Month: January 2010

More Unhappy Vodafone Ireland Home Broadband Customers

I am far from being the only unhappy Vodafone Ireland home broadband customer.  A bit of simple searching and you’ll find:

Vodafone’s mess is also affecting other ISP’s.  Don’t bother touching Perlico broadband.  They appear to use the Vodafone Ireland network and are affected by this.

Slow Vodafone Ireland Home Broadband: Network Tracing

Last week I was contacted by a Vodafone Ireland network engineer to look into the problems I am experiencing.  The most painful of these is the very slow experience I get with websites that have embedded images.  I know the sites and content are fine because I can access them with no problem from other Internet services provider networks, e.g. I have done side-by-side tests on Vodafone Ireland and from our data centre via Terminal Services.

During the call I found some sites and pages experiencing the issue at that time.  I was asked to run trace routes to those sites which I did.  I also installed Microsoft Network Monitor 3.3 and ran a capture of the network traffic while the pages tried to load.  A simple page with small thumbnail images was taking 3-5 minutes to load and many of the images would fail (red X in its place).  I did this with 2 pages on 2 sites.

Those captures went off to Vodafone Ireland.  A couple of days later the engineer informed me:

  1. He could see lots of time outs in the HTTP conversation which explains the bad experience I am getting.
  2. He couldn’t repeat this experience.

Am I alone in this?  It seems not.  I’m still hearing from people that this is an issue for them.  I’m also getting lots of search hits for “Vodafone Ireland Slow Home Broadband”.

Vodafone Ireland has until this Friday to resolve the issue.  That’s thanks to my case being open with COMREG.  Without a solution, come Monday, I’ll be calling COMREG and following up on that option to have COMREG cleanly cancel my Vodafone Ireland contract and facilitate a transfer to another ISP.

Use NVSPBind To Manage TCP Bindings on Core

Are you using the Server Core installation alternative for Windows Server 2008, 2008 R2 or Hyper-V server?  Want to managing the TCP protocol bindings?  It’s the sort of thing Hyper-V administrators will do with NIC’s dedicated for virtual networking.

John Howard has discussed how to use a free tool called NVSPbind to do just this.

Office 2010 System Requirements

Curious about the hardware and operating system requirements for Office 2010?  Microsoft recently blogged about them.

The minimum hardware requirements are:

image

That is minimum.  Basically it’ll run but not great.  MS puts it this way.  If you’re running Office 2007 then you’ll be able to run Office 2010.  If you’re running Office 2003 there’s a good chance you can run Office 2010 (see above image).  If you have a dual (or more) core CPU Office 2010 will run fine.  New PC’s will run if superbly.

I’ve been running the CTP (pre beta) on a year old low-ish end Dell laptop.  It’s runs pretty well on that.

What about the operating systems?

Table of 32-bit operating systems that 32-bit Office 2010 supports. Everything in the table is supported. Those Operating systems are Windows 7, Windows Vista SP1, Windows XP SP3, Windows Server 2008, Windows Server 2003 R2 with MSXML 6.0.

Table of 64-bit operating systems. Those Operating systems are Windows 7, Windows Vista SP1, Windows XP SP3, Windows Server 2008, Windows Server 2003 R2 with MSXML 6.0. 32-bit Office 2010 is supported on all. 64-bit Office 2010 is supported on all except Windows Server 2003 R2 with MSXML 6.0

As you can see, Office 2010 will be the first version to have x86 and x64 versions.  Pretty much anyone buying Windows 7 on an OEM PC is 64-bit now.  And Windows Server 2008 R2 is 64-bit only.

Poorly Planned Virtualisation Projects

This short article is an interesting read.  The author discusses how UK CIO’s feel virtualisation projects are not going to plan and aren’t returning the expected savings.  VDI is pointed out.  Yeap, VDI is one that a lot of us misunderstood early on (including me).  I’ve tried pricing it and it’s definitely more expensive than PC’s.  The management needs are at least the same if not slightly more.  But it does offer some advantages in niche areas over Terminal Services (Remote Desktop Services is too unclear now because it refers to both VDI and Terminal Services) and traditional PC’s.

Planning seems to be a problem.  That’s nothing new in IT.  The problem here is too few organisations hire the right people or bring in the right consultants.  Way too often consultants over state their skills and hiring managers hire the wrong people.  Like the old saying states: you can’t make a silk purse out of a pigs ear.

Virtualisation is complex and diverse.  It has to be thought of as a vertical foundation that becomes the bedrock for many types of IT and business application that will rest upon it.  When you have a shaky foundation, you have a shaky business.  Get it right and everything resting on it has a chance to succeed.

Technorati Tags:

Hyper-V Live Migration and Linux VM’s

Let’s get this out of the way quickly.  Yes, you can run Linux virtual machines on a Hyper-V cluster and you can Live Migrate them.  I have SUSE Enterprise Linux 10 SP1 VM’s running on our cluster.  I can live migrate them from one host to another and not lose a ping packet during the move.

There’s a configuration that you must to to ensure this stability.  I first read about it online and it is in the Microsoft documentation for the Linux integration components.

You need to set the MAC (Ethernet) address of the virtual machine to be static.  VMM makes that quite easy. 

image

Above you can see the properties of a SLES VM on our Hyper-V cluster.  You can see that I’ve put the VM into a VLAN so I can firewall it.  I’ve also set the NIC to have a static MAC address.  Unlike most controls for networking, this must be set while the VM is powered off.  There’s a button on the right which allows you to generate a MAC address.  This is created from a pool of MAC addresses.

image

VMM allows you to specify what that pool of MAC addresses is.  It must be a range that does not exist on any hardware – there’s always the chance that you could otherwise accidentally set a MAC address for a VM that clashes with that of an actual Ethernet network card and cause all sorts of ARP issues.

Once you have that setting configured, boot up your VM, install the OS, install the IC’s and test.  Here I have run a ping from within the VM to the default gateway while running a live migration from VMM:

64 bytes from 192.168.100.31: icmp_seq=15 ttl=64 time=0.469 ms
64 bytes from 192.168.100.31: icmp_seq=16 ttl=64 time=0.052 ms

— 192.168.100.31 ping statistics —
107 packets transmitted, 107 received, 0% packet loss, time 106053ms
rtt min/avg/max/mdev = 0.030/0.090/0.469/0.083 ms

Zero packets lost and no massive spikes in latency.  Failing to set the MAC to be static can cause issues where the VM appears to go offline.  There is an example of this on the MS support site (KB976724).  In this scenario, SLES 10 SP2 live migrates, changes MAC address on the new host and then loses it’s IP configuration.  This is because the Linux distro binds the IP configuration to the MAC address.

By the way, there’s usually no reason to configure this setting for Windows guests.

Technorati Tags: ,,,

Setting Up Public Key Based SSH Access To SLES

I needed to set up key based, rather than password based, access to SUSE Linux Enterprise Server.  It’s more secure because it uses a public/private key pair rather than a password.  The user’s private key is stored on the client.  The private key for the user is stored on the Linux machines.  When they connect using an SSH client there is no need to enter a password.  You can optionally (and it’s recommended) store a passphrase with the private key so that it cannot be used without knowing the private key.

The solutions starts at the client.  I normally used Putty but I couldn’t get it to work properly with this type of solution.  Instead I turned to Poderosa.  Using it I create a public and private key pair.  From there I saved the public key in OpenSSH format and the private key.

Save the private key somewhere safe, e.g. a backed up location on your PC or on your home drive on a file server.  Make sure the location is secure.

Now you need to copy the text of the public key.  Note that it is a single line.  Log into the SLES machine and browse to your home directory.  For example:

  • For root browse to ~/.ssh
  • For any other user browse to /home/<username>/.ssh

Use a text editor (like vi) to create a file called authorized_keys in that home directory.  Copy the text from your private key and paste it into the file.  Save it.

You now need to enable SSH to allow logons using keys.  The configuration for SSH is stored in a text file: /etc/ssh/sshd_config.  Edit that and you’ll have a few entries to modify.  We’ll start by allowing public keys to be used for authentication.  This is done by setting PubkeyAuthentication to “yes”.  I had to remove the # (comment/remark) symbol from the start of the line.

PubkeyAuthentication yes

I restarted the SSH daemon or service by running rcsshd restart.  That’s required to load the new settings for authentication. 

I configured the SSH client to log in as my user to this server with my private copy of the key.  I started the connection and I was logged in without using a password.  It authenticated me using the private key (and the passphrase for the key if you set it).

Now it is possible to disable log via SSH on using passwords.  You’ll do this to force people to us their private key instead of a weaker password that could be subject to brute force attacks.

The first is to change PasswordAuthentication to have a value of “no”.  You may need to remove the comment/remark symbol of # from the start of the line.  I also found that I had to set UsePam to a value of “no”.  That meant these two lines were in the file in different locations:

PasswordAuthentication no

UsePam no

Again I restarted SSH using rcsshd restart.  Now I tested two things:

  1. I tried to login using Putty and my username and password.  The initial connection failed.
  2. I logged in using my private key.  That worked.

Perfect.  Now I can use SSH to log into the Linux box without the worry of weak passwords being used by users on the machine.  They are forced into using stronger public/private key pairs.  And I can sleep safe knowing that the machine is not vulnerable to brute force password attacks.

Technorati Tags: ,

Choosing a Linux to Run on Hyper-V

Become a Hyper-V administrator and sooner or later someone wants you to run Linux.  Hyper-V has support to run is SUSE Linux Enterprise Server (SLES) 10 SP1, 10 SP2 or 11, x86 or x64 as well as RedHat 5.2, and 5.3 with no IC’s.  Performance is important to me so I want my VM’s to have Integration Components.  That limits me to SLES 10 and 11.

If you are running Hyper-V then management is probably important to you.  You’re probably running some components of Microsoft System Center, even Operations Manager 2007 R2.  OpsMgr 2007 R2 has cross platform extensions, i.e. the ability to monitor Linux and UNIX physical and virtual machines using Microsoft written agents and management packs (optionally supplemented by 3rd party management packs).

OpsMgr 2007 R2 supports the following non-Microsoft operating systems:

  • AIX 5.3 (Power), 6.1 (Power)
  • HP-UX 11iv2 (PA-RISC and IA64), and 11iv3 (PA-RISC and IA64)
  • Red Hat Enterprise Server 4 (x64 and x86) and 5 (x64 and x86)
  • Solaris 8 (SPARC), 9 (SPARC) and 10 (SPARC and x86 versions later than 120012-14)
  • SUSE Linux Enterprise Server 9 (x86) and 10 SP1 (x86 and x64)

If you draw a Venn diagram then you’ll see your options for an optimal solution are starting to dwindle … rapidly.  The common MS supported operating systems for Hyper-V and Operations Manager 2007 R2 are:

  • 10 SP1 (x86 and x64)

Maybe I should have said “is” instead of “are”.

So, if you are running Windows Server 2008 R2 Hyper-V and System Center Operations Manager 2007 R2, then I’d recommend that you choose SUSE Linux Enterprise Server 10 SP1 as your Linux of choice.  Yes, it is a bit old.  Hyper-V has kept up to date but OpsMgr has lagged behind a little.

EDIT #1

Microsoft added support for running RHEL with integration components with the version 2 release of the IC’s for Hyper-V.

Installing Linux Integration Components on W2008 R2 Hyper-V VM’s

Microsoft has a set of version 2 Linux integration components for SUSE Enterprise Linux 10 and 11 virtual machines.  They support x86 and x64 architectures.

The download contains two files:

  • An ISO file containing the additions.  If you use VMM then go ahead and stick that in your library or libraries.
  • A PDF containing all the step-by-steps for installing the IC’s.

I’m not going to bother copying the steps from the PDF.  It’s a well written and clear document.  You can read as well from it as you can from here.

A few things to note:

  • After I’ve installed the IC’s I can no longer mount /dev/cdrom.  Instead I have to mount /dev/hdc.  That took me (a Windows admin) an hour to figure out.
  • If you installed a synthetic network card (not the legacy one) then it won’t be available until after you’ve installed the IC’s.  Then you need to run yast2 lan to configure the card and the IP set up.
  • SLES 10 is very quick and easy.  SLES 11 requires a few extra steps before and after the instructions for SLES 10.
  • You won’t be booting up from the XEN kernel anymore so there’s no need to install it.
  • You cannot do hot add/remove of storage with the SCSI controller like you can with Windows VM’s.
  • Jumbo frames and TCP offload for Linux VM’s is not supported.
  • The following Integration Services are not available to you: Operating System Shutdown, Time Synchronization, Data Exchange, Heartbeat, Volume Snapshot Backup.  I really miss that shutdown one.
  • There is support from MS for these IC’s on the supported SUSE platforms via email.

MOST IMPORTANTLY OF ALL

If there is any chance at all that you will migrate this VM in any way (live migration, offline migration, quick migration) then set the VM to have a static MAC or Ethernet address.  This is very easy in VMM; it’s just a tick box in the network card properties.  If you don’t then you will have network issues with the VM after migration.  MS states that “certain versions of Linux” are affected.  I’ve seen some people report the issue as well on Hyper-V clusters.  Just tick that box and you’re safe.

You cannot install the IC’s from VMM.  That’s a pity.  I’ve love to see that feature.  I know the IC’s are making their way into the kernels of new Linux distros but what about future upgrades?  Don’t bother telling Linux admins to upgrade their servers.  I can’t ever remember hearing of a Linux admin I’ve worked with ever doing an upgrade.