to buy a webcam – my Sony CMR-PC1 is unsupported on a Mac and my DV camera turns itself off after a few minutes).

(Whilst I was cursing Apple for not making this easier, my mate Alex pointed out that getting video conferencing working on a Windows PC would probably be just as bad… I replied that Microsoft don’t state that their software “just works” – just as well really – and nor do Apple caveat their marketing rhetoric with “subject to firewall/network configuration”)!

Altec Lansing iM7 iPod speakers

Posted on By Mark Wilson

We have a birthday party planned for my son tomorrow and I need some sounds to entertain the toddlers. Okay, so 2 year-olds are probably more into Bob the Builder than Bob Sinclar but our portable CD player is… a bit weak. So when I saw Costco selling Altec Lansing iM7 iPod speakers for £117.48 I thought that they could be the answer to my problem (once the requisite childrens’ music has been ripped to my iPod). After going back to the car to get my iPod and trying them out in the store, I was convinced (blown away in fact).

Back in July, Mac Format ran a review on a bunch of iPod speakers and, predictably, the Apple iPod HiFi came out on top. Personally (before I’ve heard them), I think that the Apple speakers are ugly (unusual for an Apple product), and that Apple should have integrated the iPod into the unit instead of just placing a dock on the top. The iM7 still got 4 stars (not a bad review – especially as that’s more than the Bose SoundDock achieved) and, at half the price of the Apple product, they seem like a bargain to me.
Altec Lansing iM7
None of these products should be considered as a replacement for a decent HiFi system, but they are certainly good enough for portable music (holidays, parties, etc.). In fact, the only problem I’ve found is that the strong bass vibrates the cradle that allows my iPod Mini to sit comfortably in the dock!

My son likes them too… although he seems to be having difficulty understanding that they are not another birthday present for him!

Recovering a mailbox in Exchange Server 2003

Posted on By Mark Wilson

Last night I had a bit of a panic when I deleted a user account (and the corresponding Exchange Server mailbox). Strictly speaking, deleting the user and associated mailbox was not a mistake – but I deleted the wrong one. Luckily, it’s a pretty easy mistake to rectify – as described in Microsoft knowledge base articles 274343 and 823176.

There is one thing that it might be useful to be aware of – even though I kept running the cleanup agent the tombstoned mailbox didn’t show as disconnected (so I couldn’t reconnect or purge); however, like so many things in Exchange, I left it for a few hours (actually, it was overnight but I’m sure a few hours would have been fine) before refreshing Exchange System Manager and everything was as expected (after which I simply reconnected the mailbox to a new Active Directory user account and logged in successfully).

Windows Vista imaging and deployment

Posted on By Mark Wilson

However much I try to avoid it, as an IT infrastructure consultant, I always seem to get involved in operating system deployment. With that in mind, a couple of days back, I went along to an event at which Microsoft UK’s James O’Neill gave an interesting presentation on Windows Vista imaging and deployment.

Deployment of a PC operating system ought to be simple. It isn’t. Well, it can be, but only after a lot of hard work and planning. You see, unlike a closed system such as Apple Mac OS X, a Windows deployment typically has to support a plethora of different PCs – each with their own hardware variants (very few organisations have the luxury of a 100% standardised infrastructure – IT hardware simply changes too quickly for that). For many years now, the approach to deploying a PC operating system has been to use imaging software, e.g. Symantec Ghost, but there are complications around which images can be applied on what hardware, as well as licencing implications for any software included in the image – often images are created based on a combination of target hardware and end-user roles. Then there’s the data to consider – how are applications to be deployed, what will happen to user data (e.g. in an upgrade scenario), and what about system settings (Outlook profile, etc.). A managed deployment has many advantages around consistency (between images), manageability and reliability; however there is a huge cost attached to maintaining each image.

Since the creation of Windows NT, administrators have been able to automate Windows deployment using a system of answer files and either a product CD or a distribution share. This can be customised to roll out additional applications as well as to alter the Windows configuration and add OEM-specific items and it works well, but is slow to deploy and costly to maintain (often scripted installations are used to deploy to reference PCs from which images are taken).

Windows 2000 introduced the concept of booting a PC across the network using the pre-boot execution environment (PXE) to connect to a remote installation services (RIS) server and download an image. Later, this was extended to create the solution accelerator for business desktop deployment (BDD) and enhanced through the creation of Microsoft automated deployment services (ADS) – now renamed Windows deployment services.

Windows Vista employs a totally new deployment approach – using Windows Image (.WIM) files – look on a Vista DVD and there is no i386 folder (the main setup file on my Vista RC2 DVD is called install.wim). Those who have worked with BDD and ADS may already be familiar with an older version of the .WIM file format and the new version supports deployment to a new system, side-by-side installation, or in-place upgrades (actually, an in-place upgrade is a side-by-side installation which then transfers the settings from the old copy of Windows, which can safely be destroyed later). The Windows imaging approach supports modularisation of components, single instance storage, compression and file-based imaging – allowing many images and many image variants to be installed in a single .WIM file for deployment from optical media, or using deployment solutions such as BDD or Microsoft SMS. Importantly, deployment is non-destructive. Furthermore, Windows Vista does not have any of the restrictions around hardware abstraction layers (HALs) and so there is no requirement for hardware-specific images; and because the image is file-based (cf. disk block-based images), it can be mounted as a file system and manipulated offline.

.WIM files are structured as follows:

  • Header – with signature, version, GUID and indexes to images.
  • File resources – the actual image files.
  • Metadata – information about the files within the image.
  • Resource table(s) – effectively a directory tree for the files within the image, defining the file system.
  • XML data – information used to customise the image.

Windows imaging uses a system of filters, e.g. the .WIM file system filter (to edit image contents) and the WIM boot filter (not surprisingly to boot from an image). The main tool used for manipulation of .WIM files is imagex.exe (previously known as ximage.exe). imagex.exe allows the mounting and unmounting of .WIM files as a file system, whereby changes can be made before they are committed to the .WIM file. It is also used to create, append to and split image files, as well as for viewing the XML data about an image file. There’s also an API for programmatic manipulation of .WIM files – WIMGAPI. It’s important to note that, whilst there are both 32- and 64-bit versions of the Windows Vista deployment tools, they are compatible, so images created/modified with a 64-bit version of imagex.exe will still work on a 32-bit system, etc. Also worth noting is that the System Preparation Tool (sysprep.exe) still exists – images still need to be sysprepped – but there are new options around what the system should do on its first boot.

Whilst imagex.exe can be used to capture the contents of a running system, it’s not good practice, and Microsoft recommends that the Windows pre-installation environment (WinPE) is used instead. Because WinPE runs entirely in memory there are no issues around locked files and Windows PE 2.0 will be made more widely available than previous versions. James’ presentation also indicated that a file called winscript.ini can be used to specify exclusions (e.g. pagefile.sys, hiberfil.sys, \WINDOWS\CSC, \RECYCLER, System Volume Information, \$ntfs.log, etc.); however he’s since blogged that the .INI file is not required – the key point is that there are files which you will almost certainly want to exclude from an image.

Another important tool is the Windows System Image Manager – setupmgr.exe on steroids! This is used to build a catalog of .WIM file contents and then customise the file – e.g. to add components, or to customise settings, before validating the resulting unattend.xml answer file.

Other deployment tools, available for previous Windows versions but updated for Vista include the application compatibility toolkit and the files and settings transfer wizard (formerly the user state migration toolkit).

Bootable .WIM files are always called boot.wim. The boot process is as follows:

  1. Read boot configuration database (BCD) file. This tells the system what to execute and effectively replaces the boot.ini file found in previous versions of Windows NT/2000/XP/2003; however, unlike boot.ini it is not a text file – it must be edited using bcdedit.exe.
  2. Mount boot.sdi
  3. Attach boot.wim to boot.sdi
  4. Continue boot process.
  5. Install .WIM file system filter

The use of .WIM files is not limited to Windows Vista imaging – although they may be unsupported with other operating systems and there may be complications (e.g. I wrote a post last year about deploying Windows XP using ADS). Indeed, Windows Vista imaging technologies will also be used for the next Windows Server product (codenamed Longhorn), although because this is still a beta product, the details may be subject to change. Importantly, the tools provided for working with Windows Vista .WIM files are not all compatible with legacy operating systems.

It looks as though the new Windows Vista approach to imaging and deployment will be a steep learning curve for us all, but it should result in a more flexible, and manageable, approach to deployment – more information about Windows Vista deployment enhancements is available on the Microsoft website.

Quiet please (but I want to hear the sound on my PC)

Posted on By Mark Wilson

The PC that I use for most of my desktop work (actually it’s a Mac), is hooked up to an old amplifier and speakers in my den, cascaded from the living room when my wife made me replace my lovely 19″ hi-fi equipment (or “black loud crap” as she so tastefully referred to it) with something small and silver (or “girly” as I call it).

It sounds great (at least to me – an audiophile will probably tell me that 192k MP3s can never sound great) but has a drawback in that my den/office is opposite the childrens’ bedrooms and next to ours. This means that the lovely rich sounds which come through the amp run the risk of disturbing our sleep (and I have to remember to turn off the amp, lest an incoming e-mail – probably spam – wakes one of us in the night).

MaplinThis was proving inconvenient (I kept forgetting), so yesterday I bought a cheap 3.5mm stereo 2-1 adapter from Maplin and split the audio output from the PC to run to both the amplifier (rich, loud, quality sound) and the monitor speakers (small, tinny sound) – I could have used wireless headphones instead, but I don’t have any. Now I can hear the general PC system noises on the small speakers and when we’re all up and about I can turn on the amp to hear everything properly (the monitor speakers are still there, but the richer sound from the main speakers largely cancels them out – they effectively become repeaters). Now all I have to do is remember to turn off the amp when I leave the room…

More on booting Windows PE from a USB flash drive

Posted on By Mark Wilson

A few months back, I wrote about booting Windows PE from a USB flash drive. Early versions of PE didn’t make this very straightforward, but Microsoft UK’s James O’Neill has blogged about doing exactly this with Windows PE 2.0 in his article on getting started with Windows PE – it looks like it’s got a whole lot easier.

Hopefully, I’ll get some time to have a go at this soon.

Windows Vista product activation for volume license customers

Posted on By Mark Wilson

Working mostly with corporate clients has one significant advantage – I’ve largely been shielded from Windows product activation, as I’ve generally had access to volume licence keys (VLKs) – also known as volume activation (VA) 1.0; however with Windows Vista and VA 2.0, this looks set to change and there seems to be a lot of misinformation on the subject (e.g. rumours of enterprises having to run licence servers on Windows Longhorn Server, which is still a beta product and hence not recommended for production use). With that in mind, I thought I’d write a bit on the subject to (hopefully) clear up any confusion.

At a Microsoft event today, Microsoft UK’s James O’Neill was reluctant to discuss this (in my experience, Microsoft consultants and evangelists do tend to shy away from anything remotely related to licencing) but luckily I got chatting to Scotty McLeod from Perot Systems, who was extremely helpful and knowledgeable on the subject.

Scotty explained to me (and others) how the arrangements for corporate product activation will work. Basically, Microsoft has two systems for volume license customers:

  • Multiple activation keys (MAKs) will be made available, with each key valid for a defined number of installations. Activation will require contact to Microsoft servers and, once the maximum number of activations has been reached, the key will be prevented from activating any further copies of Windows. That sounds fair enough but these keys should be guarded closely (more closely than traditional VLKs) because if a key is leaked and administrators do install unofficially, Microsoft is unlikely to “unlicence” a machine. In effect, if you release the key and it gets misused, then it’s your problem!
  • Volume licence keys (VLKs) require that an organisation maintains its own key management server (KMS) – ideally two – to act as a proxy between Microsoft’s licencing servers and enterprise clients, validating and activating Windows Vista computers. Each client actively searches out an appropriate KMS for activation, which must occur within 30 days, retrying every 22 hours. If activation fails, then the installation will run in reduced functionality mode (RFM). Then, every 180 days, the Windows Vista computer will reactivate, with a 30 day grace period before reduced functionality mode is enforced. Effectively, Windows Vista machines will need to reactivate approximately every 6 months. Group policy can be used to control the warnings experienced by users.

So, when would administrators want to use MAKs and when would they use VLKs? MAKs only require activation once (unless there are a lot of hardware changes) and so are ideal for organisations with a dispersed user population that rarely contacts the corporate network. For the majority of users in most organisations that regularly connect to a corporate network then VLKs will probably be more appropriate.

There are some gotchas with VLKs though – for example, a multinational organisation with local purchasing policies will probably have many volume license agreements and will need to implement 2 KMS servers per territory. This is for two reasons:

  • To retain control and stop one territory from using all the licences purchased by another.
  • Because license prices vary globally and licencing terms generally prevent low cost licenses from one territory from being deployed in another.

KMSs also require Windows Vista or Windows Server codenamed Longhorn – with installation being performed via a script within the operating system installation (no GUI interface is provided). Fortunately, Microsoft also provides web-based reporting tools for VLKs, including computer names and how long is left until license expiry. One more positive aspect of the VLK arrangements is that if a licence is not successfully reactivated, then it returns to the pool – so if a laptop is stolen, then at least the licence will be returned within six months or so!

So, that’s Windows Vista product activation for corporate users in a nutshell. The Microsoft website has more information on VA 2.0 (as well as an FAQ) and there’s a My Digital Life article that also has information on the software protection platform (SPP), which is the version of product activation that users who are not subject to volume licence agreements will encounter.

Why Windows Vista doesn’t mean that XP is dead (yet)

Posted on By Mark Wilson

Last night, I wrote a post about how Windows Vista is finally here but that Windows XP users are long overdue a service pack. Well, having read it again in the cold light of day, I think I should add some clarification.

I’m not suggesting that organisations stick with Windows XP for an extended period (I believe that Gartner has suggested corporates wait until 2008 – although many organisations will have been looking at Vista for a while now and will be ready to upgrade before then). All I’m saying is “great, Vista is here, but we’ve been waiting for a service pack for XP for over 2 years and now you’re telling me it won’t be here until 2008”. After all, based on XP SP1 and SP2 release dates, we should have seen SP3 already and be looking at SP4 soon.

I also appreciate that even Microsoft doesn’t have infinite resources and that the Windows product group have been pretty busy with Windows Vista, Windows Server codenamed Longhorn, and keeping Windows Server 2003 SP2 on track. Maybe delaying service packs is Microsoft’s way of gently nudging us all towards Vista – after all they don’t want a repeat of the scenario where a report published in the summer of 2005 suggested that there were still more organisations using Windows 2000 than had upgraded to XP (3 and a half years after XP was generally available).

My personal view is that the majority of Windows Vista installations (at least in the first 12 months) will be from consumers and small-medium enterprises (SMEs). Many corporates will receive Vista on new hardware and downgrade to standard operating environments based on Windows XP and once these organisations do start to upgrade, I believe it will mainly be those with Windows 2000 PCs that move first. With that in mind, I figure that XP will be around for a while yet, regardless of Microsoft’s support lifecycle policy, which currently says that “Mainstream support will end two years after the next version of this product is released. Extended support will end five years after mainstream support ends”.

If Windows 2000 is anything to go by, then there will be many organisations running unsupported (or extended support) instances of Windows XP for a while yet.

Keyboard error

Posted on By Mark Wilson

Apple keyboards may look nice, but they do tend to highlight the dirt (most keyboards are pretty horrendous when it comes to hygiene but white and transparent plastic doesn’t really cover it up as well as beige or black) and after a few months of use, mine is looking pretty bad. It just got a whole load worse though when the CD-R pen that I was using (we used to call then OHP markers when I was younger!) leaked over the U, I and 9 keys. After removing the keys and spending about 30 minutes at the kitchen sink with washing up liquid and a scouring pad I’ve pretty much restored them to white (albeit with a faint trace of blue-black smudge) but if anyone has any tips for removing permanent ink from plastic then I’d be grateful to hear them.

In the meantime, Vincent McBurney has a tongue-in-cheek look at 10 tips for better keyboard hygiene.