Month: January 2007

The Windows Server Division Weblog posted a link to this tool today.  In Microsoft’s words:

The Windows Server Virtualization Calculator provides two ways to estimate the number and cost of Windows Server Standard Edition, Enterprise Edition and Datacenter Edition licenses needed for your virtualization scenarios to help you determine the most cost-effective edition of Windows Server.

One of the MCS team also blogged about this online tool and reminded us that this tool will also be useful for those considering VMware technologies instead of Microsoft’s solution.

Microsoft has just released part one of a 3 part series deployment and maintenance guide for IE7.  In their words:

This is the beta 1 release of the Internet Explorer 7 Deployment Guide, and contains only the first of three parts. Please submit feedback to IEdeployfb@microsoft.com.
This guide helps you to plan and carry out a deployment of Microsoft Internet Explorer 7 on Windows XP and Windows Server 2003. The guide describes the system requirements and deployment methods, as well as the techniques to maintain and support Internet Explorer 7 after deployment

Speaking from experience, IE7 deployment with WSUS was both silent and pain free.  I’ve been using IE7 since last Spring and have loved it.  Tabbed browsing and the RSS reader have been great additions.

This month, Mark has included an absolute tonne of information on how to use the Windows System Image Manager from the Windows Automated Installation Kit for creating automated deployments of Vista.  In case you don’t know, WSIM is used to create the new format of answer file that is required for silent automated Vista intsallations.

While working with WSIM, you may also want to check out some of my earlier posts:

• Injecting drivers into Windows PE
• A step by step I did when creatign a bootable Windows PE Cd with additional drivers
• A whitepaper I did on Windows Deployment Services – the Windows 2003 SP2 replacement for RIS

Whether you use Terminal Services, Citrix, 2X, ProPalms or something else, the core of performance optimisation is based in Windows.  There’s a Microsoft KB article that details some basic steps that will help you get the most out of your servers. 

It starts with getting the hardware right.  If you’re buying now you’ll get 64 bit processors.  That’s a good start:

• Dual CPU’s with Dual Core or Quad Core support.
• Memory – 2-4 GB RAM.
• Optional: DVD + Floppy.
• Raid Adapter with at least 128 RAM, that support Raid 1 with Hot Spare disk.
• Backup Battery for Raid Adapter.
• Three disks of at least 74 GB Ultra SCSI 3 15000 RPM or 74 GB SAS 15000 RPM (Raid 1 + Hotspare).
• Dual Power Supply.
• Remote Management Adapter.
• Dual Network Adapter 1-10 GB (Server Adapter) with an option for "Teaming" (Fiber Channel Network Adapters recommended).

A quick note here.  Memory is a very interesting subject and it’s usually the bottleneck on deciding how many users you can load onto a Terminal Server.  Note that 32 bit applications are very memory inefficient on 64 bit operating systems.  64 bit operating systems are capable of addressing serving much more RAM.  Have a read of Bernhard Tritsch’s (Terminal Services author and MVP) "Big Iron Test". 

Next up is is operating system.  Obviously you go with Windows 2003 now.  Windows Longhorn will offer some serious upgrades which may accelerate it’s deployment.  Do you go 32 bit or 64 bit. Having a 64bit CPU give you the option of either.  As always, do some testing:

• Are the applications that will be used on the Terminal Server supported when running under x64 runtime or WOW32 under x64 runtime?  Remember that 16 bit applications will not run on a 64 bit OS.
• Did tests show any improvement or degradation in the server performance when you ran them on a 64 bit OS?
• Does the current server hardware support 32-Bit runtime and/or x64 runtime?

You’ll also want to make sure that you run the latest service pack, currently SP1 for Windows 2003.  Some optimisations include:

• Use a dedicated server for Terminal Server tasks.  Don’t think "I’ve got a server with loads of RAM and CPU – why not install SQL on it".  That will kill the server.  You bought that hardware to replace PC’s, not other servers.
• Verify that third party products are supported under Terminal Server environment.  Watch out for dodgy applications – they sometimes require "application silos" where servers are dedicated to particular applications.
• Consider using "User Profile Hive Cleanup Service".
• look at using a large page file.  You will want to know how to overcome the 4,095 MB paging file size limit in Windows.
• You should also look into how to determine the appropriate page file size for 64-bit versions of Windows Server 2003.
• Optimsise graphics performance (Control Panel -> "System" -> "Advanced") and change "Visual Effects" and "Adjust for best performance of:" and "Memory usage".
• Optimise memory management by editing "boot.ini" file.
• Use the latest Client … RDP, Citrix, termanal OS, etc.
• Consider implementing QoS (Quality of Services) or Class of Service to boost RDP sessions over the network.
• Use low resolution for RDP display and consider disabling RDP features such as Auto Network drive mapping, Audio etc.
• Use as few GPO’s (Group Policy Object) as possible.  Check out loop back processing … very useful if you have users who have both full and thin client requirements and need differing policies depending where they have logged in.
• Do not use batch technology scripts.  Powershell, VBS, WMI, Windows Power Tools offer more options and better performance.
• Use printers drivers signed by Microsoft.
• If at all possible, only redirect the primary printer on full clients.  Try to configure printer mapping so that it logons do not wait for them.
• Look at pritner optimisation technology such as Riverbed, ThinPrint, etc, when printers are across a WAN from the Terminal Servers.  Some Citrix alternative technologies include optimisation solutions.
• If you enable NLB (Network Load Balancing), check that the current network equipment can handle NLB traffic.
• Do not use remote "Roaming Profiles" for Terminal Server access.  In fact, it might be worth not using roaming profiles at all.  Check out a free alternative called Flex Profiles.
• Disable unnecessary services/options in the user GUI (Graphical User Interface) such as Wallpaper, Active Desktop, Screen Saver, etc.
• Use a Terminal License Server that is local to the Terminal Servers.  MS PSS call #1: make sure you configure the right type of CAL in the TS configuration on the Terminal Services and that it matches the CAL’s on the Terminal License Server.
• There’s a recommendation to consider disabling the use of web browsers.  That’s not all that realistic.  What you can do is use a proxy filter to prevent unwanted bandwith eaters.

Test, test, test.  Even when you go into production, you should retain a test environment.  You may even need a development environment if you have internally developed applications.

I’ve been a programmer, consultant, administrator and contractor.  During all those years since 1996 I keep hearing the same old tune from people … "Microsoft software isn’t stable, it isn’t scalable and it isn’t secure".  Hmmm.  Lets have a look at that.

It Isn’t Stable

I ran a network with 160 odd Windows 2003 and a handful of Windows 2000 servers.  We had around 12 Solaris machines which ran our front office and our back office application.  The critical applications that were on those UNIX platforms were far from stable.  In fact, they were clustered and the clustering was not only a huge cost but failed to work correctly.  We also ran Lotus Notes, usually the latest builds.  We had a cracking Lotus Notes team led by one of the best Lotus freaks in Ireland.  We saw many funnies there despite that team’s efforts.  On the MS side?  Was it perfect?  Nope.  But we were stable.  Services did not go down during the day.  We were able to stick to prevously agreed maintenance windows.

It Isn’t Secure

Here’s the one that makes me really laugh out loud.  I’ve asked people why they use ISA Server as a proxy but instead of using this economic product (around €1,000 and no CAL’s required) as their firewall, they cough up countless amounts of money for something like Checkpoint whose licensing makes Dick Turpin look like a saint.  The usual line is "I won’t use a Microsoft Firewall because it isn’t secure".  I usually respond with "What attack on ISA made you feel that way?".  There is never a response.  Since ISA 2000, you can count the number of security patches for the ISA family with fewer digits than are on your hands.  Can you truly say the same for Cisco or Checkpoint?  Plus, ISA is managable and understands your user accounts.  It can be made fault tolerant and is cost effective.  Not only does it do the usual port blocking , etc, but it understands the applications passing though it and can actually intercept malformed packets that are an attack on your network.

Then we get to patching.  Penguin lovers can be quiet here.  When is the last time you saw a fully patched Linux or UNIX network?  How did they deploy the patches?  Microsoft has a responsive solution for getting patches out to the public and they have provided 3 mechanisms (Windows Update in each machine WSUS and SMS) for deploying updates.  With these tools, your Microsoft network can be secured within a 24 hours with minimal business impact or manual effort.

It Isn’t Scalable

Maybe this one was true in the past.  SQL 2000 (certainly 2005), Exchange 2003 and Window 2003 easily took care of all scalability problems.  When Microsoft ran Exchange 2003, they had 3 or 4 clusters for the 55,000 users across the globe in 3 sites.  Each cluster was made up of 6 HP DL380’s, 4 being active, 1 for recoveries and one as a failover node.  That’s 6 * 4 = 24 servers for 55,000 users with room for failover for probably one of the busiest email networks in the world.  That’s impressive if you ask me.

OK … It’s Too Expensive

We all hear headlines about how organisations allegedly dump MS to go with the Penguin way of life.  The Munich government made headlines back in 2003 with their decision to snub Steve Balmer.  He warned them that he was giving them a great price for their needs and that their Linux solution would end up costing more.  They had the whole arrogance thing going on and didn’t listen.   A year later we heard that their Linux project licensing was costing around 30% than what MS had quoted them for licensing.  That worked out well.  I guess they never considered user familiarity, training, managability, deployment, product integration, etc.

As an example, here’s a a case study where the London Stock Exchange adopted Microsoft technology.  You’re not going to find many more sites where cost, scalability, scurity and stability are going to be more important.

What the &$^?  Anyone who know’s me will know that I tend to be bleary eyed on Mondays in January as the lead up to the Superbowl builds up.  The NFL (American Football to us outside of the USA) is my favourite sport and as usual (as of late) the Niners were never in the running … but things are changing for the better!

This year we’re looking at the Indianapolis Colts versus the Chicago Bears.  We were very close to getting a rematch of the most famous Superbowl this side of the Atlantic … the Bears V the New England Patriots.  Sunday’s late game was a thriller.  I have to admit that I never though Manning had that sort of drive in him.  He certianly hadn’t shown it in any of the previous years.

My prediction?  The bears offense relies on big plays too much and the Colts will eat up their "46" styled blitz packages.  This will be one of the most boring Superbowls in years as the Colts destroy the "Da Bears".

Dave Northey from Microsoft Consulting Ireland has posted a blog entry that details a bunch of Exchange 2007 webcasts.  If you’re checking out E2007 then it’s worth having a look at.  It’s called 24 hours of Exchange 2007 and there really is 24 hours worth of material there.  Wow…. 3 work days of webcasts….

Say what you want and joke as much as you want about Bill Gates but there is no doubting what he and his family do for charity.  He really puts the richest people in the world to shame.  can you imagine someone like Donal Trump announcing that he’s going to give up his job to spend 100% of his working time raising money for education, health care, and scientific research for the world’s neediest peoples?  I think his wig mig just miss the spotlight.

Anyway… Microsof thas launched a special version of their live.com search website.  The "Give to Nine Million" website promises to contribute money to a good cause based on search activity.  That for me is worthy enough to make them my first hit when doing a search.  Sure, I think Google is still #1 but Live does sometimes offer differing results that need to be checked out.  Why restrict myself to one search engine?

The cause in question?  I’m fussy about who I give money to but this sounds like a good one.  Nine Million is a UNHCR organisation that aims to aid refugees.  We’ve all seen and read about places like Darfur but there’s countless others that never make it past the news editors.  Check the site out and and see if there’s something more you can do to help.

So do something good today… check out Give to Nine Million and give them your first searches.

I don’t think I can ever accuse Mark Minasi of sitting on his laurels.  Mark’s latest book recently was made available in all good bookshops.  This time it’s all about Vista Security.  Mark has identified the key features of Vista security and has docuemtned how they work, how they affect you, how you can employ them and how to manage them.

I’ve not bought the book yet but I’m sure it’s up to Mark’s usual high standard.  Some of the early feedback has been very positive.  Mark had a big old description of the book on his site and you can also check out the first chapter online. 

Bink posted a link to a very useful article today on a question that needed to be asked and answered: "How much RAM will I need to run Vista?".  Bink’s conclusion was in agreement with the original MSDN article.  To get a full blown experience from Vista you will need 1.5GB of RAM.

My conclusions?  I’m running a home built Intel Duo Core PC with 4GB of RAM with Vista Business x64.  When Vista and the usual bit’n’bobs (AV, etc) are running, 1.5Gb is consumed.  One thing we’ve all seen from Windows before is the "Field of Dreams" principle: "If you build it, they will come".  In Windows, if you insert RAM, it will use it. 

I’m not saying your Vista PC needs 2GB of RAM, but I think a basic business machine should have a minimum of 1GB.  How this will work in the future, I cannot predict.  Most decent vendors will release new verions of products in the coming months to take advantage of the new Vista market.  They’ll likely increase their own footprints and therefore memory requirements will increase.

My advice is to start looking at Vista now if being up to date is important to you.  Large business are likely going to have application rollouts that rely on Vista features.  The security benefits will surely be worthy of consideration.  Have a a look at the product, learn it, identify and prepare your deployment mechanism and figure out your hardware requirements.  This way, when the CIO says "we need to get this thing rolling" you’ll be able to turn around and say "we’re ready".