I had a problem this week when I was trying to run some reports in OpsMgr 2007 R2.  Some reports were failing … either issues to do with “LT_Report”, missing parameters or internal failures.  If I played with the time settings for the report criteria then sometimes I’d get a result but not the one I was chasing.  The SQL Reporting database is running on SQL 2005.  I upgraded it to SP3 and that fixed the issue – I’m a bit hesitant about installing SQL service packs.

I really like the reporting feature of SCOM.  The reports in MOM 2005 always struck be as a bolt on.  Information and reports are an integral component of OpsMgr 2007 and 2007 R2.  You can navigate to just about any item in the monitoring view of the Operations Console and get a context sensitive link to the report console in the Tasks pane.

Reports can have hyperlinks to view further material.  For example, this week I’ve run availability reports on Hyper-V virtual machines, physical hosts, operating system installations and web sites.  A client asked about the uptime of a website on a server.  Bang: out came a report showing 100% up time.

You can build on this with Distribute Application modelling and the SLA (Service Level Agreement) module.  This allows you to get the ITIL view of your services (not windows services but services provided to users/customers).  You can then run reports on the SLA compliance.  How sweet is that?

Microsoft is to release an OEM Preinstallation Kit to allow OEM’s build a boot-from-flash version of Hyper-V Server 2008 R2.  That’s according to Jeff Woolsey who said today:

“One thing our customers and partners requested was the ability to boot from flash. Customers told us they would like to purchase a server from their hardware partner of choice with Hyper-V included and they wanted the ability to choose whether it was on traditional spinning media or flash media.

You got it.

Microsoft Hyper-V Server 2008 R2 includes the unique ability (compared to Windows Server Hyper-V) to boot from flash. We're making the documentation available to our OEM partners as part of the OEM Preinstallation Kit (OPK). Boot from flash is specifically designed for our OEM partners who want to ship an embedded Hyper-V hypervisor and thus will be supported via our OEM partners”.

You’ll also find on that post where Jeff compares the cost of running VMotion against the cost of Live Migration.  Many thousands of dollars/euros per server versus free.  That’ll make for a short discussion at the IT steering committee ;-)

Related to that discussion is the mention of Microsoft openly welcoming Veeam to the partner family.  Jeff mentions that Veeam are making a solution for the free Hyper-V Server 2008 R2.  Of course, we know how VMware bullied Veeam for producing a solution for the free ESXi because VMware wanted people to buy ESX instead.

ENN reported yesterday that “The Irish Times reports that Wicklow County Council has started to exam its 300 computers for references to the Whitestown illegal landfill, in order to comply with a request from the High Court”.

300 computers?  Does Wicklow County Council have that many file servers?  Nah, I’m just joking.  These guys obviously have no understanding of how to control over the desktop/laptop network so they’ve got a mess.  It could take them months to find related data; heck they might never live up to their obligations.

Here’s how they should have approached this:

1. Desktops and laptops should be locked down with no local admin access for users.  Dodgy apps should be “shimmed”.
2. Group policy should be employed to prevent access to the local drive on the laptop/PC.
3. Use policy (either Group Policy or 3rd party) to disable use of removable media.  You don’t want people trying to bypass compliance systems by usin USB drives to store dodgy information.
4. Forget roaming profiles.  Use Windows Server 2008 folder redirection to redirect all the possible storage locations you would need on a PC, e.g. My Documents, Application Data, etc, to the user’s home directory on a file server.
5. Configure offline access for the user’s home directory.  That means My Document, etc, will be available to users when the file server isn’t, e.g. roaming laptop users.
6. Set up a file server data retention system.  There’s lots of choices here.  If you’ve got a golden budget then something like a SAN based solution will work.  Normal backups don’t work – backing up a file once a day isn’t retention.  There’s a 24 hour window where data can exist and be deleted.  Maybe look at MS DPM, e.g. DPM-2-DPM-4-DR with a long retention period.  Or have a look at Iron Mountain LiveVault for incremental block level backups every 15 minutes.  With LiveVault there’s a almost certain change you’ll backup anything that ever gets near the file server and you can set up a retention period for your compliance requirements, e.g. 7 or 10 years.
7. You’ll need to set up a compliance solution for your mail server too.  Like with file servers, a daily backup is not a retention system for compliance.  Mails easily come and go in a 24 hour window.  Again, there’s nice solutions from the likes of CommVault.  And there’s the DPM-2-DPM-4-DR and Iron Mountain LiveVault.

What’s the result?  If the High Court demands you search for files then it’s a lot easier.  You only have one or two places to search.  All you’ve got to do is search those locations.  Forget about searching PC’s because your users don’t have the rights to write there.

As I mentioned recently, this cropped up again in the rumour mill.  The board oustings in Yahoo! after the previous failed negotiations seemed to have done the trick.

Yahoo! and Microsoft announced an agreement that will improve the Web search experience for users and advertisers, and deliver sustained innovation to the industry. In simple terms, Microsoft will now power Yahoo! search while Yahoo! will become the exclusive worldwide relationship sales force for both companies' premium search advertisers.

When I think about blade servers and storage, to be honest, I think about Fibre Channel (FC) SAN.  The Virtual Connect (VC) technology is pretty powerful.  Even today when talking about high uptime options for a client we decided on a “hot spare” blade where we could flip over the VC profile if the original machine died.

Fibre Channel SAN isn’t an option for everyone.  iSCSI is a powerful option, especially with 10GB Ethernet or Flex10 as HP brands it in their Blade System.  There’s a lot of questions you might have about iSCSI and HP BL Proliant servers so HP has published a handy 3 page FAQ that goes through support and options.  With something like iSCSI, HP Blades and Flex10 you could possibly set up Blade hosts to run Windows Server 2008 R2 Hyper-V with the parent partition on internal SAS disks and the cluster shared volume running on iSCSI.

The Configuration Manager Support Team has posted a step-by-step guide for doing OSD (operating system deployment) using ConfigMgr 2007.

Friday 31st of July is the day we systems administrators get showered with gifts from our co-workers and managers.  It’s a day of recognition for the hard work we’ve done, the nights of studying to stay up to speed, the calls at 2am on a Sunday morning.  It’s Sys Admin Appreciation Day!

Oh, I just woke up.  Sorry about that.  Same crap, different day ;-)

I’ve been getting a few search hits on my site where people are looking to see what the upgrade path is to Windows Server 2008 R2.  OK, it’s pretty simple really.  It’ll be bad news for some who didn’t keep an eye on the industry.  There is no 32bit version of Windows Server 2008 R2 so you must be running an x64 install to upgrade to W2008 R2. 

MS strongly that you don’t do an in-place upgrade.  However, it is safe if the machine is stable and only runs MS software.  Please test before doing the upgrade, e.g. make a copy of the server using virtualisation technology, e.g. P2V.

You can upgrade from Windows Server 2003 x64 to Windows Server 2008 R2 Full Installation.  You can upgrade from Windows Server 2008 x64 Full Installation to Windows Server 2008 R2 x64 Full Installation.  You can upgrade from Windows Server 2008 x64 Core Installation to Windows Server 2008 R2 Core Installation.

You can upgrade from one edition to the same edition or lower editions, e.g. from Standard to Standard, Enterprise or DataCenter.  You cannot upgrade from one edition to a lower edition, e.g. you cannot upgrade from DataCenter to Standard.

Here’s a basic upgrade path for Windows Server 2008 R2:

If you haven’t been following the developments in Windows Server 2008 R2 then this will be a surprisingly long read for you.  RDS encapsulates the further developed Terminal Services and Microsoft’s initial offering in the Virtual Desktop Infrastructure (VDI) space.  VDI will leverage a new Broker service, Hyper-V and Remote Desktop Protocol (RDP).

“This document describes changes in Remote Desktop Services (formerly Terminal Services) functionality that are available in this release of Windows Server 2008 R2, including changes to the names of role services and management tools. Remote Desktop Services provides technologies that enable users to access session-based desktops, virtual machine-based desktops, or applications in the data centre from both within a corporate network and from the Internet”.

OpsMgr 2007 R2 has the ability to integrate with other systems management products, i.e. forward alerts and continue to synchronise data related to the alert while the alert remains in the system.

This release of the Operations Manager 2007 R2 Connectors includes the following Connectors:

• Microsoft System Center Operations Manager 2007 R2 Connector for IBM Tivoli Enterprise Console
• Microsoft System Center Operations Manager 2007 R2 Connector for HP OpenView Operations for Unix
• Microsoft System Center Operations Manager 2007 R2 Connector for HP OpenView Operations for Windows
• Microsoft System Center Operations Manager 2007 R2 Connector for BMC Remedy ARS
• Microsoft System Center Operations Manager 2007 R2 Universal Connector

After all the hoopla, hand wringing and swearing (at the EU Eurocrats), there might never be a Windows E edition without a browser!

“Under our new proposal, among other things, European consumers who buy a new Windows PC with Internet Explorer set as their default browser would be shown a ‘ballot screen’ from which they could, if they wished, easily install competing browsers from the Web. If this proposal is ultimately accepted, Microsoft will ship Windows in Europe with the full functionality available in the rest of the world. As requested by the Commission, we will be publishing our proposal in full here on our website as soon as possible”.

If this passes then I suspect that in-place upgrades from Vista to Windows 7 should be possible for consumers in the EU.  It would be the perfect solution and should make everyone happy, no matter what their browser preference is.

By the way, if this happens and you do happen to get a “Windows 7 E” box, keep it in very good condition.  It could be a collectors item and be worth some money in 20 or so years.

“In this one-off video, Matt McSpirit, Partner Technology Specialist at Microsoft UK, walks through a bare-metal installation of Hyper-V Server 2008 R2 (RC) on 2 physical nodes, hooks them up to an iSCSI SAN, configures the SAN storage, and then, from a Windows 7 (RC) laptop, validates, and builds a Hyper-V Server 2008 R2 (RC) Cluster.  The end result?  A Highly Available, Live Migratable, Virtual Machine! All in about an hour!”

As people who have heard me talk about Hyper-V know, that claim of one hour is an honest one.  I built our initial Hyper-V production cluster from iron to quick migration stage in about an hour … from a hotel where I was doing a presentation afterwards.  WDS, some manual tweaks, Hyper-V, clustering … badda bing!  All done.  Sure, it was my third build so things went quick.  Why 3rd?  Initial build to develop, second to pilot, third for production.

iwkyrqj2nt

One of the readers (“Aris”) of this site has written a clever little tool to take your ISO/DVD for one of the newer Windows OS’s and make an installer from a 4GB (or more) USB stick.  I got a 4GB USB with the Windows 7 RC installer on it and it’s proven to be very handy.  Anyone wanting to put a new version of Windows on a machine without a DVD drive (some servers, netbooks and desktops/laptops) will want to do this.

Well done to the author for writing this utility!

This is a feature I’d heard of once or twice in passing but never really looked into.  The idea is that you can assign unique IP address to either a user session or to an application on a Terminal Server.  Why?  Mainly it’s to do with compatibility with applications or compliance with regulations where sessions are identified by an IP address.  Normally everyone on a Terminal Server is using the single IP of that server.  That might cause a problem with some situations.  Microsoft details some of those here. 

They continue to talk briefly about how to configure it in that post.  A follow up post talks about how to configure Remote Desktop IP Virtualisation using Group Policy.

Finally, there is a document you can download from Microsoft that covers the subject.

“Remote Desktop IP Virtualization provides administrators the ability to assign a unique IP address to a program that is available by using RemoteApp and Desktop Connection. In this guide, we will configure Remote Desktop IP Virtualization and access it as a standard user by using RemoteApp and Desktop Connection”.

As has been widely reported, MS has created a special edition of Windows 7 for the European Union called Windows 7 E.  It will not have IE installed.  This prevents upgrades from Vista.  In the EU, you will only be able to get this E edition via retail chains – there will not be the normal edition.  I suspect volume license purchasers will be able to get normal editions because they may be supporting users/customers outside of Europe.

This post tells you how to get a browser on your new Windows 7 E PC.

Microsoft has published a VHD Getting Started Guide for Windows 7and Windows Server 2008 R2:

“This guide provides an introduction to virtual hard disks (VHDs) in Windows 7 and Windows Server 2008 R2. It includes an overview of technologies that you use to configure VHDs, as well as procedures to help guide you through deploying VHDs”.

I’ve done nothing but talk about this since last October when details first started to get out from Redmond :-)  I’ve done a number of presentations including this one at PubForum recently.

 The virtualisation team at MS has done a blog post.  What’s new?

• Support for 64 Cores with up to 384 running VM’s and/or 512 virtual processors.
• Support for AMD RVI and Intel EPT.  That emerges in the form of SLAT which I blogged about recently.  Basically, we get offloading to the hardware for the mapping between physical RAM and virtual RAM.
• On the networking side we get jumbo frame support.
• 10GB networking
• Chimney support is added.
• VMQ (virtual machine queue) offloads processing of network traffic from the parent partition to the network card processor.
• Storage: Cluster Shared Volume, i.e. many hosts in a cluster sharing a single volume for storing many VM’s.
• Dynamically expanding VHD’s now reach 87% of the performance of the underlying physical disk.  Fixed size is at 94% as before and is still the recommended solution where you want VHD features and performance.
• You can hot add/remove virtual machine storage.
• New IC’s are on the way (currently RC2) to offer complete support from MS for “SLES 10 and 11 and Red Hat Enterprise Linux (RHEL) 5.2 and 5.3 for both x86 and x64”.
• Core Parking reduces power utilisation by powering down unused physical cores in the host server.
• Drum roll please: Live Migration is here. You can move a VM from host A to host B with no noticeable downtime .. it’s just a few milliseconds, less than any network protocol will notice.
• Processor compatibility mode allows VM’s to migrate between hosts with physical processors of different generations.  You’re still bounded to either all AMD or all Intel.  That’s done by tuning back functionality.
• With other W2008 R2 functionality you get a all MS VDI solution.
• A new version of Hyper-V Server 2008 R2 with CSV and Live Migration support.
• If you do want to go Core Installation then there’s the SCONFIG tool to rapidly configure the host.

Coming soon?

• Microsoft released 20,000 lines of GPLv2 licensed code to update the kernel of Linux distributions.  If all goes well, all future Linux distros will be Hyper-V enlightened out of the box.
• There is a new version of VMM 2008 R2 coming.  It will offer support for all of the new Hyper-V features.  It also brings in Quick Storage Migration to quickly move VM's from one location to another with minimum downtime, e.g. move a VM from a per-LUN installation to CSV with 1 minute downtime VS 1 hour.  There's also a new maintenance mode for hosts and some cool SAN integration.

Windows 7 has RTM’d.  It’s official.  The build number is 7600. 

Windows Server 2009 R2 also RTM’d. 

Check my previous post for when you can expect to get your hands on them (legitimately).

Well done MS!

EDIT#1:

Here's the official sign-off:

Here's the original announcement by Steve Ballmer and Steven Sinofsky:

 
Windows 7 Sneak-Peak from MGX

Finally, someone gets it.  Antivirus should be small, simple and not try to be all things to all people.  It’s when this software gets bloated that it becomes a hindrance.  I’ve installed Microsoft Security Essentials (test version) on my Windows 7 RC laptop.  It’s small and light; I barely know it’s there.  It’s aimed at the home market but the SOHO’s are just as likely to use it.  It’s very simple and small, accomplishing what Forefront Client Security tried to do … until it bundled/required MOM 2005 so the management server became huge. 

Combined with Windows Firewall (firewall, obviously) and Windows Defender (spyware) you have a nice free solution for Internet security without having to buy dodgy yellow-pack software (you know who I mean) on a subscription basis.

The beta is currently restricted to United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only).  19 markets are to be added to the beta in the coming months.  There is a leaked copy out there but I'm not recommending anyone use it.

A nice simple summary that anyone can understand.  You get the usual context menus in Explorer so you can also kick off a manual scan.

I can quickly trigger manual updates.  Automatic updates will be via Windows Updates, i.e. silent.  I've read that updates could be as often as 3 times a day.  Updates to the program will also be via Windows Update; maybe once a month.

Here I can see things that have been detected.

Here’s an alert I got when I downloaded Eicar, the test virus.

And here’s the result of a clean task.

My history was updated.  This is what it deleted: file:C:\Users\AFinn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1E60T29B\eicar[1].com.  The file I was downloading never made it to the desktop where I was saving it to.

My laptop will do a scan in the morning while I’m having breakfast :-)

These are the actions when a threat is found.

Real-time protection is set up nicely by default.

You can exclude specific paths from the scan.

I’ve added VM disk file extensions from the scan to improve their performance.

You can exclude certain processes, e.g. if you were running an MSDE.

Here’s the advanced settings.  I’ve added the option to scan removable drives: I use USB drives quite a bit for photo storage and project work.  I've seen some people commenting that an infeaction clean is slow.  Yes, because it is preceded by a snapshot.  This gives us a rollback in case of a false positive.  For example, remember when a certain yellow-pack AV started removing Excel spreadsheets late one Friday night a few years ago?  Imagine if it had taken a snapshot first ... people wouldn't have lost files.  They could have restored them quite simply.

Finally this is how you feed back security information for MS to analyse.

All in all, this is a very simple product.  Notice that there aren’t dozens of menu items with settings hidden all over the place?  Notice it doesn’t try to be my Net Nanny?  Notice that some 3rd party firewall hasn’t broken my home network?  Sweet.

It must be a slow news day in the UK.  The main story on Sky News is an investigation they did into laptop and PC repair shops.  The loosened a memory board and sent in a researcher to several shops for repair.  There was activity tracking software installed and it also used the web cam to record.  A number of shops faked faults and copied personal information from the laptop.  The video is here and the report is here.

If you are bringing a machine to one of these places then put in a blank disk and install something on it.  That’ll keep your data safe.  However it won’t do anything for claims of other repairs being necessary.