Aidan Finn, IT Pro

Whether you use Terminal Services, Citrix, 2X, ProPalms or something else, the core of performance optimisation is based in Windows.  There’s a Microsoft KB article that details some basic steps that will help you get the most out of your servers. 

It starts with getting the hardware right.  If you’re buying now you’ll get 64 bit processors.  That’s a good start:

• Dual CPU’s with Dual Core or Quad Core support.
• Memory – 2-4 GB RAM.
• Optional: DVD + Floppy.
• Raid Adapter with at least 128 RAM, that support Raid 1 with Hot Spare disk.
• Backup Battery for Raid Adapter.
• Three disks of at least 74 GB Ultra SCSI 3 15000 RPM or 74 GB SAS 15000 RPM (Raid 1 + Hotspare).
• Dual Power Supply.
• Remote Management Adapter.
• Dual Network Adapter 1-10 GB (Server Adapter) with an option for "Teaming" (Fiber Channel Network Adapters recommended).

A quick note here.  Memory is a very interesting subject and it’s usually the bottleneck on deciding how many users you can load onto a Terminal Server.  Note that 32 bit applications are very memory inefficient on 64 bit operating systems.  64 bit operating systems are capable of addressing serving much more RAM.  Have a read of Bernhard Tritsch’s (Terminal Services author and MVP) "Big Iron Test". 

Next up is is operating system.  Obviously you go with Windows 2003 now.  Windows Longhorn will offer some serious upgrades which may accelerate it’s deployment.  Do you go 32 bit or 64 bit. Having a 64bit CPU give you the option of either.  As always, do some testing:

• Are the applications that will be used on the Terminal Server supported when running under x64 runtime or WOW32 under x64 runtime?  Remember that 16 bit applications will not run on a 64 bit OS.
• Did tests show any improvement or degradation in the server performance when you ran them on a 64 bit OS?
• Does the current server hardware support 32-Bit runtime and/or x64 runtime?

You’ll also want to make sure that you run the latest service pack, currently SP1 for Windows 2003.  Some optimisations include:

• Use a dedicated server for Terminal Server tasks.  Don’t think "I’ve got a server with loads of RAM and CPU – why not install SQL on it".  That will kill the server.  You bought that hardware to replace PC’s, not other servers.
• Verify that third party products are supported under Terminal Server environment.  Watch out for dodgy applications – they sometimes require "application silos" where servers are dedicated to particular applications.
• Consider using "User Profile Hive Cleanup Service".
• look at using a large page file.  You will want to know how to overcome the 4,095 MB paging file size limit in Windows.
• You should also look into how to determine the appropriate page file size for 64-bit versions of Windows Server 2003.
• Optimsise graphics performance (Control Panel -> "System" -> "Advanced") and change "Visual Effects" and "Adjust for best performance of:" and "Memory usage".
• Optimise memory management by editing "boot.ini" file.
• Use the latest Client … RDP, Citrix, termanal OS, etc.
• Consider implementing QoS (Quality of Services) or Class of Service to boost RDP sessions over the network.
• Use low resolution for RDP display and consider disabling RDP features such as Auto Network drive mapping, Audio etc.
• Use as few GPO’s (Group Policy Object) as possible.  Check out loop back processing … very useful if you have users who have both full and thin client requirements and need differing policies depending where they have logged in.
• Do not use batch technology scripts.  Powershell, VBS, WMI, Windows Power Tools offer more options and better performance.
• Use printers drivers signed by Microsoft.
• If at all possible, only redirect the primary printer on full clients.  Try to configure printer mapping so that it logons do not wait for them.
• Look at pritner optimisation technology such as Riverbed, ThinPrint, etc, when printers are across a WAN from the Terminal Servers.  Some Citrix alternative technologies include optimisation solutions.
• If you enable NLB (Network Load Balancing), check that the current network equipment can handle NLB traffic.
• Do not use remote "Roaming Profiles" for Terminal Server access.  In fact, it might be worth not using roaming profiles at all.  Check out a free alternative called Flex Profiles.
• Disable unnecessary services/options in the user GUI (Graphical User Interface) such as Wallpaper, Active Desktop, Screen Saver, etc.
• Use a Terminal License Server that is local to the Terminal Servers.  MS PSS call #1: make sure you configure the right type of CAL in the TS configuration on the Terminal Services and that it matches the CAL’s on the Terminal License Server.
• There’s a recommendation to consider disabling the use of web browsers.  That’s not all that realistic.  What you can do is use a proxy filter to prevent unwanted bandwith eaters.

Test, test, test.  Even when you go into production, you should retain a test environment.  You may even need a development environment if you have internally developed applications.

I’ve been a programmer, consultant, administrator and contractor.  During all those years since 1996 I keep hearing the same old tune from people … "Microsoft software isn’t stable, it isn’t scalable and it isn’t secure".  Hmmm.  Lets have a look at that.

It Isn’t Stable

I ran a network with 160 odd Windows 2003 and a handful of Windows 2000 servers.  We had around 12 Solaris machines which ran our front office and our back office application.  The critical applications that were on those UNIX platforms were far from stable.  In fact, they were clustered and the clustering was not only a huge cost but failed to work correctly.  We also ran Lotus Notes, usually the latest builds.  We had a cracking Lotus Notes team led by one of the best Lotus freaks in Ireland.  We saw many funnies there despite that team’s efforts.  On the MS side?  Was it perfect?  Nope.  But we were stable.  Services did not go down during the day.  We were able to stick to prevously agreed maintenance windows.

It Isn’t Secure

Here’s the one that makes me really laugh out loud.  I’ve asked people why they use ISA Server as a proxy but instead of using this economic product (around €1,000 and no CAL’s required) as their firewall, they cough up countless amounts of money for something like Checkpoint whose licensing makes Dick Turpin look like a saint.  The usual line is "I won’t use a Microsoft Firewall because it isn’t secure".  I usually respond with "What attack on ISA made you feel that way?".  There is never a response.  Since ISA 2000, you can count the number of security patches for the ISA family with fewer digits than are on your hands.  Can you truly say the same for Cisco or Checkpoint?  Plus, ISA is managable and understands your user accounts.  It can be made fault tolerant and is cost effective.  Not only does it do the usual port blocking , etc, but it understands the applications passing though it and can actually intercept malformed packets that are an attack on your network.

Then we get to patching.  Penguin lovers can be quiet here.  When is the last time you saw a fully patched Linux or UNIX network?  How did they deploy the patches?  Microsoft has a responsive solution for getting patches out to the public and they have provided 3 mechanisms (Windows Update in each machine WSUS and SMS) for deploying updates.  With these tools, your Microsoft network can be secured within a 24 hours with minimal business impact or manual effort.

It Isn’t Scalable

Maybe this one was true in the past.  SQL 2000 (certainly 2005), Exchange 2003 and Window 2003 easily took care of all scalability problems.  When Microsoft ran Exchange 2003, they had 3 or 4 clusters for the 55,000 users across the globe in 3 sites.  Each cluster was made up of 6 HP DL380’s, 4 being active, 1 for recoveries and one as a failover node.  That’s 6 * 4 = 24 servers for 55,000 users with room for failover for probably one of the busiest email networks in the world.  That’s impressive if you ask me.

OK … It’s Too Expensive

We all hear headlines about how organisations allegedly dump MS to go with the Penguin way of life.  The Munich government made headlines back in 2003 with their decision to snub Steve Balmer.  He warned them that he was giving them a great price for their needs and that their Linux solution would end up costing more.  They had the whole arrogance thing going on and didn’t listen.   A year later we heard that their Linux project licensing was costing around 30% than what MS had quoted them for licensing.  That worked out well.  I guess they never considered user familiarity, training, managability, deployment, product integration, etc.

As an example, here’s a a case study where the London Stock Exchange adopted Microsoft technology.  You’re not going to find many more sites where cost, scalability, scurity and stability are going to be more important.

What the &$^?  Anyone who know’s me will know that I tend to be bleary eyed on Mondays in January as the lead up to the Superbowl builds up.  The NFL (American Football to us outside of the USA) is my favourite sport and as usual (as of late) the Niners were never in the running … but things are changing for the better!

This year we’re looking at the Indianapolis Colts versus the Chicago Bears.  We were very close to getting a rematch of the most famous Superbowl this side of the Atlantic … the Bears V the New England Patriots.  Sunday’s late game was a thriller.  I have to admit that I never though Manning had that sort of drive in him.  He certianly hadn’t shown it in any of the previous years.

My prediction?  The bears offense relies on big plays too much and the Colts will eat up their "46" styled blitz packages.  This will be one of the most boring Superbowls in years as the Colts destroy the "Da Bears".

Dave Northey from Microsoft Consulting Ireland has posted a blog entry that details a bunch of Exchange 2007 webcasts.  If you’re checking out E2007 then it’s worth having a look at.  It’s called 24 hours of Exchange 2007 and there really is 24 hours worth of material there.  Wow…. 3 work days of webcasts….

Say what you want and joke as much as you want about Bill Gates but there is no doubting what he and his family do for charity.  He really puts the richest people in the world to shame.  can you imagine someone like Donal Trump announcing that he’s going to give up his job to spend 100% of his working time raising money for education, health care, and scientific research for the world’s neediest peoples?  I think his wig mig just miss the spotlight.

Anyway… Microsof thas launched a special version of their live.com search website.  The "Give to Nine Million" website promises to contribute money to a good cause based on search activity.  That for me is worthy enough to make them my first hit when doing a search.  Sure, I think Google is still #1 but Live does sometimes offer differing results that need to be checked out.  Why restrict myself to one search engine?

The cause in question?  I’m fussy about who I give money to but this sounds like a good one.  Nine Million is a UNHCR organisation that aims to aid refugees.  We’ve all seen and read about places like Darfur but there’s countless others that never make it past the news editors.  Check the site out and and see if there’s something more you can do to help.

So do something good today… check out Give to Nine Million and give them your first searches.

I don’t think I can ever accuse Mark Minasi of sitting on his laurels.  Mark’s latest book recently was made available in all good bookshops.  This time it’s all about Vista Security.  Mark has identified the key features of Vista security and has docuemtned how they work, how they affect you, how you can employ them and how to manage them.

I’ve not bought the book yet but I’m sure it’s up to Mark’s usual high standard.  Some of the early feedback has been very positive.  Mark had a big old description of the book on his site and you can also check out the first chapter online. 

Bink posted a link to a very useful article today on a question that needed to be asked and answered: "How much RAM will I need to run Vista?".  Bink’s conclusion was in agreement with the original MSDN article.  To get a full blown experience from Vista you will need 1.5GB of RAM.

My conclusions?  I’m running a home built Intel Duo Core PC with 4GB of RAM with Vista Business x64.  When Vista and the usual bit’n’bobs (AV, etc) are running, 1.5Gb is consumed.  One thing we’ve all seen from Windows before is the "Field of Dreams" principle: "If you build it, they will come".  In Windows, if you insert RAM, it will use it. 

I’m not saying your Vista PC needs 2GB of RAM, but I think a basic business machine should have a minimum of 1GB.  How this will work in the future, I cannot predict.  Most decent vendors will release new verions of products in the coming months to take advantage of the new Vista market.  They’ll likely increase their own footprints and therefore memory requirements will increase.

My advice is to start looking at Vista now if being up to date is important to you.  Large business are likely going to have application rollouts that rely on Vista features.  The security benefits will surely be worthy of consideration.  Have a a look at the product, learn it, identify and prepare your deployment mechanism and figure out your hardware requirements.  This way, when the CIO says "we need to get this thing rolling" you’ll be able to turn around and say "we’re ready".

No sooner has Microsoft release Vista than they are already working on Service Pack 1 for it.  OK, the shelf products won’t be out for another week or so but that s pretty impressive.  Heck, I’ve even read that MS are looking for suggestions for the Vista successor.

Anyway, Microsoft has started recruiting members for the SP1 TAP program.  The Technical Adoption Program enables Microsoft to work with partners and clients with early, pre-public releases of the product.  We’re talking abot pre-beta releases here.  The clients and partners in question are cherry picked by Microsoft.  For the lucky few, they often are given a solution to solve critical problems, they get a chance to steer development/design and they get to learn the product before anyone else.

Microsoft is currenly looking for people to join the Vista SP1 TAP program.

Credit: Bink.

UPDATED: 26/01/2007:

There’s a new registration page with details on the conference, speakers, material and location.

—–

I’ve mentioned this one a few times in my blog but I’m going to give it a bit of detail here.

I’m a member of the MR&D forum.  This forum is hosted by Mark Minasi, the acclaimed Windows technology journalist, author, speaker, MVP and consultant.  You”ve likely heard of Mark thanks to books like Mastering Windows 2003 and his contributions to the magazine, Windows IT Pro.  You’ll likely have hit the forum in some way while googling for solutions to Microsoft Infrastructure problems.  Numerous MVP’s and experienced Microsoft techies participate on this forum offering help, articles and advice on infrastructure technologies of all kinds.  The membership spans the globe and all types of people. 

Last May, we held our first group conference in Mark’s home town of Virginia Beach, Virginia, USA.  It was a great event and we all learned loads from each other, e.g. Curt Spanburgh gave a very detailed presentation on Microsoft Dynamics, Nathan Winters gave a full demo of Exchange 2003 mobile push email, Nick Whittome dispelled a few myths and sold us on the worthiness of SBS and Mark explained Kerberos in AD from start to beginning as well as giving us a detailed brief on what to expect from Vista technology.  A special guest, Todd Lammle (Cisco expert and author) gave us a briefing on IPv6 that was a real eye opener.  The whole 1.5 day experience was really worth the effort.  What really made it work was the intimacy of the event.  Open conversation, quentions/answers were everywhere.  In fact, Rhonda Layfield (author, speaker, consultant) offered to give a presentation on how to make the most of Network Monitor at no notice!  The difference between this event and the likes of WinConnections, TechEd, IT Forum was obvious.  The intimacy fo the vent meant that the content was richer and the presentations were extremely interactive.  Not only was a it a good technical event but it was a great social event too.  We’ve not only helped each other even mor in the following year but we’ve also become friends outside of the work side of things.  It was such a success that we planned to make this an annual event.

This year we are holding the event in the same location in Virginia Beach.  The event starts on May 3rd and ends on May 6th.  The hotel is right on the beach and is a pleasant location.  Details of the event location and booking are available on the MR&D forum.  We’re expanding the event and more people are speaking.  We’ve also got some special guests:

• Todd Lammle will be making his return.
• Darren Mar-Elia (Group Policy genius, author, s/w developer, MVP, author) will be presenting if all goes well.
• Steve Riley (senior Microsoft security consultant, one of Microsoft’s most popular presenters at conferences) is scheduled to join us.

Obviously the card is subject to change … thing happen, afterall.

A bunch more of us will be presenting this time around, including your truly who will be presenting System Center Configuration Manager.  The event will be several days longer too.  This will be a bigger event.  One of the cool things with our event is the cost.  We are charging money to cover costs only.  At the event, we’ll be collecting around $250 from each person to cover room rental and food for our big night out.  Of course, there’ll be those of use who have a few beers on other nights too… I’m arriving early and leaving late along with some of the others to enjoy an very historic and scenic area.  Each delegate has to cover their own flight and hotel costs.  The above link details booking arrangements to get a discount on the hotel room if you want to stay in the same hotel as the event.  The location ("The Strip") has loads of other hotels and there are motels further in land.

We’ve got more details on presentations on the MR&D site.  Again, the card is subject to change.  This is how it looks as of now:

May 3, 2007
08am – 09:45am — Mark Minasi — Vista drilldown: Some of the best stuff you aren’t using yet but should be
10am – 11:45am — Jim Adgate — Bitlocker: How to avoid becoming a veteran
12pm – 12:59pm — LUNCH
01pm – 02:45pm — James Summerlin — Powershell: Scripting and automation via the command line
03pm – 04:45pm — Nathan Winters — Exchange 2007: How to be available for work 24/7/365.25

May 4, 2007
08am – 09:45am — Mark Minasi — What’s New and Great and Coming in Server 2007
10am – 11:45am — Darren Mar Elia — Group Policy: How to turn your network into a POLICE STATE
12pm – 12:59pm — LUNCH
01pm – 02:45pm — Aidan Finn — DFS/DFS-R and the new Print Management Console (this one is changing)
03pm – 04:45pm — Rhonda Layfield — Network monitoring: That packet can run, but it can’t hide (Darth Vader breathing sound).

May 5, 2007
08am – 09:45am — Mark Minasi — Vista/Server 2007 Security: The Hidden Truth
10am – 11:45am — Nathan Winters — VMWare: The latest and greatest you need to know.
12pm – 12:59pm — LUNCH
01pm – 02:45pm — Curt Spanburgh — Kerberos: Controlling the BEAST
03pm – 04:45pm — Aidan Finn — System Center Configuration Manager 2007

May 6, 2007
08am – 09:45am — Mark Minasi —- The Accidental DBA
10am – 11:45am — James Summerlin —- The Accidental Developer – Part 1
12pm – 12:49pm — LUNCH
01pm – 02:45pm — Todd Lamelle —- Guys, seriously, IPv6 really is your friend!
03pm – 04:45pm — Steve Riley —- Ask not what the Empire can do for you but what you can do for the Empire!

Oh my… I’ve got the afternoon shift on the 5th!

I can guarantee that you will never get close to experts such as Mark, Rhonda, Todd, Steve andDarren (not to mention the others) at any other event.  You will never get to spend as much time with them, not only in presentations but also socially, at any other event.  For me, and loads of the original Minasi Group delegates, this event is unmissable.

Getting to Virginia Beach … Fly to Norfolk International Airport.  Get a taxi or a rental car and head straight east on the Interstate until you get to the beach.  Turn left until you reach the Marriot on your right.  It sounds easy and it is.

We’d love to grow this event to include more people.  If you are at all interested, wanting to learn and willing to contribute in any small way then please do check out the above links for details of the event.  If you decide to go then let James Summerlin (you can contact him through MR&D) know.

I just saw a recent update on the Vista team blog that will answer a lot of questions for a lot of people.  There are SIX (!) versions of Windows Vista:

1. Windows Vista Starter: Only sold in developing world markets at a much lower cost than normal.
2. Windows Vista Home Basic: Basic functionality and security.  No Aero interface.
3. Windows Vista Home Premium: Aero interface, Media Center, and home networking.
4. Windows Vista Business: Likely to be the most common one on business networks.  Aero interface, RDP and backup functionality.  No Media Center functionality.
5. Windows Vista Enterprise: Only available to Software Assurance customers.  Boooo!
6. Windows Vista Ultimate: The be all and end all of Windows Vista.  An extra set of downloads adding extra functionality is available for Vista Ultimate users.

Six versions, eh?  At least it isn’t as complicated as Office 2007 😉

Which one of the six you purchase will have implications, e.g. lower costs = less features.  You will need to chose the right one or mix of versions for your organisation.

If you are looking at Vista then you should have a look at this blog entry.