Category: TechEd EMEA IT Pro

I started of talking to Jalasoft.  They produce extensions for OpsMgr 2007 to monitor things like network devices and other OS’s and applications.  My interest was in Cisco network devices.  License is around $100 per device.  There is a Jalasoft console purely for configuring connectivity to the monitored devices and identifying what ports to monitor and what rules to enable.  All monitoring activity and reporting is done in the OpsMgr console.  Looks nice.

I moved on to Ask The Experts: Hyper-V.  I raised my AV issue which raised some eyebrows – they want to swap some emails on the issue.  I also raised NIC teaming.  MS is working on fixing that.  No timetables.

Then on to HP.  I brought up HP’s Network Configuration Utility NIC teaming for Hyper-V.  It’s the #1 issue for their internal S/W development right now.  They are working with MS on resolving the issue.  They admitted poor communications with the public.  There will be announcements in a few weeks time.  It will be an industry solution rather than a HP solution.

I then talked to Beyond Trust (t-shirt!).  They provide a solution where no one needs to be an admin.  You use GPO to define tasks that require admin rights.  Anytime their agent sees this running, the task is elevated as an admin but still runs as the user.  All logging shows the user doing the work.  GPO is per user and per machine.  Using loopback you can get into some nice scenarios for controlling admin usage.

The exhibition hall isn’t open so here I am.  Much of what’s discussed is old technology but it’s good to get it all as one message – a nice refresher.  I’ve either deployed already or am doing it in the next couple of months.

Jeff Wettlaufer and Sacha Dawes from MS speaking.  The two big complaints they hear about is space and power management.  True enough – I can relate to that.

• 2/3 of enterprises increasing data centre budget.
• 82% of data centres track SLA’s
• Data centres to consume 2% of USA power by 2009
• 42% of data centres to exceed power capacity in 12 to 24 monts
• 66% of data centres have already deployed virtualisation.
• 81% of customers doing server consolidation in net 2 years.
• 50% of European and USA enterprises adopted ITIL.
• 10% of IT budgets for compliance.

System Center can assist with some of this:

• Configuration management
• End to end monitoring
• Server compliance
• Data protection and recovery

There’s too much time being spent in the presentation telling us what we already know – the pain points in the data centre.  It’s very repetitive.

Planning

The first step in deployment is modelling, i.e. System Center Capacity Planning.  It’s limited to SCOM and Exchange still.  Has been for years unfortunately.  That’s a powerful tool that should be more widely adopted by MS, e.g. Hyper-V.  We get a demo of Capacity Planner for OpsMgr 2007.  SCCP is a free download and having used it for Exchange 2007 I’d say it’s a bit clunky to use but well worth getting used to because it’s a powerful estimation tool for hardware specification and Exchange deployment.  There’s not too many of us who really need to use it for OpsMgr 2007 to be honest.

Deployment

Use System Center to deploy operating systems.  Same for Vista as for W2008.  Same for XP as for W2003.  You’ve got MDT, WDS or ConfigMgr.  Can also use these deployment tools for VM’s – better to use System Center VMM for template deployment.

Multicast was added in WDS – that’s the built into Windows Server imaging solution.  BTW, it’s very disk efficient on the WD server.  It’s creates file based images and uses single instance storage across images… hence a file is stored once on the server.  Ghost is sector based so you can’t do this.  But, WDS is limited to NTFS file systems.

Leverages "panther" the new installation routive introduced in Vista.  Steep learning curve but well worth doing.  If you’re here, talk to Rhonda Layfield in "Ask The Experts": she’s the queen of this stuff.

W2008 configuration is very easy to script and hence can be automated 100% using SCCM task sequences or by using an unattend script which runs after install using WDS.  Check my Server Manager document.  SCCM task sequences was the big coding project in the last release.  You know what that means: it’s going to be leveraged more in the future.  It lives on top of WDS so you’re using WIM images just like WDS, ImageX, MDT, BDD, etc.  Task sequences also allow you to deploy BitLocker and configure it via the wizard.  Useful for branch office W2008 servers in insecure locations.

Update Management

Deploy via WSUS.  ConfigMgr allows you to set up scheduled and recurring maintenance windows for reboots and integrates with the OpsMgr 2007 agent to avoid unnecessary alerts.  Check my blog for a scripted solution for WSUS and OpsMgr maintenance mode.  ConfigMgr allows integration with W2008 Network Access Protection to ensure compliance.  Advanced reporting on compliance and updates.  Desired Configuration Management can highlight absolutely critical updates not being installed with a tiny bit of customisation.

Consolidation = Virtualisation

Use OpsMgr 2007 and Virtual Machine Manager 2008 via PRO connector to audit potential hosts and VM’s.  ConfigMgr can audit hardware specs for potential hosts.  VMM is recommended if you run a few Hyper-V hosts and can also manage ESX … obviously so you can migrate to Hyper-V 😉  PRO connector also allows rating and recommendations of which hosts to best deploy a VM on using a simple star rating mechanism. ESX admins using Virtual Center will find it familiar to use.

End-End Monitoring

OpsMgr 2007 can monitor everything it can discover and offer best practice guidance.  It monitors everything from hardware to application and all points between, including the Hyper-V hypervisor.  Health, performance including in this section.  I can confirm from experience that it really works.  It can ID failing hardware (HP written free Proliant management pack) before the hardware fails.  I’ve replaced RAM proactively before it totally failed in the past.  MS bringing in Linux/UNIX support natively using cross platform extensions.  You can model "services" (ITIL point of view) using components: network devices, servers, disks, functions, synthetic session monitoring, etc.  If anything in the model fails – the owner of the "service" knows and can easily drill down to ID the issue.  SLA monitoring can sit on top of this.  Lots of reports on granular or SLA detail.  You can model your security to control access to the service (admin or operator or read only operator).  You can have granular control, e.g. monitored object classes, e.g. SQL, or a set of servers so: a DBA can monitor all SQL servers or an application owner can monitor all equipment that runs their "service".  This all uses management packs written by the vendors of the monitored products, e.g. HP, Dell, Citrix, MS development teams, etc.  There are 3rd party management packs and you can author your own (a true black art).

Compliance

Two products.  ConfigMgr Desired Configuration management allows you to define templates of what compliance is for your servers/applications.  You can author your own or download ones, e.g. SOX, HIPPA, EU data protection, for MS products.

OpsMgr Audit Collection Services sucks security log entries up in "near realtime" into a central database.  You can secure this so administrators have no access and only security officers/auditors have access.  You can run reports on all this stuff, e.g. who logged on using privileged accounts, where, when and what did they do.

Service Manager (probably end of 2009 or early 2010 – it keeps slipping) will tie the tools and their databases together.  It’s a work allocation tool – more than just a helpdesk.  Work allocation doesn’t mean more work for engineers – it can be allocation to automation solutions.

A new term: "configuration drift".  This is a measure of how far your services move away from desired configuration over time.

Release Dates: Config Mgr V3: 2010.  DPM V3 2010.  OpsMgr R2 2009.  Service Manager V1 2010.  Ops Mgr V4 2010.

Hour 1 doesn’t have anything new that is grabbing my attention.  Just as well.  MS Ireland took the Irish delegates out to a local restaurant and the wine (when it eventually arrived) was flowing.  I’ll head to the exhibition hall to collect some t-shirts for an hour.

Have I mentioned this venue sucks?  They ran out of coffee at 8:30 this morning.  The guys staffing the desks just shrugged their shoulders.  And not a single taxi driver knows this city.  I can navigate it better than them and I’ve been here since Sunday.  You tell them "internacional convencions centre" and they pull a Manuel on you.  It’s the same with hotels.  Tip: Have a map with you and just point to where you want to go.

So that overpaid bunch of people is at it again, justifying the employment of way too many marketing people.

• The next version of desktop is still called Windows 7.
• The next version of server is Windows Server 2008 R2 – same code base as Windows 7.
• Terminal Services is renamed as Remote Desktop Service
• The free extensions for OpsMgr 2007 are being bundled to give us Operations Manager 2007 R2 aka a software assurance release to keep legal happy.

My battery is running flat (lesson: switch to "power saver mode" when running on batter you idiot!) so I’ll probably finish this one tomorrow – some of us Irish folks are meeting up tonight for a couple of drinks/dinner.

As you should know, the next generation TCP stack in Vista was a big change for the better.  It offers solutions to serious productivity issues when teamed with Windows 2008.  Reminder: the Tolley Group Study.

Personal story: I’ve tried this with Vista accessing an SSL W2008 SharePoint server this week from Barcelona.  The server is on the net in Dublin and I was on a crowded WiFi LAN.  It was like being on the same LAN as the SharePoint server.  I know that XP could not have had the same performance over this (very) latent link.

The presenter is a woman from MS Turkey.  Needs for now: IT Pros need flexibility, mobility and performance.  Users want seamless networking.  They don’t care about wifi, broadband, LAN, VPN, etc.  Windows 7 offers:

• DirectAccess to services on W2008 R2
• VPN Reconnect and Mobile Broadband
• DNS Security
• BranchCache
• More SMB enhancements
• URL based QoS – handy for dense web servers.
• Support for Green IT – power savings I guess?

Mobile Access: Had to patch them now.  Hard to manage.  We have some functionality with native installs of SCCM 2007.  Difficult for users to access internal resource remotely.  Windows 7 offers a "corporate network boundary" to include assets no matter where they are.  Easier to service remote PC’s.

Direct Access

We now get a demo of the seamless remote access to internal resources.  It works as if she was on the LAN in MS.  It works over IPv6 … IPv6 addresses are unique across all machines in the world.  A DirectAccess server monitors traffic on the border.  The PC has a client.  It scans the destination address.  If it’s a corporate internal address the client traffic is directed to the DirectAccess server running on Windows Serve r0208 R2 – "Split Tunnelling".  You can use a proxy if you don’t like this process.  This entire solution allows tunnelling over IPv4 UDP, TLS, etc.  NAP can sit in here to ensure that the client only gains access if it is compliant with corporate policies.  W2003 can be remotely accesses using IPv6 addresses – there’s a patch.  IPSec is used to secure the session between the client and the DirectAccess server.  It is not required within the corporate intranet but recommended (as usual – but rarely done).  The solution assumes the client is on an insecure network.  NAP assumes the client is non-complaint and must prove itself.

Strategy:

• Be ready to deploy/monitor IPv6
• Full server or selected server access
• How much bandwidth?

Windows 7 clients:

• Windows 2008 R2 DirectAccess Server
• DC, DNS, AD, PKI, Applciations server, etc … IPv6.

During deployment:

• Use DirectAccess config wisard to set up server.

VPN Reconnect

Mobile broadband is unreliable.  Windows 7 will persist network connectivity to automatically reconnect the VPN tunnel when the underlying network is back online.  Seamless for the user.  The policy defines how long of an outage is tolerated.  Default is 30 minutes.

Mobile Broadband

Bad experience for user.  Requires dodgy 3rd party software.  More management.  Windows 7 provides PNP for mobile broadband devices.  End users just plug and connect.  Better for network providers, admins and users.

Branch Office

There’s two optimised networking solutions, one for a deployment with a server and one without:

• Distributed Branch Cache: desktops/laptops use broadcast to ID potential caching hosts on the LAN (only 1 VLAN) that already have downloaded the block ID’d by the hashing algorithm.
• Host Based Brach Cache: Clients get the ID of the block and check a central cache on the LAN.  It’s a single host over many VLAN’s (configured by GPO).  If it’s already cached, get it locally, otherwise the client downloads and forwards to the cache.

Either way, sessions/locks are maintained.  Read is optimised, a write uploads the entire file 🙁  GPO manages things.  There is no current policy for aging/retention of cached blocks.   We want to get rid of servers from the branch office but the best solution is host based (requiring W2008 R2 for cache and server).  The services supported are file share (SMB) and web (HTTP/HTTPS).  SSL and signing supported. 

Deployment: Distributed – GPO, Host – Role installation.

SMB Enhancements

Transport Caching: The Win7 client caches open file share files locally.  Reads are local.  Writes are written to the server.  User transparent.  Better WAN performance for the user.

Example.  Client 1 downloads a file.  Client 2 requests a download. Caching (distributed or host BranchCache) makes the blocks available to client 2 from client 1 or a server.  Client 2 request a new open – it’s loaded from a local cache on client 2.

Improved Office Experience

Office is very chatty; constantly reading open file content.  New optimisations consolidate this to a single stream of traffic. 

Offline Files

We now get regularly admin controlled 2 way synchronisation of files – with windows for busy periods.  This allows corporate data synchronisation and user experience optimisation over the WAN.

DNS Security

DNSSEC secures DNS against man-in-the-middle attacks.

URL QoS

QoS policies can be defined for specific URL’s.  Consider a single web server with many web sites.  Should all web sites be tarred with the same brush: some are more important than others.

Green IT

Wake on Wireless LAN: Wake up a host, perform maintenance, put it to sleep.

Smart network Power: idle NIC’s are put to sleep.  DON’T USE FOR "SERVERS".  Consider distributed BranchCache where clients rely on other clients for WAN optimisation.

Q&A

BranchCache is based on block level tech. Similar to DFS-R but new code.

Remote management via Direct Access gives seamless access for the IT Pro and user.  Consider remote admin for ConfigMgr.  It might now be dead.  You can even ping a remote machine with this technology.

BrachCache: Any write activity sends the entire file over the WAN, not just the changed blocks.  BOO! Riverbed and Citrix still have a window, even if you only care about SMB and HTTP(S).

The BranchCache is ACL’d and encrypted.  Pre0-staging is possible but only via scripted download.  MS provides a clever API for their or partner later use for direct media pre-staging (ideal solution). 

BranchCache generated the most questions and interest from this session.

I mainly went there to introduce myself face-face to my MVP lead, Wally Mead.  It was an interested session where Wally did a demo that people followed, just to show them the functions of System Center Configuration Manager 2007.

There’s loads of SCCM sessions here at TechEd EMEA 2008 and they’ll jump into more detail.  Well recommended if you’re interested.

The Keynote presentation was all about Dynamic IT and how Hyper-V makes IT more efficient (power, hardware) and flexible (mobility and quick to deploy).  MS’s argument is that virtualisation without management doesn’t give you dynamic IT.  Hence, VMM 2008 and OpsMgr 2007 via PRO.  You use a "single pane of glass" to manage the infrastructure, not point solutions, as you would have heard if you’ve heard me speaking about Hyper-V.

BTW, the venue is tiny.  A huge amount of us were in another room watching a tiny screen.  We could not see the presentations, speaker or demonstrations.  Come on Microsoft!  Amsterdam was much better than this place!  And it smells too (don’t ask me what it smells like!).

The demo uses the food ordering demo built on multiple servers that MS has been using for a while.  A web server running as a VM was no longer able to get required resources so it slowed down.  OpsMgr recognises this.  Via PRO, VMM can recommend an alternate VM and us quick migration to move the VM to another host with more resources.  Of course, using Live Migration in Hyper-V in Windows Server 2008 R2, the VM has no perceivable downtime, e.g. VMotion in ESX.

Sidenote: I’m also reading at the moment that VMware are to cut software prices by 10%.

And there was a reminder that virtualisation is multiple technologies, not just machine virtualisation (servers and PC’s).  MS purchased Kidaro to implement their own VDI solution aka VECD – a user logs into a virtual PC via a terminal or dumb PC via RDP.  App-V is the renamed new version of Softgrid or application virtualisation.  Applications are streamed into self contained packages.  They execute on a PC but are not installed … they are self contained.  Presentation virtualisation is Terminal Services – no explanation required there, I hope.

System Center manages it all – OpsMgr, VMM, Config Manager 2007 R2 (App-V).

"Announcements": Hyper-V server, VMM 2008, App-V 4.5 for SA customers and MAP.  Nothing new to be brutally honest.

There is a claim that the MS Hyper-V and System Center solution for 5 hosts is 1/3 of the price of VMware VI.  If you make use of authenticated host licensing with free OS’s for the guests then you certainly will see this.

MS deploys around 10,000 new servers a month.  I’ve heard this before.  The new data centers are huge, e.g. Grange Castle in Dublin – open in 2009.  A new one in USA is powered using hydro-electric.  Another uses local recycled water for cooling.  They’re trying to do greener IT – virtualisation allows this.  If you order a server in MS, virtual is the default.  You need to justify and specify a physical machine to get it.

There was a demo of cross platform extensions, e.g. manage other OS’s and applications from System Center.  Some of this is by MS and some of this is by 3rd parties (WS Man & Open Pegasus).  This uses OpsMgr 2007 R2.  Application showed modelling of Oracle, Apache, SUSE and Solaris alongside Windows and IIS.  The model included synthetic transactions.  This is 6 months old news 🙁  We also see a "new" feature in R2 for SLA management/reporting.  That’s available now to OpsMgr 2007 customer as a free download (Service Level Dashboard Management Pack).

Operations Manager 2007 R2 will be a public beta by the end of November.  I’m hoping there is actual new functionality in R2.  I’ve not heard it yet 🙁

ForeFront: It’s based on System Center: MOM and WSUS.  The new version will utilise existing installations of OpsMgr and WSUS.  That’s a major improvement.  Naturally, he reminds us that Active Directory is key to ID management.

Enterprise Business Server 2008: the 3 server solution for medium sized enterprises.  Some announcements on November 12th.

Windows Server 7 aka Windows Server 2008 R2.  R2 is the official name.  There is an "M3" pre beta release available for download.  The 3 focus points:

1) Virtualisation

• Hyper-V: Live Migration, more cores (64 or more),
• Remote Desktop Service is a renamed Terminal Services.
• VDI out of the box.

2) Management

• Powershell 2.0.  Remote execution and more commandlets.
• Best Practice Analyser will use modelling. 

3) Better Together

• Vista and W2008 R2 working better together.
• Do remote computing without VPN, e.g. TS Gateway/ VDI
• BitLocker to go: protect external devices, e.g. thumb drives or USB drives.
• Branch Cache: BOI solution for caching data that traverses the WAN.  Think like WanScaler or Riverbed.

Now we get the demo of Branch Cache.  We see a streaming video over a slow WAN link.  The performance sucks.  But the data is being cached by a branch office server on the local LAN.  Data is cached as it traverses the BO server and is locally replayed with out traversing the WAN whenever the data is requested again.  Access security is maintained – this is not a proxy.  This will be fantastic for branch offices and similar latent network architectures if this really works when it’s released.  Could be a real cash saver when compared with Riverbed Steelhead or Citrix WanScaler.

AC Milan (the football club) runs Hyper-V, System Center, SQL, Vista and Office 2007.  That explains David Beckham 🙂  They use the solutions for business: to analyse the health of and extend the careers of their players.  It’s called "Milan Lab".  Lots of player interviews in the demo about how they’ve improved thanks to MS 😉  Why don’t Paul Allen’s (MS founder and retired executive) Seattle Seahawks do this?  They’re crippled by injuries.

Next version of SQL is named as "Kilimanjaro".  A new feature to make data analysis easier via Excel called "Gemini".  This was a troublesome live demo by a jolly Italian gentleman.  Holy Blue Screen Batman;I thought MS banned live demos!  It integrates with SharePoint.  Nice.  Not very exciting to an IT Pro like me.

Now onto Software + Services.  Here comes BPOS (Business Productivity Online Services) and Azure.  There’s a demo.  The local AD is replicated to the online service.  Yes – BPOS allows integration of on-site services with online services.  Think of ADAM replication with AD.  You also have Exchange integration between on-site and online.  Your online user accounts can be managed on-site.  Sweet.  You can have on-site, online or hybrid implementation such as what I just described.  This will be very popular for small businesses and large ones with branch offices.  The services will be available from partners in Europe in the Spring.

Azure Services Platform:  A SaaS platform for cloud computing.  Using familiar tools, devs produce solutions and IT pros deployed it on the MS cloud platform.  The solutions is "out here" on a fluid hosting platform.  The speaker had nothing else to say.  I’m sorry but Azure is the biggest thing that MS has done in years and deserves more time and a demonstration.  It ties together so many technologies in a really useful way to resolve real business issues and cloud computing is a very current topic. Boo!

I just arrived in Barcelona and was met by what felt like a hurricane.  There doesn’t appear to be a dedicated bussing system in place this year between the airport and the conference centre.  Instead I caught a taxi, not feeling like getting lost on a mass transport system for the day.  Between the taxi and the conference centre I got SOAKED.  I smell like wet jeans!  If you’re reading this in the conference centre right now, that’s me you smell in the black IMTC 2008 baseball cap.

I’ve registered and and I’m sitting in the arrivals hall, making the most of the free wifi access.  I’m looking outside and I can see this place has either gotten battered by the weather or hasn’t been well maintained.  My first impressions of the building: it’s a glorious tribute to 1980’s architecture 😉

My advice to anyone coming here: bring waterproofs and don’t be an idiot like me and forget your international power socket adapter kits.  I’m facing the prospect of trying to hunt some down – I’m not thinking that will go well.

The hall opens tomorrow at 8 and we have between then and 2PM to play in the hands-on labs.  Based on my experiences in Amsterdam, they’re usually crowded at the best of times.  The keynote will be at 14:00 tomorrow (Monday).  Hopefully the speakers will remember that this is an IT Pro crowd and not start telling us about the wonders of the newest generation of Visual Studio tools – 99.999% of us couldn’t care less.  There’s other cooler things to talk about: Azure, Windows 7, BPOS, Hyper-V 2.0 and VMM 2008.

I’ll hang around here a little while and let the rain die down.  When my battery dies I’ll brave the elements and head into the city to find my hotel and maybe some food – I haven’t eaten in 14 hours and I’m starving!!!!  No, Aer Fungus, I won’t pay €9 for a dried up sausage and a slice of bacon swimming in fat.

Damn I hate airports and airlines … at least I can enjoy the rest of the week until I face them again next Saturday.

Anywho … my agenda for tomorrow as of now is:

• Morning: Labs
• 14:00 Keynote
• 16:00 SEC201 Do These Ten Things Now or Else Get 0wn3d! – Steve Riley rocks.
• 17:45 MGT04-ILL Management Pack authoring – a dive into the black art of OpsMgr 2007.
• 19:00 Welcome Reception – including "Speaker Idol" 🙂

I’ll be off to Barcelona for TechEd EMEA IT Pro 2008 for all of next week.  I’ll be blogging as much as possible of my experiences.  I also aim to do a session for the Windows Server 2008 User Group Ireland on the highlights of the week.  I’ll be going out on the country night for the Irish party on Wednesday.  I’ll also be attending the MS International Community party on Nov 6th.  Things I aim to watch out for include:

• Anything by Steve Riley.
• I’ll also be attending the Mark Minasi sessions.
• ConfigMgr.
• OpsMgr.
• Hyper-V and VMM.
• Windows Server.
• Hopefully some Azure briefings.
• Anything that makes data centre management and remote access services easier.
• Free t-shirts and assorted swag 🙂