Month: April 2011

KB2487341: Cannot Safely Remove Volume After VSS Backup on Hyper-V Host

Microsoft released this hotfix for Hyper-V on March 8th but it just appeared in my feeds. 

“Consider the following scenario:

  • You enable the Hyper-V role on a computer that is running Windows Server 2008.
  • You connect a removable disk to the computer. For example, you connect a USB flash drive to the computer.
  • You perform a Volume Shadow Copy Service (VSS) backup operation for a volume of the computer. The volume contains some virtual hard disk (VHD) files for some running virtual machines (VMs).
  • You try to safely remove the removable disk after the backup operation is completed.

In this scenario, you cannot safely remove the removable disk. Additionally, you receive a message that states that the volume is being used.

This issue occurs because of a handle leak in the storage VSP driver (Storvsp.sys)”.

Microsoft Corrects The vCPU:pCPU Ratio for Hyper-V

Last year, those of us not at TechEd USA heard that Microsoft would support a 12:1 ratio of virtual CPUs.  In other words, for every physical logical processor, we’d get support for up to 12 virtual CPUs.

Ah … but all was not as it seems, as a blog post that appeared in my feeds yesterday indicated.  Microsoft noticed “some confusion” about the 12:1 ratio. 

There are two issues.

1) 12:1 ratio

The 12:1 ratio applies only to when you are dealing with VDI.  In other words, the virtual CPUs must be in Windows 7 virtual machines on a host running W2008 R2 SP1.  Microsoft only tested the 12:1 ratio in a VDI scenario.  A pCPU with 6 logical processors can support up to 72 vCPUs as long as they are in Windows 7 VMs in a VDI scenario.

The old 8:1 ratio still applies in a server virtualisation scenario.  A pCPU with 6 logical processors can support up to 48 vCPUs in a non-Windows 7 VDI scenario, e.g. when you are running server workloads.

2) Logical processor

In Microsoft’s language, a logical processor is not a core.  It’s either a core or a thread depending on the CPU in question.  In other words, does the CPU have Hyperthreading?  If it does, then how you calculate logical processors changes.

Hyperthreading is a feature in Intel processors where a core can have 2 threads of execution.  It comes at a cost, but it is feasible to use it in some scenarios. For example, Microsoft supports it when using Hyper-V for VDI.  In that case, a 6 core Xeon processor will have 12 logical processors (6 cores * 2 threads with Hyperthreading enabled).  However, they recommend Hyperthreading is disabled when using Hyper-V for server workloads.  That’s because the nature of server workloads is different and isn’t suitable with the bottlenecks introduced by Intel’s Hyperthreading.  AMD on the other hand, do not do hyperthreading.  A 12 core AMD processor has 12 logical processors.

What’s it all mean?

It just aint that easy any more.  In the article we got some formulas to use for calculating maximum supported vCPUs.

In the case of Windows 7 VDI:

(Number of processors) * (Number of cores) * (Number of threads per core) * 12

Let’s work that out with our 6 core Intel Xeon on a dual socket (2 CPU) server, with Hyperthreading.

= 2 * 6 * 2 * 12

= 24 * 12 –

= 288 vCPUs

The same formula seems to apply when enforcing the 8:1 ratio:

(Number of processors) * (Number of cores) * (Number of threads per core) * 8

I’m not 100% positive if that’s assuming that Hyperthreading is enabled for the server workload, which is not recommended, but I think it might, and that is bad.  I’ll try to find out.

Oh, this stuff is probably all theoretical anyway.  There is a comment in the post saying “Vendor A responds 16:1 (with the qualifier that your mileage will vary…)”.  In the real world, mileage varies no matter what virtualisation platform you run.  That’s why MSFT gives us MAP … to determine the real CPU requirements to run our virtual workloads.  You don’t just magically require less CPU horsepower to run your workloads by virtualising them.  So if your assessment says that your 10 VMs need 8 * 6 core processors then you need 8 * 6 core processors, regardless of what some maximum supported figure says.

Having Cluster Validation Issues After Upgrading to W2008 R2 SP1?

It’s been a bit of a hot topic on TechNet: people who upgraded to Windows Server 2008 R2 Service Pack 1 on 3+ node clusters started having issues with cluster validation.  Before the upgrade there was no issue.  Didier Van Hoye (follow him!) pinged me to alert me to a new KB (KB2531907) that should be out today to fix the issue.  Eldin Christensen (one of the seniors behind Failover Clustering) posted on the TechNet forums to alert us.

In the post, Eldin says:

“A hotfix is now available that addresses the Win2008 R2 service pack 1 issue with Validate on a 3+ node cluster. This is KB 2531907. The KB article and download link will be published shortly, in the mean time you can obtain this hotfix immediately free of charge by calling Microsoft support and referencing KB 2531907”.

It’s a pity that you cannot just download it like other publicly available KBs.  This is an issue that will cause support issues if you call MS CSS with other clustering problems; remember that CSS supports clusters that pass the validation test.

BTW, this linked article by Didier includes some more fixes to be aware of for W2008 R2 SP1 clusters.

EDIT: Microsoft did post the hotfix online so you can download it.

A Factual Analysis of Cloud Computing VS The USA Patriot Act

Note: This article applies to public cloud computing.  Private clouds where you own the equipment and software in your computer room/data centre are not affected.

Regular readers will know that I used to work in the hosting business and that something I warn people to be aware of is the USA Patriot Act – a legacy of George W. Bush’s war on terror (some might argue it was a war on freedom) and that lives on under the “moderate” Democratic government a decade later.

The ZDnet article, “Case study: How the USA PATRIOT Act can be used to access EU data”, by Zack Whittaker is an excellent analysis of the problems that the Patriot Act causes for non-American organisations with cloud services provided by USA owned companies, no matter where their subsidiaries or data centres are located.

I’ve been able to attend a number of cloud computing events since the trend kicked off.  Those who have invested themselves in the likes of Amazon, Azure, or Google, will vehemently deny that the Patriot Act applies.  Some of them will toss their toys out.  They kind of remind me when Irish PM Bertie Ahern told us critics to go commit suicide when we questioned the health of the economy (he resigned a few months later when he finally saw the financial tsunami that was coming).  Their lack of willingness to discuss or listen should make you wonder.

Last year I asked an Amazon evangelist about the Patriot Act and how it would apply to data stored in Amazon’s European data centres.  The rather cocky answer was that it wouldn’t because the Amazon company in Ireland was an Irish registered company.  Indeed it is, but it is also owned by a USA owned corporation that must comply with the Patriot Act.

A few years ago at the Microsoft BPOS launch, I asked a MSFT speaker about the Patriot Act (I am a bold boy!).  He had to admit that there was an issue even if the data stayed in the Dublin data centre.  But straight away, MSFT sales and marketing were out talking about geo-location and how that was the solution to data protection issues.  Some of us knew that to be BS, and others went and developed their HR SaaS, or whatever, applications on Azure (I did have a few giggles, I have to admit, thinking of the impending ex-employee versus employer lawsuits that could follow).  Finally Steve Ballmer admitted to the issue at a CEO conference … but try stop sales and marketing!

For you nay-sayers, here’s a couple of bits from this excellent article:

“The bottom line is that both Microsoft and Google — and therefore any other cloud service provider operating in Europe — cannot provide satisfactory guarantees that data supplied by EU customers and housed in datacenters on European soil will not leave the European Economic Area under any circumstances”.

“These subsidiary companies and their U.S.-parent corporations cannot provide the assurances that data is safe in the UK or the EEA, because the USA PATRIOT Act not only affects the U.S.-based corporations but also their worldwide wholly-owned subsidiary companies based within and outside the European Union”.

I’ve met loads of people who love EC2.  I know an Azure MVP and he’s fallen for it as a developer.  All quite understandable.  To me, things like Office365 do offer amazing opportunities in the right circumstances.  Will anything change regarding the Patriot Act?

Rumour is that Amazon and MSFT lobby strongly over this issue.  Some believe they had a lot to do with some of the contentious pieces of the Cyber Security Act being stripped out.  I’d believe it – the USA might be the big player in cloud computing right now, but if data laws continue to cause concerns then what’s to stop a Chinese operator dominating there, or a French/UK/German operator dominating in Europe, or a South American provider dominating down there?  That would put a seriously big pinch on Amazon’s plans to be online content kings of the world, and Microsoft’s plans to dominate PaaS/SaaS just like they’ve dominated Office software.  Maybe there will come a time when the USA government will cop on and relinquish these communist-like demands over hosters.  That would be of benefit to us all.  But we have learned from history that both USA political parties are willing and able to undo freedoms at a moment’s notice; we only have to look at the original drafts of the Cyber Security Act to see that.

So are people listening to the warnings?  As I’ve already alluded to: no they’re not.  The louder voices of those who are already invested are drowning out those urging caution.  And there are those who see those oh-so-tempting low sticker prices of an Azure or an EC2 and then don’t want to listen to anything else.  I’ve had those conversations in the past.  To be quite honest, most people don’t want to listen.  It’s like telling a gambling/spending addict they they shouldn’t get that sixth credit card.  They either berate you for questioning “progress”, try to change the topic of conversation to that of technical features, say that the Patriot Act will never be used against them (it’s known to have been used over 80 times – and the fact is that data that is susceptible to the PA is at risk to not being protected by the European Data Protection Act), or they engage the lah-lah-lah arguement.  I gave up; that’s why I’m not in the hosting business any more.

So give the ZDnet article a read.  It’s well constructed, telling the story of the author’s investigation.  He uses a case study and approaches some big service providers directly to get their official responses on the issue.

Now, let me get back to folding that tin (aluminium) foil hat to keep those pesky NSA satellites out of …

Technorati Tags: ,

Blog Post #2,000

I find it hard to believe that I’ve written 2,000 blog posts since I started this thing on Live Spaces back in 2006.  I’ve been wondering for hours what pearls of wisdom I can share.  I even had a post half written and I just deleted it.  I think I’ll leave you with these:

Blogging != documentation – Aidan Finn

You cannot underestimate the need to proper documentation.  Blog posts, and scattered web pages are not documentation.

Assume Nothing … – Aidan Finn

… except that others around you will assume something, they will probably be wrong, and they’ll probably try to blame you when it backfires.  See previous.  Company/customer politics is why I never delete business e-mails.

Sh1t happens – Tony Soprano

Sometimes crap things happen and there’s sweet FA you can do to prevent them.  All you can do is be prepared (such as maintaining your skills and certifications), and roll with the punches.  On a related note …

Do unto others, what they’d like to do to you…But do it first – Jefferson R. “Soapy” Smith

I’ve grown a 6th sense for detecting when a sweep of redundancies is coming.  The saying is true: it is easier to get a job if you have a job.  Jump before you are pushed, unless you are guaranteed a HUGE severance package.

BitLocker & My Personal Laptop

My personal laptop contains some stuff that I don’t want to lose control of, including the original Word documents for a few books.  As such,I take precautions to protect that content.

My laptop runs Windows 7 Ultimate Edition.  That includes a feature called BitLocker which can encrypt an entire disk.  With a TPM 1.2 chip enabled in the BIOS, I enabled that, saving the recovery key to a USB stick.  I want to keep that key safe – just in case.  So I moved it from the USB stick to a folder on my laptop.  That folder is replicated to my other machines using Live Mesh.  That means I can access the recovery key for the laptop from anywhere using my Live ID.

My data is secure, and I can recover the laptop if something should go awry.

Technorati Tags: ,

Recent KB Articles Affecting Hyper-V, Etc

Here’s a few KB articles I found that were released by Microsoft recently that affect Hyper-V farms.

KB2004712: Unable to backup Live Virtual Machines in Server 2008 R2 Hyper-V

“When backing up online Virtual Machines (VMs) using Windows Server Backup or Data Protection Manager 2007 SP1, the backup of the individual Virtual Machine may fail with the following error in the hyperv_vmms Event Log:

No snapshots to revert were found for virtual machine ‘VMName’. (Virtual machine ID 1CA5637E-6922-44F7-B17A-B8772D87B4CF)”.

VM with GPT pass through disk on a Hyper-V cluster with SAS based storage array will cause VM to report “Unsupported Cluster Configuration.”

“When you attach a GPT pass-through disk provided from SAS storage (Serial attached SCSI) array to a highly available virtual machine by using the Hyper-V Manager or Failover Cluster Management Microsoft Management Console (MMC) snap-in, the System Center Virtual Machine Manager 2008 Admin Console lists the status of the virtual machine as "Unsupported Cluster Configuration."

Details on the High Availability section of the VMs Properties in SCVMM are:

Highly available virtual machine <Machinename> is not supported by VMM because the VM uses non-clustered storage. Ensure that all of the files and pass-through disks belonging to the VM reside on highly available storage”.

On a computer with more than 64 Logical processors, you may experience random crashes or hangs

“On a computer which has more than 64 logical processors, you may experience random memory corruption during boot processing. This may result in system instability such as random crashes or hangs.

This problem occurs due to a code defect in the NDIS driver (ndis.sys).

Microsoft is currently investigating this problem, and will post more details when a fix is available.

To work around this issue, reduce the number of processors so that the system has no more than 64 logical processors. For example, disable hyper-threading on the processors”.

The network connection of a running Hyper-V virtual machine may be lost under heavy outgoing network traffic on a computer that is running Windows Server 2008 R2 SP1

“Consider the following scenario:

  • You install the Hyper-V role on a computer that is running Windows Server 2008 R2 Service Pack 1 (SP1).
  • You run a virtual machine on the computer.
  • You use a network adapter on the virtual machine to access a network.
  • You establish many concurrent network connections. Or, there is heavy outgoing network traffic.

In this scenario, the network connection on the virtual machine may be lost. Additionally, the network adapter may be disabled”.

A hotfix is available to let you configure a cluster node that does not have quorum votes in Windows Server 2008 and in Windows Server 2008 R2

“Windows Server Failover Clustering (WSFC) uses a majority of votes to establish a quorum for determining cluster membership. Votes are assigned to nodes in the cluster or to a witness that is either a disk or a file share witness. You can use the Configure Cluster Quorum Wizard to configure the clusters quorum model. When you configure a Node Majority, Node and Disk Majority, or Node and File Share Majority quorum model, all nodes in the cluster are each assigned one vote. WSFC does not let you select the cluster nodes that vote for determining quorum.

After you apply the following hotfix, you can select which nodes vote. This functionality improves multi-site clusters.  For example, you may want one site to have more votes than other sites in a disaster recovery. Without the following hotfix, you have to plan the numbers physical servers that are deployed to distribute the number of votes that you want for each site.”

More Ramblings: User Virtualisation

This topic will be something familiar to those who’ve worked in server based computing (AKA terminal services/remote desktop services and VDI) as well as those who have made it a mission to turn their PCs into stateless appliances.  The idea is that we try to decouple the user (identity and profile made up of settings and personal data) from the machine.  This can be for many reasons.  Say a person works on 2 or three machines, be they a laptop & desktop or a virtual desktop & remote desktop servers, then you want to make sure that when they hit their browser favourites, all the short cuts are there.  Or if they fire up Outlook, it connects to their mailbox.  Or maybe if they travel from office A to office B, their My Documents follows them.

You can do an awful lot of this for quite a while.  Roaming profiles have been with us since before I started working in IT in 1996.  But let’s face it; roaming profiles suck.  They can drag around things that are machine specific, and they are OS version specific (XP has V1 profiles and Vista has V2 profiles).  How many times have you had to set up roaming profiles for a single user in different branch offices, or recreate a corrupted roaming profile?  I had to do it quite a bit when I last managed desktops.  An alternative is to combine local profiles with folder redirection.  That means that folders like My Documents are stored on a file server, and the local “folders” are actually links that redirect applications like Windows Explorer to that location on the file server.  The user thinks they have a normal, local, My Documents … until they take their laptop and try to open a Word document in the airport, at home, or in a hotel.  Then you have issues.  No worries; you probably learned about Offline Files in your XP or 2003 MCP exam.  Turn that on and then My Documents will be replicated from the file server to the laptop.  In theory; yes.  In practice, I banned Offline Files on XP using GPO because it caused so many helpdesk calls.  It was a nice idea, but it just didn’t work very well.  Vista fixed that.  I hammered Offline Files on Vista and Windows 7 while writing the user/group chapters of Mastering Windows Server 2008 R2.  It held up; now I’d allow it … no; I’d demand it … for those operating systems.  So Redirected Folders with Offline Files works great on those OSs – I even did step-by-steps on setting that combination up in that book.

But hard core remote desktop services guys will tell you that those techs are just a starting point.  They know more about the innards of profiles and user virtualisation than anyone.  They drive demand for specialist solutions, like those from AppSense (a long-time contributor to PubForum).

Personally, I think this is just a start.  I think we need to think BIGGER.  We’re only thinking in 1 dimension – how to get people’s data abstracted to move across machines in the business.  We need to go 3D.  Wait!  Don’t run away – this isn’t a Hollywood movie that sucks and tags on 3D to get a few extra ticket sales.  I see two additional dimensions that user virtualisation needs to expand into.

1: Cross Platform

Recent surveys find that more and more non-Windows machines are making their way into the business, not just the home.  I don’t mean the small business either; I am talking about the multi-national corporation.  Whether it’s the CEO who wants the latest trendy device from the electronics store in the airport, or some device that solves a unique need, we now are facing the need to get personal data available on different platforms.  Should My Documents be on that iPad?  Let’s put security aside for a moment.  Well, if I’m a sales person that travels about, I want something light with good battery life.  If the iPad does the job and nothing else does, then I’m going to demand an iPad.  And you’re damned skippy that I want My Documents on there.  How do we do that now?  DropBox.  Yick! There’s no corporate control.

But that’s a starting point.  I can envision a day when the profile is simply just an instantiation of something that is stored in a central database.  An agent on the machine downloads appropriate data from that database and creates a My Documents folder.  In the case of a Windows PC, it downloads details of the mail server and mailbox and configures the Outlook profile.  In the case of an iPad it might configure the Apple mail client.  In the case of the PC, there might be some Adobe Photoshop settings to dowload.  th iPad doesn’t have an install of PhotoShop so that data is not downloaded.  Maybe the agent is really clever and syncs back up the block level changes to any files contained within the profile. 

This would be a huge departure if Microsoft did this.  There are some cool possibilities if they did.

2: Federation

This one splits in two.  Many organisations have partnerships.  A person can work in company A but spend a lot of time logged into the network of company B.  They probably have 2 identities; one for each network.  And that means they have 2 insulated profiles.  That’s a right PITA.  If they’re lucky to have admin rights they might use something like Live Mesh, DropBox, or SugarSync to replicate key folders between the two networks.  There’s probably various security and compliance issues with that.  And it doesn’t give the best solution for the user.

What if we took the solution that I brainwaved above and extended it, so that the two companies could be federated.  It could be something like ADFS, creating a trust between the profile store in company A and the network of company B.  Selected users could be authorised in both sites (for security reasons) and then user Bob could travel from his regular office in A and log into the network in B when he has to work closely with them.

The second branch breaks out into the home.  Given the bandwidth, I think a reinvention of the profile, taking advantage of how modern cloud apps work, would turn the virtualised user profile into a SaaS application.  Maybe this federation approach could also extend to the likes of Microsoft Live.  If Microsoft allowed a person to log into a PC with a Live ID then they could download their profile from work while sitting at their home office computer.  Or maybe it could be a Mac?  Remember, we’ve decoupled the user data from the OS so it’s no longer dependent on the OS – it’s just a bunch of files and or settings in a database that can be “translated” for any OS in theory.

Maybe Microsoft does this, and maybe not.  I don’t see it happening soon, but it would be a really cool way to extend something like Live Mesh, essentially turning it into a Windows Domain in the cloud.  I really don’t see them going cross platform with it; Marketing would see to that.  And they’d also see it as a way to drive sales of the latest OS, forever putting pressure on the user to upgrade for support.  I hope I’m wrong.

Now think B-I-G-G-E-R!  With something like this …

  • We don’t need online backup solutions because the personal data store is stored in the cloud (be it public or private)
  • This could be a part of something bigger like an Intune or an Office365.  Throw in lockdown/encryption policies, along with remote wipe and device tracking and you have a secure and manageable mobile working platform.
  • OS and device replacement projects become easier. 
  • DR design and invocation becomes easier.
  • I could make a serious amount of money if I knew how to develop this …

But maybe a third party, like AppSense, will do something like this?  They’ll have to do something with that $70 million investment they recently got from Goldman Sachs.

I think that’s a pretty good brainfart considering I wrote this post while being hammered with the headache from the dark side of hell.

Technorati Tags: ,

61% of U.S. Corporations Say Employees are Already Using Tablets for Work

I’ve previously talked about Millenials, and how the consumerisation of IT will force IT to adapt to managing non enterprise devices.  This week I read reports where the majority of USA corporations report that users are bringing in tablets, such as the iPad, and using them for work.

“A report from research firm Strategy Analytics shows that 61% of U.S. corporation have found that their employees are already using tablets for work purposes”.

Clearly, we’re seeing an extension of what we saw back in 2003-2005 when executives came back from conferences, demanding that they have email capable phones that were a match for or better than their golfing/yachting buddy’s phone.  Then it happened again when the iPhone was launched.

The convenient nature and the long battery life of the tablet (not the slate PC) makes it a fine device for taking notes, using as a data consumer, and as something that is stylish.  Style counts with a lot of people in positions of authority; try giving a non-Microsoft executive some clunky looking Dell slate instead of an iPad2 if that’s what they originally asked for.

We IT infrastructure and systems management folks have to adapt.  Are we ready?  No.  The requirement of stuff like iTunes, Zune, or Google/Amazon market/app stores don’t help our cause.  The new OS to manage isn’t helpful.  If we’re lucky, we’re able to control PC/laptop specs to minimise hardware variation.  What about Android devices or Windows Phone 7 handsets?  There’s a huge variety of Android devices already, from the $100 dumb tablet to the $800 Xoom.  One can’t expect equal capabilities.  And Windows Phone 7 sets aren’t so standardised either – just ask Samsung handset owners if the first update bricked them or not.

The flood gates have opened.  Maybe they can be closed by some.  Maybe not.  In the end, businesses demand that their needs be dealt with.  It’s up to us to adapt.  The business is not there to service our desire to make things easy for us, unfortunately.

One of the System Center Configuration Manager 2012 videos that I watched offered some promise, when combined with the news that it would manage devices such as the iPad and iPhone.  The application delivery model is capable of detecting what the target device is, and deciding what software to install.  Maybe this will include these cross-platforms.  It appeared like it would; I saw some mention of Nokia in a dropdown box.

That’s just software deployment.  We have to figure out lock down policies, network access, antivirus, encryption (internal/removable storage), ownership, browser standardisation for web based/cloud business apps, and a whole lot more.  If I do have a solution, you’ll hear about it on Dragons Den.

Podcasts on my iPhone & Smart Playlists

Music and talk radio bore me to death.  I’ve been commuting to work on the train and tram.  For a while I worked on last year’s books.  That all wrapped up and then I needed something else.  I got an iPad a few months ago and started syncing TV shows onto it via the VLC app.  On the tram (which is crammed) I switch to audio … mainly podcasts.  In the car, I hook up my iPhone FM transmitter which also charges the phone.  And there I play podcasts which are relayed via the car radio.

What am I listening to?  It’s a wide variety including:

  • Paul Thurrot/TWIT Windows Weekly
  • Guardian Tech Weekly
  • BBC Radio 4 Comedy of the Week and Friday Night Comedy
  • Newstalk 106-108 Talking History and Michael Graham (a right wing nut job that makes me laugh) highlights
  • The Photography Show
  • ESPN UFC
  • And I recently added ESPN Mike & Mike and Football Today (but things are quiet there with the labour dispute on).  I’m also looking for anything more work related in an audio format but the pickings are slim.

That’s just a small sample.  Some are updated several times a week, some weekly, and some randomly.  But all these audio podcasts keep me entertained while I’m on the move.  My time on the road will be increasing fairly soon so I’m adding more podcasts.

One difficult thing to deal with is a 2 hour trip where I’m listening to different 30 minute long podcasts.  I don’t want to be fumbling with the iPod app to switch podcasts.  That’s why I decided to look at creating a playlist.  A standard playlist in iTunes is easy to set up.  But it is static; in other words, you have to add podcasts to it after they download.  My iTunes automatically downloads anything it finds so I would have to remember to set up the playlist.  And that led me to Smart Playlists.

A smart playlist dynamically adds podcasts by running a query on your collection’s metadata.  It took me a little while to figure out the settings I needed but here’s what I used today:

image

This searches for Podcasts (excluding other media such as music which I also have on the iPhone/iTunes) and specifies that the podcasts must be audio (excluding other video podcasts which I have for some photography/Photoshop stuff). 

Zap: and all my podcasts were ready.  After a phone sync, the podcast was ready, and I was able to listen to one podcast after another in the car without having to touch the phone.