With the release of Windows 2012, Hyper-V 3.0, and the new System Center Suites, Microsoft truly has a developed a hypervisor solution which can rival the entire feature set of VMWare's vSphere platform. I tend to prefer and recommend Hyper-V over VMWare for a few reasons, with the prominent reasons being cost and availability. It’s true that in the past Hyper-V's feature set was not as strong as VMWare's, but for most SMB's the feature set was indeed enough to satisfy their business and technical requirements. The cost of VMWare could often only be justified in larger organizations with bigger IT budgets and more demanding requirements.
Things have now changed. The gap between Hyper-V and VMWare has slimmed to a point where it’s now virtually non-existent. True, VMWare provides a solid and mature hypervisor platform, but many organizations are now seriously considering Hyper-V over VMWare due to its new bolstered feature set, low cost and overall ubiquity.
One of the newest features in Hyper-V 3.0 that I've worked with lately is Live Migration. For those who are familiar with Hyper-V Clusters, this concept is not new since Live Migration is one of the pinnacle reasons to implement a Hyper-V Cluster. For those not familiar with clusters, there should be some clarification as to what the new Live Migration feature entails in a typical setup. That is, a setup with a few standalone Hyper-V hosts and no shared storage.
When you’re working in a cluster and initiate a Live Migration, ownership of the virtual machine and its working memory are simply transferred from one node to another (see: http://trigon.com/tech-blog/bid/35259/Microsoft-Virtualization-Part-2-Live-Migration). Depending on the RAM consumption of the VM, this could take seconds, or just a few minutes. With the use of shared storage, the VHD's don't have to move, so basically its quick process with no downtime incurred.
In order to avoid confusion, a distinction should be made between a Live Migration in a clustered/shared storage environment and a Live Migration in a standalone environment. In Hyper-V 3.0, and in our "typical" scenario, a Live Migration is essentially a Live Storage Migration. This Live Migration does indeed keep the virtual machine online, but it copies the entire VHD and VM config files to the new host, not just ownership of the VM and the working memory state. It is a much more time consuming process but by allowing administrators to perform this type of Live Migration directly from Hyper-V Manager adds a great deal of flexibility without the need for an expensive or complex infrastructure.
It is important to note that Live Migration in a “typical” scenario isn't very scalable. Even if you have a dedicated 10 Gb Live Migration network, if you have 30 VMs you want to migrate, that is at least 30 VHD's that have to be fully copied over the network. Yes, you could schedule them through PowerShell and get it done, but it could quickly become a cumbersome process. The moral of the story is to just ensure you do not confuse the capabilities and function of a Live Migration in differing scenarios. Also, having Live Migration capabilities at your disposal right out of the box does not negate the need for a Hyper-V Cluster in order to provide High Availability for your virtual machines.
Direct Access is a feature introduced in Windows Server 2008 R2, and greatly improved upon in Windows Server 2012. I consider the introduction a bold one, because at the time it required a fully-envisioned IPv6 infrastructure, which is still being implemented incredibly slowly throughout the Internet. Lo-and-behold, with Windows Server 2012, Microsoft scaled-back the tenacity with which they were pressuring for IPv6 deployments and made DirectAccess available to us via simple SSL over IPv4.
What is DirectAccess?
Direct Access is a means by which your enterprise workstation is able to ‘phone home’ without any assistance, such as would be required to access a VPN configured through a firewall or a Microsoft Routing and Remote Access Server. The idea is that you are always able to route back to your Microsoft network using public IPv4 DNS records via the Secure Sockets Layer, similar to how you would sign-in to a secure web page for sensitive information, such as personal banking. This eliminates the need for integrating a service like RADIUS to provide domain-based authentication and deploying an VPN client software to all of the systems (not to mention training your staff on how to use it.)
Why use DirectAccess?
Simply put, DirectAccess eliminates one more step that is needed to remotely access a corporate environment, and reduces the surface area for end-user error. Since it uses the Secure Sockets Layer – which is shared by the aforementioned secure web browsing, variables such as remote routers and firewalls can also be eliminated as a variable since there are usually no restrictions on the SSL port, whereas a non-SSL VPN client would require that specific additional ports be opened at the connecting network, relative to the protocol being used.
A problem that used to exist in the old DirectAccess architecture of Server 2008 R2 was the reliance on IPv6, which as I mentioned can be a big project in itself to implement on a network that is not already using it. Server 2012 Direct Access is fully IPv4 compliant, and the configuration of it
What do you need to run DirectAccess (Windows 2012)?
DirectAccess requires the following components on your network:
- Client workstations running Windows enterprise software (Windows 7 Enterprise or Ultimate, Windows 8 Enterprise)
- If using Windows 7 clients, a local Certificate Authority is recommended to provide client-authentication certificates for backwards-compatibility. This is not a requirement in Windows 8.
- A Windows Server 2012 host with a network controller
- A Windows domain controller (running Windows Server 2008 SP2, or a higher edition) and DNS server
Contact Trigon today if you would like more information on Direct Access and how it can improve your small business!
With the explosive growth of smart phones recently many more people are being introduced to the world of Android. Android is built off of Linux, which is a full operating system that can be used on many different computing devices, including desktop and laptop computers. Due to Linux being open source there are many different variations called “Distributions”. Many of these distributions cater to very specific markets. Red Hat Enterprise Linux is one such distribution. It is geared toward companies and enterprise environments, and they require a subscription plan for their technical support to ensure everything runs smoothly. There’s also Ubuntu which is currently one of the most popular distributions available and is targeting the average computer user with a home pc. Ubuntu is one of the more user friendly distributions available and has software included that most people will find useful.
There are also distributions available that are aimed at being more of a tool than a full time use operating system. One such distribution is SystemRescueCD. This one is useful for repairing operating systems that are unable to boot and also for recovering data from a crashed system. This can be booted as a live cd which means that the operating system is loaded into memory only. The great thing about this distribution is that it’s capable of repairing not just Linux but also Windows and it is capable of reading NTFS and FAT file systems.
The list could go on and on for all the different distributions available and what they’re capable of but this is a brief overview of what Linux is and what it offers. There are many different flavors and many different tools which can lead to difficulty in finding the perfect fit, but do a little research and you’ll find there is a wealth of information out there.
Today we’re sharing not just some cool product news (getting to it in a second…), but a vision for HP webOS. Companies talk about visions all the time – “today we’re going to share our vision for the first chocolate-covered portable snowblower” – but what we’re sharing today is more than just some exciting new products (yes, yes – in a moment).
Over time, you can expect HP webOS to become part of your entire mobile experience, not just your phone. With our announcements today (almost there), you can get a taste of that vision with webOS products available in three new flavors: small, medium, and large.
So, the cat was let out of the bag yesterday afternoon in a long, two hour event where HP announced the next steps of their newly purchased webOS products. Notice how I didn't say "Palm". In fact, from what I read of the event, I don't even think "Palm" was even on the products at all. Ah, well. So sad. I loved me some Palm!
With that said, the HP TouchPad is all webOS, so it's not some poor overlay over top of a Windows tablet that never looks good and hurts peoples hearts and souls. Not only that, but they also announced a brand new phone, and also the newest version of the Pre, now dubbed the HP Pre 3.
The most interesting part about the entire event was that they made mention that they see webOS as going to not only printers, but also desktop computers. Whaaaaaaa???
Is the beginning of the end for Windows & HP as longtime friends? They've already kicked Windows to the curb on their tablet side. They were shown at last year's CES as making "the" Windows tablet but then it never came out.
I wonder where this leaves Microsoft as now, not only were they late to the new smartphone game, but now they are completely behind in the tablet space. A space which they practically started! Good thing Trigon has experience in setting up just about any business with whatever mobile infrastructure they want.
- by Andrew, "Shoot First", Levin
Microsoft does a great job at making licensing its products very confusing. From the surface it seems pretty straightforward, OEM is from the hardware manufacturer, retail keys are purchased individually and MAK and KMS keys are for volume licensing. However, any IT administrator can tell you that it is not that straightforward. The reason for this is because dozens of scenarios exist which complicate the management of the keys and activations within your environment. Factors such as the size of your company, new PC purchases, upgrades, downgrades and hardware replacement cycles all contribute to making license key management a meticulous process. Below is a quick description of the type of keys which you will encounter.
OEM – OEM keys are tied to a computer’s BIOS and motherboard. Support for OEM operating systems generally does not come from Microsoft, but from the hardware manufacturer. OEM keys are also not legally transferable to any other computer.
Retail – Retail keys come with versions of the OS that you purchase outright. Retail keys are transferrable to another machine, but can legally only be installed on one PC at a time.
KMS – Key Management Service keys are a volume license solution which uses a host and client model for activation. The KMS host holds a single key which all of your client PCs will contact for activation, every 180 days. The KMS client OS will go into a reduced functionality mode if activation is not processed after a 210 day interval. This makes the availability of the KMS host critical to the environment. A KMS scenario is useful if you have machines that are not connected to the Internet, as well as for maintaining a single location for the management of all your activations.
MAK – Multiple Activation Keys are another type of volume licensing that is recommended for environments with fewer than 25 computers. MAKs are purchased as a single key, with a specific number of activations. If additional activations are required, you must purchase either another MAK, or additional activations for your current MAK.
So, for instance, let’s say your organization has 100 existing PCs and a Windows 7 rollout project is on the horizon. You decide to replace 50 of the PCs and just upgrade the remaining 50 from XP to Windows 7. Now, the 50 PCs you just purchased for replacement come with a Windows 7 license from the manufacturer. You already have a KMS infrastructure in place, so, do you want to purchase additional KMS activations to easily maintain all the license keys, or keep the OEM keys on the 50 machines and manage them individually? The ease of management alone may not justify the cost for additional KMS activations, so what happens when the new PCs get replaced? Now you have a new key to manage since the OEM key goes with the machine. What if you have to throw 25 Windows XP downgrades into the mix? What will they be licensed under and how do you want to track those keys? What if you have a department of MAK licensed machines that are being decommissioned and what to reclaim then reuse that license?
This is just a quick example of some of the questions that arise, and even though a bit convoluted, answers for each do exist. However, this scenario can get very ugly if you extrapolate it to say, 3000 PCs, with 10 separate hardware replacement cycles and 3 different OS versions. Many organizations out there mix and match different configurations (with what they acquire and with what they have on hand) to simply try and maintain compliance. But when audit time rolls around it becomes a very cumbersome process to try and elicit the proper documentation to prove compliance. Therefore, the moral of the story is to plan early and keep as little variability as possible. Trigon can be a huge asset within this planning, so be sure to contact us to help you along with the process.
- by Andrew, "Babyface", Neumann
While I had originally set out to blog about a few exciting features available within Postini for encrypting traffic to and from your messaging server, I found myself sidetracked and subsequently uber focused on an issue that I thought was long dead – documenting Users Passwords... on paper... in a centralized location..
Who the heck should care about e-mail security when the most fundamental concept of PC security is ignored, likely by more companies than this IT professional would like to admit. While the prospect of having this secret information is sometimes a Godsend for an IT professional like myself, I assure you it will only lead to death and destruction. Well, maybe not that severe –an upset stomach and possibly a few grey hairs. Make light of this situation and you may find yourself on the receiving end of some pretty nasty results the next time you’re sitting in your board room dismissing someone for inappropriate behavior. Let a few minutes slip by after the termination and you may definitely see some inappropriate behavior. The mad scramble that will follow to try to ensure that the ex-employee doesn’t access your Network through VPN by using another employees credentials. Sonny, did I say an upset stomach and a few more grey hairs? Let me amend that to a one way ticket to a straight jacket as you realize that your confidential company property has suddenly ‘disappeared’ – it was just there this morning, what happened?
You didn’t follow Microsoft best practices and implement a comprehensive Password Security policy to ensure the security of that which you spent your whole life building. Ouch-ers! Microsoft recommends that ALL company employees (including principals) follow these best practices for password protection:
- Always use strong passwords. A password is considered strong if it meets the below minimum criteria:
- Is at least seven characters long.
- Does not contain your user name, real name, or company name.
- Does not contain a complete dictionary word.
- Is significantly different from previous passwords. Passwords that increment (Password1) are not strong.
- Contains characters from each of the following four groups:
- Never share passwords with anyone.
- Use different passwords for all user accounts.
- Change passwords immediately if they may have been compromised.
- Be careful about where passwords are saved on computers. Some dialog boxes, such as those for remote access and other telephone connections, present an option to save or remember a password. Selecting this option poses a potential security threat.
While an IT professional can make recommendations to the principals of an organization extolling the benefits of implementing a universal Password Policy, it is ultimately up to the client to decide what they would like to do. If the decision is made to potentially jeopardize company data, positioning, and security by not implementing a Password Policy forcing users to take the 30 seconds every 45 days to change their password, ensure that you have documented this fact and then sleep soundly knowing that you have put your best foot forward to try and safeguard a client from what could potentially be a very devastating event.
Perhaps a box of ‘Just for Men’ hair color treatment should be part of your IT Engineer Tool Kit?
Ah, the IT Engineer Tool Kit. We love them! Trigon and our kits server Montgomery and Bucks Counties just to name a few. If you'd like a refresher course with your Password rules, be sure to contact us.
Boy Genius Report:
Critics have commented on the lack of specific features like copy & paste and lack of 100s of thousands of applications. And while both are true, copy & paste will be available as an update in a matter of weeks (early 2011) and as for applications, it’s just a matter of time.
This should knock those Apple Fanboys down a peg. Nerds! Wait, I'm one of those Fanboys. Ah!
Even still, this news doesn't knock the "no multi-tasking" critique that the phones will still have to deal with. Essentially, these will be able to multi-task just like the iPhone did at launch. The built-in apps like Mail, Calendar and Zune can do things behind the scenes, just not apps that you download from their Marketplace. Bummer.
The best thing about the iOS 4.0 update was that games and apps can remember where you left off and pop back to life very quickly after long periods of time. It gives the impression that the app has stayed on the entire time, when in reality, it just remembers where you left off. Apple, you tricky fellows.
Word on the street is that one of Trigon's own employees will be purchasing a Windows Phone 7 phone at launch. Are you excited? I'm excited. If anything, this will continue to place Trigon as the premiere Windows technical support team in the Philadelphia area.
Take that, Apple Fanboys like myself!
Before reading, check out the YouTube clip.
I'll give mine first. That was awful. I hope this is a prototype that will never get made, let's be honest. Can you image a CTRL-ALT-DELETE hardware button? Ouch.
This video continues to show that Windows 7, or any other Windows OS was not designed for a tablet experience. It doesn't matter what kind of fluff you put on top of the OS, it just won't work. The new Windows Phone 7 OS looks to be a better user experience, in fact. I would not want to be the Managed Services company in charge of those products. Wait, what's that? We just signed up for a fleet of HP Slate tablets? There is someone in Wayne, PA that needs IT support? I LOVE those tablets! They are so easy to use in the enterprise sector!
Love or hate the iPad, the usability is never questioned. The entire operating system was designed with touch in mind. Windows 7 was not. I'd love to use Windows on a tablet, but we're several years from that happening and not wanting to throw that same tablet out the window.
A pig just flew by my window.
What's even more bizzare, though, is that he was carrying a note that had information on it regarding Microsoft and Apple. Apparently, Microsoft will be brining Mac support to its Small Business Server software and to Windows Home Server software.
What in the...?
That's right, folks. This is all in testing, but Microsoft will be brining Mac Support to both Small Business Server software and Windows Home Server software. In terms of SBS software, not only will there be Mac compatibility, but there will also be some sort of focus on cloud-based features.
As for Windows Home Server software, Windows and Mac based machines will be able to play nicely together in homes such as mine - which contain Mac and PC users.
Crazy things are happening in the IT Support world...
It has finally come to the point in time where Microsoft is about to retire another portion of Windows XP; and that is SP2. Now this doesn’t mean that on July 13th (tomorrow) you have to stop using your XP2 PC or that it is just going to stop working. It does mean, however, that Microsoft will no longer be making any patches for the nearly 6 year old OS version. This is a big deal to someone that works in the IT support field, because without patches, as new exploits are discovered there will be no fixes coming to help protect you, no matter how severe or dangerous they may be.
You can of course update your PC to SP3, and why shouldn’t you? It has many improvements over SP2, and at the time of its release it claimed to speed up XP based systems by almost 30%. If you do upgrade to SP3, support will continue until April 2014, including all the patches you need to keep your system safe. Another important piece of information you need to know is that if you do decide to stay with SP2, Microsoft will not be patching any of your programs for that OS version. This includes IE in any version, even if there is a patch for SP 3, you will be out of luck. One important exception is if you happen to be running a 64bit version of Windows XP SP2. In this case, you will still be covered for the time being, as there was not SP3 for 64bit XP.
If for whatever reason you must continue using SP2 or you refuse to upgrade to the next version, there are a couple of things that you should do to keep your PC safe. One is to switch your web browser. With no more patches incoming for IE, for you to continue to use the browser on that version of Windows would be like playing with fire. If you do switch browsers, it is also brings up another important fact; you should continue to manually patch all 3rd party programs -- including the new browser you choose to use. I am partial to Chrome, but Firefox 4 beta is looking pretty sweet (however, that’s a topic for another day). Also, Flash, Acrobat and Java are good examples of programs that need to be up to date to protect your computer as much as possible.
I hope this article shed some light on what you can do beyond Windows XP SP2. Don't forget...you can always upgrade to Windows 7, and we can help!