2008 - Page 30 of 35 - markwilson.it

Hyper-V release candidate

Posted on Wednesday 19 March 2008 By Mark Wilson

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

For a couple of days now, I’ve been itching to write something about the Microsoft Hyper-V release candidate (RC), which was made available to beta testers earlier this week. Well, the wait is over as the (feature-complete) product was officially announced earlier today.

According to Microsoft:

The RC forms an important milestone in the development of Hyper-V and being feature complete, customers can now start to evaluate the final implementation scenarios with the knowledge that the upgrade path to the RTM of Hyper-V will be largely non-disruptive in terms of VM settings, VHDs, etc. In this release candidate of Hyper-V, there are 3 new areas of improvement including:

An expanded list of tested and qualified guest operating systems including: Windows Server 2003 SP2, Novell SUSE Linux Enterprise Server 10 SP1, Windows Vista SP1, and Windows XP SP3.

Host server and language support has been expanded to include the 64-bit (x64) versions of Windows Server 2008 Standard, Enterprise, and Datacenter – with English, partial German, and partial Japanese language options now available and the ability to enable the English version of Hyper-V on other locales.

Improved performance & stability for scalability and throughput workloads.

I’ll be upgrading my Hyper-V installations over the coming weeks but even running the beta has been a remarkably good experience, although so far I’ve failed to get the Linux integration components working (on SUSE or RHEL, 32 or 64-bit). I’m also pleased that Microsoft has released Hyper-V management tools for Windows Vista SP1, removing the requirement for another Hyper-V server in order to manage Hyper-V on a Windows Server 2008 server core installation.

There’s more information on the Hyper-V RC at the Windows Virtualization team blog and in the official press release.

UK customer launch for Microsoft’s 2008 product wave

Posted on Wednesday 19 March 2008Thursday 20 March 2008 By Mark Wilson

I’ve just got home from the UK “Heroes Happen Here” customer launch event for Windows Server 2008, Visual Studio 2008 Exhibition hall at the Microsoft Heroes Happen Here 2008 customer launch and SQL Server 2008 in Birmingham. It’s been a long time since I was this closely involved with a launch event and I’m pretty exhausted! I did manage to get some time off from the stand to attend some of the sessions so, after I manage to catch up with the inevitable mountain of e-mail that will greet me after a couple of days out of the office, I’ll try and blog something from the sessions I attended. In the meantime, most of the key messages were covered in the post I wrote after the press launch last month.

Recording Windows Media screencasts

Posted on Tuesday 18 March 2008Tuesday 9 September 2008 By Mark Wilson

Next month, I’ll be delivering a couple of presentations on behalf of the Windows Server Team UK at the Microsoft UK user groups community day. It won’t be the same without Scotty (who first invited me to take part) and I’ve never presented to a large group before so, frankly, I’m more than a little nervous (and if I’ve asked too many questions in one of your presentations – I’m thinking here of Eileen, Steve, John, James, Jason, et al. – now is the chance for you to get your own back).

Anyway, I’m working on some insurance policies to help make sure that the demo gods look favourably on me – one of which is pre-recording some of my demos. In truth, it’s not just to make sure that the demos run smoothly, but also to condense 10 minutes of activities down into 2 (watching progress bars during the installation of Windows components is hardly exciting). So, I’ve been recording some screencasts (aka. blogcasts, vodcasts, vidcasts, video podcasts, etc.) to fall back on. It turns out to be quite simple – based largely on a post that John Howard wrote a while back with recorder settings for Windows Media Encoder (WME).

First of all, download a copy of Windows Media Encoder (I used 9.00.00.2980) and it seems to run fine on my x64 installation of Windows Server 2008, although I’ve just noticed that there is an x64 version available that I will install and use next time.

Next, drop the screen resolution and colour depth. John recommended 800×600 pixels at 16-bit colour depth but I used a slightly different method, capturing just one window (a remote desktop connection to a another machine, with the RDP connection running at 800×600). I also found that the capture was a little taxing on my graphics hardware, so it was worth dropping back to the Windows Vista basic display settings for a while (I reverted to Aero once I had captured the video).

When WME loads, it starts a wizard to create a session – I chose to ignore that and configure session properties manually. The key items are:

Sources tab: Provide a name for your source, check video and select Screen Capture (click configure to select a window or region for capture), check audio and select an appropriate source (I chose to record without any sound and added a soundtrack later).
Output tab: Deselect pull from encoder, check encode to file and enter a filename.
Compression tab: Select a destination of web server (progressive download) with screen capture (CBR) video encoding and a voice quality audio (CBR) audio encoding, select a bit rate of 93kbps and edit the encoding to use Windows Media Audio Voice 9 and Windows Media Video 9 Screen, with a custom video format and no interlacing or non-square pixels, finally, edit the buffer size to 8 seconds and the video smoothness to 100.
Attributes tab: Add some metadata for the recording.

All other settings can be left at their defaults.

After recording (encoding) the required demonstrations, there should be some .WMV files in the output directory. I had planned to edit these on the Mac but decided to stick with Windows Media and downloaded Windows Movie Maker 2.6 instead. This is a little basic and a bit buggy at times (with some caching going on as I took several takes to correctly narrate the screencast, sometimes necessitating exiting and restarting the application before it would pick up the correct recording) but on the whole it was perfectly good enough for recording screencasts.

The resulting output was then saved as another Windows Media File, ready for import into my PowerPoint deck.

I’m not going to start screencasting on this blog just yet. Firstly, it will kill my bandwidth (although I could use YouTube or another online service). Secondly, writing is time-consuming enough – video will just be too labour-intensive. Thirdly, I don’t think I’ve found any content yet that really needs video. In the meantime, I’m hoping that this method will allow me to show some working demos at Microsoft’s offices in Reading on on 9 April.

Is Apple so cool that their stores don’t need safety notices?

Posted on Tuesday 18 March 2008Thursday 1 January 2009 By Mark Wilson

Last Sunday, I was looking after the kids for the morning to give my wife some R&R. I needed to head to the shopping centre (mall) in Milton Keynes, so whilst I was there, I decided to “drop in” to the new Apple retail store (as geeks do). OK, so it’s an Apple Store – light and airy – even if it is shoehorned into a standard retail unit (this is Milton Keynes, not Regent Street!) and it sure as hell beats the old “Apple Store” in Tesco! I wanted to pick up a copy of VMware Fusion and an for my iPod so that it can remain protected when I plug it into the iPod dock in my wife’s new Volkswagen.

I managed to get the last copy of VMware Fusion but was out of luck on the invisibleSHIELD (the “genius” I spoke to had never heard of it and tried to sell me a normal case), then I made the mistake of trying to leave the store…

I already mentioned that I had my children with me but I didn’t point out that they are aged 3 and 1, and as I wanted to move at a reasonable pace, they were both riding in a double pushchair. Being just a normal retail unit, it has a small lift, at the end of a short corridor at the back of the store, but it is definitely for customer use. I wheeled in the pushchair, my son pressed the button to go down and we moved the vast distance of about 18 inches before the lift stopped and there was a feint beep. I pushed the buttons but nothing happened. I tried to open the door but it was locked. I picked up the intercom but there was no dial tone – and no-one answering. At this point I was worried. It seemed I was stuck in a lift with 2 toddlers and no obvious way to call for help.

Purely by chance I moved the pushchair and the beep stopped. Then I pushed the button and the lift began to move. It seems that the sound was an alarm that cuts in when sensors detect that the lift occupants are too close to the edge (it’s the sort of lift that has a moving platform rather than a closed “box”) but where were the safety notices? And why hadn’t the intercom worked when I picked it up? Should I have pressed another button? I don’t know – there were no instructions!

It seems that Apple expects its customers to be technical enough to work these things out for themselves. Or maybe the display of some safety notices in the lift runs contrary to the aesthetics of an Apple retail store…

Category management in Outlook 2003 and 2007

Posted on Friday 14 March 2008Friday 14 March 2008 By Mark Wilson

Office 2007 has many improvements over previous versions but most of my colleagues use Office 2003. As I’ve had to install a virtual machine (VM) on my 64-bit desktop in order to run essential 32-bit applications (like our VPN client), I decided to stay as close to the corporate standard as possible and installed Office 2003 in the VM. One unfortunate side effect (apart from the many features that I am missing in Outlook) was the loss of the categories upon which much of my e-mail searching and filtering is based.

Earlier versions of Outlook featured something called the master category list, which could be transferred between PCs using a registry key export and import. Unfortunately, Outlook 2007 dispenses with this approach and instead stores the categories in the master store (mailbox or personal folder).

It seems that I can still search and filter on the categories that my mail was assigned to (they are just not in the master category list) but this also restricted me when adding new mail to categories.

In the end, I decided that reverting to Outlook 2003 was just too painful and I started using Outlook 2007 again to access my corporate e-mail.

The following links may be useful to anyone else who is trying to get to grips with categories in Outlook:

Where does Microsoft Office Outlook 2007 save my information and configurations? (there is some additional information on Sue Mosher’s Outlook 2007 Tips and Techniques blog).
Move an Outlook data file from one computer to another.
How categories and calendar labels from earlier versions are updated for Office Outlook 2007.
How to migrate custom categories to other users in Outlook 2002 and in Outlook 2003 (Microsoft knowledge base article 297405) – including links to previous articles for Outlook 97, 98 and 2000.
Restore the default colour categories.
Microsoft Outlook categories.

Hyper-V and networking

Posted on Friday 14 March 2008Sunday 6 April 2008 By Mark Wilson

For those who have worked with hosted virtualisation (Microsoft Virtual PC and Virtual Server, VMware Workstation and Server, Parallels Desktop, etc.) and haven’t experienced hypervisor-based virtualisation, Microsoft Hyper-V is fundamentally different in a number of ways. Architecturally, it’s not dissimilar to the Xen hypervisor (in fact, there are a lot of similarities between the two) and Xen’s domain 0 is analogous to the parent partition in Hyper-V (effectively, when the Hyper-V role is added to a Windows Server 2008 computer, the hypervisor is “slid” underneath the existing Windows installation and that becomes the parent partition). Subsequent virtual machines running on Hyper-V are known as child partitions.

In this approach, a new virtual switch (vswitch) is created and the physical network adapter (pNIC) is unbound from all clients, services and protocols, except the Microsoft Virtual Network Switch Protocol. The virtual network adapters (vNICs) in the parent and child partitions connect to the vswitch. Further vswitches may be created for internal communications, or bound to additional pNICs; however only one vswitch can be bound to a particular pNIC at any one time. Virtual machines can have multiple vNICs connected to multiple vswitches. Ben Armstrong has a good explanation of Hyper-V networking (with pictures) on his blog.

One exception relates to the connection of virtual machines to wireless network adapters (not a common server scenario, but nevertheless useful when Windows Server 2008 is running on a notebook PC). The workaround is to use Internet connection sharing (ICS) on the wireless pNIC and to connect that to a vswitch configured for internal networking in Hyper-V. Effectively, the ICS connection becomes a DHCP server for the 192.168.0.0/24 network, presented via the internal vswitch and I’m pleased to find that the same principle can be applied to mobile data cards. Interestingly, Hyper-V seems quite happy to bind directly to a Bluetooth connection.

Hyper-V network connection example

Using this approach, on my system, the various network adapters are as follows:

Dial-up adapters, including an HSDPA/HSUPA modem which I have shared to allow a VMs to connect to mobile networks in place of wired Ethernet.
Local Area Connection – the pNIC in my notebook PC, bound only to to the Microsoft Virtual Network Switch Protocol.
Wireless Network Connection – the WiFi adapter in my notebook PC (if there was WiFi connectivity where I am today then this could have been shared instead of the data card.
Local Area Connection 3 – the Bluetooth adapter in my notebook PC.
Local Area Connection 4 – the external vswitch in my Hyper-V installation, connected to the external network via the pNIC.
Local Area Connection 5 – another vswitch in my Hyper-V installation, operating as an internal network, but connected using the method above to the shared HSDPA/HSUPA modem.

This gives me plenty of flexibility for connectivity and has the useful side-effect of allowing me to circumvent the port security which I suspect is the cause of my frequent disconnections at work because the physical switches are configured to block any device presenting multiple MAC addresses for the same port.

Burning CDs/DVDs in Windows Server 2008

Posted on Thursday 13 March 2008 By Mark Wilson

One of the downsides of running Windows Server 2008 as a workstation operating system is the lack of native CD/DVD-burning capabilities. Quite why Microsoft decided that administrators don’t need to write optical discs from servers is anybody’s guess but it’s kept me busy for the last hour or so.

First, I installed the copy of Nero 7 Essentials (v7.8.5.0) that was supplied with my notebook PC. That looked good (apart from the number of “essentials” that it provides) until I came to create a CD and found that it would only let me record to an “Image Recorder” and not to the drive in my notebook (despite having been provided by Fujitsu-Siemens with the computer, it seems that this OEM copy doesn’t work with my hardware).

Next up, I tried cdburn.exe from the Windows Server 2003 Resource Kit. That didn’t want to co-operate with my 64-bit Windows Server 2008 installation (it may work on a 32-bit installation as I used it on my previous machine with Vista).

A few years back, I wrote about Alex Fienman’s CreateCD and the latest version is called ISO Recorder. Even though v3 works on 64-bit Windows (Vista and so presumably Server 2008) it didn’t recognise my drive.

Then I stumbled across a post from Aali, who had exactly the same issue burning discs in Windows Server 2008 – ImgBurn (v2.4.0.0) successfully burned the .ISO that I’d created with Nero to a blank disc and could even have done the whole job for me.

ISA Server client software

Posted on Thursday 13 March 2008Thursday 13 March 2008 By Mark Wilson

Fighting with ISA Server 2006, as I have been for the last few days, has given me an opportunity to refresh my knowledge of the various ISA Server clients. Actually, calling them clients is far more grandiose than is strictly necessary (only one of them involves the installation of client software), but the terminology that Microsoft uses is:

SecureNAT client. Any computer, with a working TCP/IP stack, pointing to the ISA Server for it’s default gateway (router) – or where the router (or series of routers) end with a router that uses the ISA server as its default gateway. This client operates at the network layer in the OSI model and therefore has no user-based access controls.
Web proxy client. A CERN-compliant web browser, with proxy server settings configured to point to the web proxy service on the ISA Server. This client operates at the application layer in the network stack and user-level authentication is optional.
Firewall client (formerly known as the WinSock proxy client). A computer running the ISA Server firewall client software to provide socket-based communications with the firewall service on the ISA Server. Operating at the transport layer, this client replaces the DLL for Windows socket (WinSock) connections so that communications between applications and their server components are routed via the the ISA Server (exceptions are configured in the local address table). It is possible to configure user-based access policy rules for firewall clients but the main advantage is that applications do not need to be firewall-aware; however there is a trade-off against the requirement to install the client software on each PC that requires access.

Further details of ISA client types are available in the Windows Server Tech Center.

Some more on using Active Directory for Linux/Mac OS X user authentication

Posted on Thursday 13 March 2008 By Mark Wilson

Last year I wrote a post about using Microsoft Active Directory (AD) to authenticate users on a Red Hat Enterprise Linux (RHEL) computer (and a few weeks back I followed it up for Mac OS X). This week, I’ve been re-visiting that subject, as I built a new FTP server at home and wanted to use AD for authentication.

In the process, I came across a couple of extra resources that might be useful:

If you want to avoid entering the logon name as domainname\username, then it is possible to configure a default domain for Winbind to use.
The Ubuntu documentation has a useful guide for adding a Ubuntu box to an AD domain and using AD for authentication.

As I was using an almost-new AD (not the old one that I have been tweaking for years), I found that RHEL5 (and Mac OS X 10.5) did not need me to disable digital signing of communications as recent versions of Samba include client side signing. The Samba documentation suggests that it is necessary to set client use spnego = yes in smb.conf when authenticating against a Windows Server 2003 domain controller but I did not find that to be the case with Samba v3.0.23c and Windows Server 2003 R2 with SP2 (perhaps that is the default?).

The following notes may also be useful:

SSH does not require any further configuration but if Samba is configured to use the default separator for domainname and username (\) then you will need to escape it – so the connection command would be ssh domainname\username@hostname.
This also works for FTP (ftp domainname\username@hostname) but I’ve not found a way to make a simple ftp hostname use AD for authentication.
Even though Linux/Unix usernames are case-sensitive, Windows ones are not, so any combination of lower and upper case is valid for domainname\username. Passwords do need to be entered in the correct case (as in Windows).

The delicate balance between IT security, supportability and usability

Posted on Tuesday 11 March 2008 By Mark Wilson

There is a delicate balance between IT security, supportability and usability. Just like the project management trilogy of fastest time, lowest cost and highest quality, you cannot have all three. Or can you?

Take, for example, a fictitious company with an IT-savvy user who has a business requirement to run non-standard software on his (company-supplied) notebook PC. This guy doesn’t expect support – at least not in the sense that the local IT guys will resolve technical problems with the non-standard build but he does need them to be able to do things like let his machine access the corporate network and join the domain. Why does he need that? Because without it, he has to authenticate individually for every single application. In return, he is happy to comply with company policies and to agree to run the corporate security applications (anti-virus, etc.). Everyone should be happy. Except it doesn’t work that way because the local IT guys are upset when they see something different. Something that doesn’t fit their view of the normal world – the way things should be.

I can understand that.

But our fictitious user’s problem goes a little further. In their quest to increase network security, the network administrators have done something in Cisco-land to implement port security. Moving between network segments (something you might expect to do with a laptop) needs some time for the network to catch up and allow the same MAC address to be used in a different part of the network. And then, not surprisingly, the virtual switch in the virtualisation product on this non-standard build doesn’t work when connected to the corporate LAN (it’s fine on other networks). What is left is a situation whereby anything outside the norm is effectively unsupportable.

Which leaves me thinking that the IT guys need to learn that IT is there to support the business (not the other way around).

Of course this fictitious company and IT-savvy user are real. I’ve just preserved their anonymity by not naming them here but discovering this (very real) situation has led me to believe that I don’t think company-standard notebook builds are the way to go. What we need is to think outside the box a little.

Three years ago, I blogged about using a virtual machine (VM) for my corporate applications and running this on a non-standard host OS. Technologies exist (e.g. VMware ACE) to ensure that VM can only be used in the way that it should be. It could be the other way around (i.e. to give developers a virtual machine with full admin rights and let them do their “stuff” on top of a secured base build) but in practice I’ve found it works better with the corporate applications in the VM and full control over the host. For example, I have a 64-bit Windows Server 2008 build in order to use technologies like Hyper-V (which I couldn’t do inside a virtual machine) but our corporate VPN solution requires a 32-bit Windows operating system and some of our applications only work with Internet Explorer 6 – this is easily accommodated using a virtual machine for access to those corporate applications that do not play well with my chosen client OS.

So why not take this a step further? Why do users need a company PC and a home PC? Up until now the justification has been twofold:

Security and supportability – clearly separating the work and personal IT elements allows each to be protected from the other for security purposes. But for many knowledge workers, life is not split so cleanly between work and play. I don’t have “work” and “home” any more. I don’t mean that my wife has kicked me out and I sleep under a desk in the office but that a large chunk of my working week is spent in my home office and that I often work at home in the evenings (less so at weekends). The 9 to 5 (or even 8 to 6) economy is no-more.
Ownership of an asset – “my” company-supplied notebook PC is not actually “mine”. It’s a company asset, provided for my use as long as I work for the company. When I leave, the asset, together with all associated data, is transferred back to the company.

But if work and home are no longer cleanly separated, why can’t we resolve the issue of ownership so that I can have a single PC for work and personal use?

Take a company car as an analogy – I don’t drive different cars for work and for home but I do have a car leased for me by the company (for which I am the registered keeper and that I am permitted to use privately). In the UK, many company car schemes are closing and employees are being given an allowance instead to buy or lease a personal vehicle that this then available for business use. There may be restrictions on the type of vehicle – for example, it may need to be a 4 or 5 door hatchback, saloon or estate car (hatchback, sedan or station-wagon for those of you who are reading this in other parts of the world) rather than a 2-seater sports car or a motorbike.

If you apply this model to the IT world, I could be given an allowance for buying or leasing a PC. The operating system could be Windows, Mac OS X or Linux – as long as it can run a virtual machine with the corporate applications. The IT guys can have their world where everything is a known quantity – it all lives inside a VM – where there will be no more hardware procurement to worry about and no more new PC builds when our chosen vendor updates their product line. It will need the IT guys to be able to support a particular virtualisation solution on multiple platforms but that’s not insurmountable. As for corporate security, Windows Server 2008 includes network access protection (NAP) – Cisco have an equivalent technology known as network access control (NAC) – and this can ensure that visiting PCs are quarantined until they are patched to meet the corporate security requirements.

So it seems we can have security, supportability, and usability. What is really required is for IT managers and architects to think differently.

markwilson.it

get-info -class technology | write-output > /dev/web

Year: 2008