Perfmon Edits

If you gather a lot of data in a perfmon log (which I do from time to time for troubleshooting purposes) you'll know that vertical bars are displayed on the screen when you view the data. Also, values in the thousands can be difficult to read without the comma separators. To change this behaviour, merge the following registry settings:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\SystemMonitor]
"DisplaySingleLogSampleValue"=dword:00000001
"DisplayThousandsSeparator"=dword:00000001

Happy perfmoning.

B

IIS May Break After Installing KB973917

I got called to look at an IIS Server first thing this morning. Websites were simply saying "Service Unavailable". Looking at the System log, I could see that IIS's Rapid-fail protection was kicking in i.e. five Source W3SVC Event ID 1009 warnings followed by one Source W3SVC Event ID 1002 error. Unsurprisingly, disabling Rapid-fail protection had no positive effect. The logs revealed that a number of patches were automatically installed at 3am, including 973917 which "implements Extended Protection for Authentication in Internet Information Services (IIS)". At the time of writing, 973917 is still at revision 1.0 with no reported known issues. However, I found this blog post on MSDN which points to this KB article (Internet Information Services 6.0 may not function correctly after installing KB973917) which describes the issue.

Moral of the story? In an ideal world, test before patching. In a less than ideal world, be sure you have a known good backup before you patch. And if you have to patch and be damned, I wish you the best of luck.

B

PS Test first or patch asap? Each to their own.

RDP to Console

Ok, so we know to use the /admin switch when running mstsc from the command line if we want to RDP to the console session, but I keep forgetting the RDP file entry to do the same thing, so I'm recording it here for posterity:

administrative session:i:1

B

W2k3 ICMP Types

For reference, here's the ICMP types on Windows 2003:

2 - Allow outbound packet too big.
3 - Allow outbound destination unreachable.
4 - Allow outbound source quench.
5 - Allow redirect.
8 - Allow inbound echo request.
9 - Allow inbound router request.
11 - Allow outbound time exceeded.
12 - Allow outbound parameter problem.
13 - Allow inbound timestamp request.
17 - Allow inbound mask request.
ALL - All types.

Enable ICMP Response on W2k3 Firewall

To enable ICMP response on a Windows 2003 firewall, use the following command:

netsh firewall set icmpsetting type = 8 mode = enable interface = "Local Area Connection"

Watch those spaces!

Select Passive Mode in Windows FTP Client

I always forget what the command is to change the Windows FTP client from Active to Passive mode, so for reference the command is:

LITERAL PASV

Happy FTPing!

Enable ICMP Response on W2k8 Firewall

The firewall on Windows Server 2008 is turned on by default and ICMP echoes are disabled. According to Microsoft you should be able to enable it using:

netsh advfirewall firewall add rule name=”ICMP Allow incoming V4 echo request” protocol=icmpv4:8,any dir=in action=allow

The result of this is "An invalid value was specified" which makes sense if you look at what netsh should be provided with. Rather than adding this custom rule, I had a look to see if there was a rule already there, but disabled. There is, but it's called "File and Printer Sharing (Echo Request - ICMPv4-In)" for some reason.

So, to enable it use:

netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes

Happy pinging.

GUI vs CLI

I always lament the way Microsoft seem to insist on changing user interfaces, seemingly burying things I need to configure one or more clicks away in successive versions of Windows, or implementing "Wizards" which require you to click fill in a piece of information, click Next, fill in another piece of information, click next, and so on. (At the risk of sounding like an old man) I liked the way things were in the NT days e.g. if you needed to configure a WINS Server, most of the settings you needed were presented in a single properties page e.g.:



This allowed you to enter everything required and hit OK once instead of hitting Next umpteen times.

Thankfully there isn't a Wizard (yet) for setting up IP addresses, but there's still a significant number of mouse clicks required to get the job done. At least the command line is never more than six key strokes away (Windows Key+R - cmd - Return). So rather than wearing out the button on your mouse, the next time you need to configure IP addresses at the command line, try netsh instead:

Set an IP address
netsh interface ip set address name="Local Area Connection" static ip mask gateway metric e.g.:
netsh interface ip set address name="Local Area Connection" static 10.10.1.100 255.255.255.0 10.10.1.1 1

Primary DNS
netsh interface ip set dnsserver name="Local Area Connection" static DNSServerIPAddress e.g.:
netsh interface ip set dnsserver name="Local Area Connection" static 82.195.128.192

Secondary DNS
netsh interface ip add dnsserver "Local Area Connection" DNSServerIPAddress e.g.:
netsh interface ip add dnsserver "Local Area Connection" 82.195.146.192

Seven Million Files on NTFS

I had occasion to look into performance problems on a Windows 2003 server the other day. The server is running IIS and generally runs along tickety-boo. Then someone started to delete some files from an NTFS volume and the server practically locked up. That's when I was called in.

I quickly discovered that the one volume had approximately seven million files files on it. This amount of files will pose probems: even if the application(s) using the volume can cope, explorer.exe won't fair so well.

I've never been particularly impressed with Explorer's performance when large file operations are required, wheter that's working with a small number of large files, or a large number of small files. In fairness though, deleting seven million files is bound to take some time. That said, it shouldn't appear to lock up the entire system.

Any component of an operating system has its limits. Seven million files appears to be beyond what explorer on W2k3 can cope with by default. The application was also generating long files names with the dfferences in the names at the end of the filenames which poses an overhead for 8.3 filename generation. It is of course possible to tweak NTFS performance using fsutil to turn off 8.3 filename generation, but I favour leaving things at their defaults unless there is a compelling reason to do otherwise.

Debug logging had been left enabled in the application and was generating the files. It was not required in normal operations so was turned off. A quick format of the volume blew the files away quicker than a traditional delete could ever do. Log file generation reverted to a more respectable level and normal operations were resumed.

If you want to know more about the innards of NTFS, here's some good starting points:

What is NTFS?
How NTFS Works
NTFS Documentation
NTFS.com
Linux NTFS Wiki

B

NAT Woes Resolved

Having started with Hosting365 I had to offload my NAT woes to a professional acquantance. Bottom line: the IP settings provided by the ISP were incorrect and the ZyWall NAT settings were caused by some finger trouble. All sorted now.

All My Sons

My wife and I went to see All My Sons at The Gate Theatre last Tuesday. The performance was absolutely fanntastic. The set was impressive too. I first heard of this Arthur Miller play coming to The Gate Theatre back in February when we saw The Real Thing. At the time I figured it'd be one to see. How right I was.

The performances were the best I've ever seen on stage. Len Cariou's performance, his Gate debut, was particularly convincing. He wasn't acting: he was Joe Keller. Barbara Brennan's performance of, Kate, the distraught mother, is also first rate. And Garrett Lombard did a good Chris. In fact, at the risk of sounding like Father Ted, all the performances were very good.

To be fair, the material they have to work with is extraordinary. Miller delivers lines at just the right times, turning the audience's opinion of different characters from apathy to empathy as their inner conflicts are revealed.

This is without doubt a special production and is one to be seen if you have any chance. There were a couple of empty seats on Tuesday night, so if you have a free evening and a few Euro to spare, make a point to go see it. You won't be disappointed.

B

Hyper-V R2

I attended a Windows User Group session on Hyper-V R2 this morning. New features include:

Live Migration / Clustered Shared Volumes
Hyper-V leverages MSCS which operates on a shared nothing basis. Clustered Shared Volumes have been introduced to facilitate Live Migrations (only). Dave did a live demo which worked well: he set up a ping -t to the VM for the duration of the Live Migrations, which proved that it worked.

Core Parking
More of a W2k8 feature than Hyper-V per se. Essentially W2k8 can park unneeded CPU cores to reduce power consumption, waking them when they're needed again.

Second-Level Address Translation (SLAT)
SLAT essentially improves VM memory access. It's hardware based. "On Intel-based processors, this is called Extended Page Tables (EPT), and on AMD-based processors, it is called Nested Page Tables (NPT)" Source: What's New in Hyper-V in Windows Server 2008 R2

Dave also touched on booting from VHDs which is pretty cool.

One thing I like about Hyper-V is that VMs are treated as cluster resources. Anyone familiar with MSCS will get their heads around VMs running as a cluster resource in no time.

One point I want to pick Dave up on is his statement that Microsoft "gives" you HA without an additional licence cost, whereas with VMware you have to pay for it. Well, that's not entirely true - HA requires Windows Server Enterprise Edition - which costs more than Standard Edition. In my book, that's not much different than VMware's licensing model i.e. you pay more for HA.

IMHO
The new features in Hyper-V are welcome and Hyper-V is certainly worth considering. However, VMware has the edge over Hyper-V e.g. you don't need a LUN per VM, and vSphere will provide fault tolerance as a feature. Microsoft are catching up on VMware, but they're not quite there yet.

B

The Parameter Is Incorrect

When SysAdmins are troubleshooting the last thing they need are unhelpful error messages. I had one of those situations today. I was copying a 13GB file to an external drive on a Windows Server 2003 machine. On starting the copy I got the following error message:

Cannot Copy [filename] The Parameter is Incorrect.

Marvellous. Thankfully I came across this one before and remembered that it occurs when you try to copy a file >4GB onto a volume formatted with FAT32 i.e. the maximum file size on a FAT32 volume is approximately 4GB.

For curiosity's sake, this evening I fired up a Windows Server 2008 virtual machine on VMware Workstation, created an 8GB FAT32 volume and tried to copy a 5GB file to it. Thankfully the error message in Windows Server 2008 is much more informative i.e. "The file [filename] is too large for the destination file system.":



As for the original problem, a quick convert f: /fs:ntfs solved the problem.

B

New Job

I'm starting a new job with Hosting365 as a Professional Services Engineer working primarily with Microsoft server technologies on VMware Virtual Infrastructure. I'm joining a number of talented engineers with skills including but not limited to networks, Linux, storage and virtualisation. This enables us to design, build and manage open or closed source systems - anything from simple single server solutions to HA multi-tier systems with firewalls, load balancers, web servers, application servers, database servers, clustered servers and high performance storage according to customer requirements.

We're busy, and there's plenty of work for me to get stuck into right away. From a Microsoft perspective, the role is certainly more TechNet than MSDN (as Dave Northey might put it), but I'll certainly have occasion to delve into MSDN from time to time e.g. IIS Logging. In terms of MOF, I'll be working across all three phases i.e. Plan, Deliver and Operate. I also hope to improve my non-Microsoft skills over time e.g. Linux and Cisco.

I'm delighted to be joining the team.

B

PS I'd like to wish my predecessor, Mark Dunne, best of luck in his new job

RTÉ Player

RTÉ have launched their player service. Programmes are topped with a short ad, which I've no problem with. (I haven't watched a full programme yet, so I don't know if there are ads during the programme as well.) The really cool thing is that it's Flash based, so nothing to download (as long as you have the Flash player installed). Cool! Check it out here.

B

Hell Boy aka Paul O'Connell

I'm a fan of Paul O'Connell's, and have always reckoned he's really Hell Boy. (That's a compliment Paul - please don't eat me for breakfast!) Ron Perlman will definitely play him when they film his life story.

I'm probably the last one in the world to have received this email, but it made me laugh out loud, so I'm reproducing it here...

Paul O'Connell can assemble the entire contents of an IKEA store without instructions or an allen key.

When Paul O'Connell was a child, he made his mother finish his vegetables.

Every mathematical inequality officially ends with < Paul O'Connell.

If you wake up in the morning, its because Paul O'Connell spared your life.

Paul O'Connell won the Tour de France on a unicycle to prove to Lance Armstrong it wasnt a big deal. He thinks yellow wristbands are gay.

What colour is Paul O'Connells blood? Trick question. Paul O'Connell does not bleed.

Paul O'Connell once forgot where he put his keys. He then spent the next half-hour torturing himself until he gave up the location of the keys.

When Paul stares into the sun, the sun flinches.

If it tastes like chicken, looks like chicken, and feels like chicken, butPaul O'Connell says its beef. Then its beef.

James Bond has a licence to kill. Paul O'Connell don't need no licence.

Paul O'Connell's calendar goes straight from March 31st to April 2nd - no one fools Paul O'Connell.

1.6 billion Chinese are angry with Paul O'Connell. Sounds like a fair fight.

Paul O'Connell played Russian Roulette with a fully loaded gun and won.

Paul O'Connell once won a game of Connect 4 in 3 moves.

You can lead a horse to water. Paul O'Connell can make him drink.

Paul O'Connell once ate an entire bottle of sleeping pills. They made him blink.

When you open a can of whoop-ass, Paul O'Connell jumps out.

Killing Paul O'Connell doesnt make him dead. It just makes him angry.

Paul O'Connell does the Sunday New York Times Crossword Puzzle in ink.

When Google cant find something, it asks Paul O'Connell for help.

There is the right way, the wrong way, and the Paul O'Connell way. It's basically the right way, but faster and with deaths.

When Paul O'Connell watches a pot, it boils immediately.

Paul O'Connell once killed a group of Samurai Warriors with only a ball point pen. This lead to the phrase "The pen is mightier than the sword".

Paul O'Connell has been to Mars. That's why there's no life on Mars.

Before the boogie man goes to sleep, he checks his closet for Paul O'Connell.

Classic!

B

Edit - Here's another couple:

Superman wears Paul O'Connell's pyjamas.

Paul O’Connell doesn’t do push-ups, he pushes the world down.

- Courtesy of Gerry Thornley's article in The Irish Times

NAT Woes

I had a fairly simple job to do today - set up some NATing on a new ZyWall firewall. I've done similar in the past, but it beat me this time. Everything looked OK, but the firewall failed to play ball. All I wanted was to NAT one (for now) public IP from the WAN to the DMZ. I called the ISP and they confirmed that everything was OK on their end. So I upgraded the firmware - still no joy. I called local ZyWall support. They talked me through what to do, which was what I had done (with one exception - I had done something extra which wasn't required but wouldn't cause a problem) and gave me a couple of workarounds. The workarounds failed drastically - seemed like the ZyWall got its knickers in a twist. So, factory reset and build from scratch (yes, I had a backup of the config, but I was advised to build it from scratch in case there was a problem with the config). Still no joy .

So, I put back in the old solution (always have a backup plan), tested it and took the ZyWall away with me for further analysis. Next step is verification that I wasn't having finger trouble. Thereafter, escalation with ZyWall and perhaps hooking up a sniffer to see what's going on. Unfortunately it's just one of those two hour jobs which is going to take something more like two days!

I'll post an update when I get to the bottom of it. Grrrr.

B

VI to vSphere

VMware launched vSphere 4 today with great fanfare and lots of smiley people in blue shirts. There were no major surprises for anyone who's been following VMware closely for the past while. Big emphasis on (improved) cost reduction through (vSphere's) virtualisation technology - which is no surprise given the current economic environment.

The big push that I got from the launch event was "100% Virtualisation" i.e. now VMware claim you can virtualise every workload including your (demanding) DBMSs and OLTP applications. VMs can now have 8 vCPUs with 256GB RAM and can yield 30Gb/s and 300,000+ IOPS. That's pretty good, and may even suit analysis applications that need to run just such machines for hours (or even days) to process TBs of data - think large telcos mining their data. (As I'm on the subject, if you want to learn more on data mining, here's a good introduction to data mining that was given at a seminar I attended in Dublin some time ago.)

Other features in vSphere include zero down time with fault tolerance i.e. a VM runs on one ESX host with a shadow copy "lock stepped" (VMware's words - not mine) on another host. If the primary host dies, the VM fails over instantaneously to the other host. They demo'd this with a BES Server. It's been around for ages though - I viewed a more technical demo months ago. Check it out if you want more detail on VMware's (then pre-release) fault tolerance. It's great to see this feature finally making it to an end product.

Another feature is "thin provisioning" - and they did a Storage vMotion demo where a VM was migrated (live) from one datastore without thin provisioning to another datastore with thin provisioning. This reduced the size of the VM from 4GB to 3GB - pretty good, but it'll be interesting to see what real world yields will be. It's the like of these features that (still) gives VMware the edge over the competition.

If you want to see the complete hour and a half webcast, it should be available here soon.

B

Oracle Buys Sun

I was as surprised as anyone to hear that Oracle bought Sun after the IBM talks collapsed. This gives Oracle the ability to sell systems from the application layer right down through the OS to the hardware. CRM / ERP / DBMS in a box anyone?

But who knows, maybe this model won't appear, or if it does appear, maybe it won't work. Look at Salesforce.com and the number of servers they sell.
B

Right != Legal...or is it?

Unless you've been living under a rock over the weekend, you'll no doubt have read that Carl Lundström, Fredrik Neij, Peter Sunde and Gottfrid Svartholm Warg (the guys behind The Pirate Bay) were found guilty "of being accessories to breaching copyright laws". It looks like they're being made an example of. They're appealing the verdict. No surprise there. What might be surprising is that hundreds of supporters protested in Stockholm over the weekend. I'm no lawyer, so I can't speak authoritatively on the case. Nevertheless, I could see the appeal upholding the original verdict as equally as I can see it being overturned.

A Pirate Bay blog entry states that "what we do is right" - an interesting choice of words. Legal? That's a matter for the courts to decide.

B

The Early Worm Caught The Bird

As you may have heard, Twitter was hit over the Easter weekend by a worm. This wasn't some generic worm that just happened to hit Twitter - it was a targeted attack. Some technical detail is here. While the fallout appears to have been relatively benign, it certainly caused the guys at Twitter some headaches. It appears to have been a clickjacking attack, one of the vulnerabilities that Robert Hansen specifically mentioned at NITES this year.

Needless to say, the Wintel mantra of running up to date antivirus software, patching systems and running properly configured firewalls is completely useless in this scenario. Twitter's developers will probably be sent on a security refresher course pretty soon.

The "victims" of this attack are lucky that it wasn't particularly malicious. That might not be the case next time.

No Sun in the Big Blue

Well, it looks like IBM aren't buying Sun after all, and Sun's lead chip designer has resigned. Whether this is the death knell for the SPARC platform remains to be seen.

One thing's for sure, there'll be no Deep Purple after all.

B

Conficker Stops Big Ben

Conficker stops Big Ben, if you believe The Washington Post story. Seriously though, there hasn't been any noticeable payload - yet. But don't forget, Conficker will still be around once this day is over. Londoners - keep an eye on Big Ben, just in case.

B

Happy April's Fools Day

Well, as you probably know, today is the day that the Conficker virus changes its mode of operation and starts checking with different servers on the Internet to see if there is any code for it to download. (If you want the full details have a look at this paper.) From what I've seen to date, news reports have been balanced on the whole, apart from the odd tabloid. So far, it would appear that nothing major has happened.

We'll wait and see. Those of us who thought we weren't being foolish might be made fools of yet.

B

Installation vs Implementation

I attended one of Joe Peppard's IT Management Masterclasses in the ICS last week. This one was entitled "Designed to Fail: Why IT Projects Underachieve And What To Do About It". One of the reasons projects fail to deliver what they promised is that they are over-sold to get them approved in the first place. Unsurprisingly, Joe did touch on this. However, for me the most interesting slide of the day was the benefits dependency network. Not new, but the first time I've seen it applied well to IT projects - with examples.

We know that IT alone cannot deliver results. Yes, you can install an ERP, CRM, ecommerce portal, collaboration, content management, or [insert name here] system. But if it is not used by the business people in a way that benefits them and the organisation, then the system has not been properly implemented and the project is a failure. In such a scenario, it's likely that the IT techies will say that the system (hardware and software) has been delivered, and it's not their fault that the business aren't using it.

I'm cautious when approached by a business manager seeking a magic bullet system to solve his or her problem(s). I start off by saying that it sounds like a good idea (if I genuinely think it is), explain that (typically) the hardware and software installation can be achieved reasonably easily, so we'd tease out the details of the implementation. For some, this is the first time they realise that the implementation will involve a lot more than hardware and software installation (not to mention configuration).

Joe's presentation can help illustrate the difference between installation and implementation. IT/IS - the installation - is on the left, with the investment objectives on the right, and the business changes - a key part of the implementation - in the middle. Have a look at it here. The pertinent slides start on page 22, work through the model and a couple of examples, and finish with a summary on page 39.

I find it illustrates very simply and vividly the difference between installation and implementation. Worth a look.

B

What are OLAP Cubes Anyway?

I got talking about Business Intelligence and OLAP cubes with a Business Analyst and an IT Manager recently. I explained to them in simple terms what OLAP cubes were all about.

But rather than re-inventing the wheel here, if you want to learn about business intelligence and OLAP cubes in particular, have a read of this relatively short and well written article on the subject.

B

Two Brians, Three Billion and BI

Brian Cowen and Brian Lenihan are making headlines for all the wrong reasons. Cowen, because of the over-reaction to the nude portraits story. Judging by public opinion, it would appear that the original story would have received less coverage if RTÉ weren't asked to apologise, and if the Gardaí didn't question Will Hanafin of Today FM.

The government should and do have more to worry about than a couple of paintings. The €3 billion fall in tax revenue - for example. The worst part of that story is that the incorrect figures were only projected in January.

One aspect of Business Intelligence software is predictive analytics which can be used to make forecasts based on historical data. Perhaps the Government could use some.

But to be fair, predictive analytics can only be as good as the data set available for analysis. My guess is that any data set available to the government is of no use to them. The data sets don't contain the patterns we're seeing today and so can't be used to make predictions to any realistic degree of accuracy. We're in unchartered water. One thing seems to be certain though: whatever figures the government come up with, the reality will be worse. At least for the foreseeable future.

B

Deep Purple

Fuel is almost constantly being added to the story that IBM is in talks to buy Sun, one of the latest being the Intel CEO weighing in on the IBM-Sun Talks. If it happens, some will no doubt be sad to see Sun go, and having been involved in the purchase and implementation of a small number of Sun boxes over the years, I've a bit of grá for the company myself.

But business is business. Sun suffered after the dot com bust, not least due to the shift to Linux on generic x86 hardware, which was cheaper than buying a SPARC based system to run Solaris - which was all the rage when there was plenty of VC cash being sloshed around and spent recklessly. Sun responded with OpenSolaris - but too late.

It's no surprise to read Jonathan Schwartz (Sun's CEO) blogging about their market potential, open source and their new cloud initiative in his recent post. Given IBM's relationship with open source and cloud computing, it'll be interesting to see what they do with Sun if they make the purchase.

Assuming the deal goes through, they'll have to have a project called Deep Purple. It's too good a naming opportunity to be missed.

B

Wales vs Ireland and Super Tuesday

Well, we won, but only just. Nevertheless, a win is a win, and we'll take it gladly. I expect the euphoria will die down fairly quickly, especially as "Super Tuesday" looms.

I sincerely hope that this "mini" budget will have a greater positive impact than the last "real" budget: it needs to. We need decisiveness from the government and a budget that they can stick to. Implementing budget changes and then backtracking on them is much worse than not making the changes in the first place - for so many reasons. This "mini" budget needs to be a first step along the path to economic recovery.

A win is a win? In sport, yes. But in this case, we need a decisive victory - not just a win.

B

Wales vs The Future of Ireland

Having heard the vox pops in the media during the week, apparently I was oblivious to the fact that the future of Ireland is in the hands of Dr. Declan Kidney and his team of celtic warriors today in their game against The Joneses in The Millennium Stadium. If we win¹, it's economic recovery, good summer weather and cheer all round. If we lose, it's donkeys instead of cars, pestilence, famine and emigrant boats (although where they'll be headed is an entirely different question).

My prediction? If ROG holds it together, (and I thnk he will, now that he's over his personal psychological barrier) - we'll win it - but only just. And the future of Ireland? Ahh sure, begorra - it'll be grand. Now, where's me leprechaun....

B

[1] "we" - even though most of us aren't actually playing

Aircraft Overhaul Solutions Ireland vs SR Technics

As you may have heard or read in the media, a company called Aircraft Overhaul Solutions Ireland Ltd. (AOS) was formed earlier this month with the intention of purchasing plant from SR Technics who are pulling out of Dublin. As an ex-Avionics Engineer who worked in Aer Lingus Maintenance and Engineering (M&E) and lived the ugly transition to TEAM Aer Lingus, I have a particular grá for what was Aer Lingus M&E. It's a shame that a large employer who essentially bought the assets of what was once a semi-state company is now pulling out leaving over 1,000 redundancies in its wake.

I sincerely wish Eamon Russell, Sean et. al. in AOS the very best of luck with their plans to buy the Dublin assets of SR Technics and establish as a viable aircraft maintenance company. Whether SR Technics will be willing to sell their assets to a start-up competitor is another issue.

No matter what happens, I wish all my ex-colleagues the best of luck for the future.

B

FreeNAS, Openfiler, RocketDivision and Microsoft's iSCSI initiator

I had occasion to set up a two node (Active/Passive) cluster using MSCS on W2k3 recently in a lab environment. I could have used ESX to host the nodes, but I needed it to be more portable so I set it up on VirtualPC instead - accepting the limitations that that imposed e.g. number of host CPUs, number of virtual networks.

Most cluster implementations need shared storage, and shared storage isn't cheap - not cheap enough for my lab anyway! So I had a poke around the various free offerings and opted for RocketDivision's StarWind iSCSI target software. StarWind is easy enough to get up and running, but I had problems with their iSCSI initiator so I used Microsoft's own iSCSI initiator instead (for W2k3 - it's OOB in W2k8). This solution works fine and I recommend it if you need to set up MSCS in a lab.

I also needed an NFSv3 NAS when prepping for the VCP, so I tried out Openfiler on an ESX VM. Openfiler installed OK, but I couldn't get the ESX host to connect to the NAS I configured. I didn't have time to troubleshoot the errors generated, so I fired up FreeNAS instead. FreeNAS installed fine and ESX connected to the NAS I configured first time. I found this document on FreeNAS Datastore Configuration useful. It's a bit dated, but you can still follow it on the current version of FreeNAS.

So, to sum up RocketDivision StarWind and Microsoft's iSCSI initiator for MSCS and FreeNAS for a NAS for ESX. Worked for me.

B

PS I could have used Windows Services for UNIX to provide me with NFS functionality, but I figured it was a good opportunity to step outside the Microsoft product suite

RSnake, Newspapers and Programming Errors

The CWE / SANS Top 25 Most Dangerous Programming Errors has been published. It reminded me of something I read recently along the lines of "show me a newspaper with no typos and I'll show you software with no bugs". Programmers are human, errors occur.

Robert "RSnake" Hansen touched on some of those top errors in his presentation at NITES recently. Having had the pleasure of chatting with Robert on his "everything is insecure" stance, I'd actually re-write that quotation as: "show me a newspaper with no typos and I'll show you software that has no known security flaws". Errors are fixed. But hackers are human. They'll think of new ways of breaking software. Humans are inventive after all.

Software development - like anything - has risks. Managing the risks is what's important. Adopt a layered approach. If you have anything to do with software development and don't know what those risks are, educate yourself.

B

An Investigation of Malware Protection in Irish SMEs

I've (finally!) got around to making the dissertation I wrote for my Masters in 2004/5 publicly available. The title is (as you might have guessed) "An Investigation of Malware Protection in Irish SMEs".

If you're interested, you can access it here.

The origins of the dissertation are rooted in the fact that there was much research done on malware protection in large international companies, but little or no research related to Irish SMEs. The situation has changed somewhat these day with the availability ISSA / UCD Irish Cybercrime Surveys.

I discovered that Irish SMEs were being negatively affected by malware infections. Best practice malware defences were not being implemented in part due to practical limitations such as lack of human resources and lack of knowledge. I suspect little has changed.

B

SharePoint Document Library or File Share?

I had a conversation the other day on SharePoint Document Libraries. The issue discussed was whether SharePoint Document Libraries should be used to replace traditional file shares. We concluded that unless there is a compelling need for version control or workflow, then SharePoint is overkill e.g. it has a significant systems overhead compared to a traditional file share and it introduces limitations which may not be fully understood by users in advance of an implementation.

Someone with a hammer thinks everything is a nail. IMHO: Don't use SharePoint Document Libraries unless you need to.

B

VMware Certified Professional

Well, I sat and passed the VMware Certified Professional Exam (VCP VI3) last week. It was tougher than I expected - which is fine as it increases the value of the VCP in my own mind. The exam also asks questions on VMware Server, so be sure you know the differences between VMware Server and VI at a minimum before you take the exam. And be sure to know your ESX partitions as well.

If anyone is thinking of taking the exam, you definitely need to get hands on experience with VMware Virtual Infrastructure (VI). There's a few ways to do this e.g. a) in your place of employment b) on your own physical kit or c) using ESX / VI on VMware Workstation.

a) In your place of employment
Poke around, have a detailed look at the different elements presented to you on screen. See what you can configure and where. Most importantly, if you're poking around a production environment, don't break anything ('Cancel' is useful).

b) On your own physical kit
Contrary to what some may think, ESX can and does run on desktop hardware. For starters, try Ultimate ESX Whitebox. That's where I started.
NB Be aware of potential gotchas e.g. I could boot ESX from the install CD on my kit, but couldn't install it. The IDE CD/DVD-ROM drive turned out to be the root cause of my problem. I swapped it for a SATA drive and all was well.

c) On VMware Workstation
Yes, you can run ESX on VMware Workstation. But it ain't the easiest route to go. For starters, look at 'VI in a box'

I opted for b) and c). It allowed me to do whatever I wanted without putting a production environment at risk. It worked well for me: I passed the exam. Mission accomplished.

B

PS Google is your friend, as is the VMware Community.