Infrastructure Optimization

Just listened to an MP3, er, uh boss - I was working on the word doc you wanted me to update and was multi-tasking. Ya, that’s it. I was working and learning at the same time.

Technet Radio has a soup-to-nuts coverage of SoftGrid and AppVirt and it’s best practice application for where it fits best for what kinds of apps sequence best and which apps should be core to the OS. If you didn’t know SoftGrid as a name is used to differentiate between 4.2 and lower while AppVirt is used for 4.5 and higher.

“How Microsoft IT Approached the Deployment of Microsoft Application Virtualization v4.5″ covers Microsoft’s directive internally to virtualize just about everything that isn’t nailed down or doesn’t meet best practice – they are “eating their own dog food.” The MP3 covered applications and processes that can’t be sequenced, talked about 32 bit SoftGrid and the path to 64 bit version of AppVirt as well as Microsoft’s path to not install the SoftGrid streaming server and to fully embrace SCCM distribution of AppVirt enabled packages.

Worth a listen to - while you’re multi-tasking, of course.

Last week we had the pleasure of spending time with Shanen Boettcher, General Manager of Windows Product Management for the enterprise at the Redmond stop of his week-long press tour.. It was great to see first hand how much has MDOP plays a strategic role in the Microsoft’s desktop stack…

1. He told the press that Microsoft has sold over 6.5 million licenses of MDOP to date, making it the fastest-selling volume licensing product in Microsoft history.
   –> A lot of these will be deployed in the next 12-months which is GREAT news for most of us
2. He also told that officially, Microsoft had completed its acquisition of Kidaro, an Israeli-based startup that allows management of virtual machines and many other virtualization features much-much user friendly. Furthermore the product will be included in the MDOP offering, with the name “Microsoft Enterprise Desktop Virtualization” . This is fantastic news as it increases the value of MDOP tremendously. We are very exited about seeing the product come to market in the early 2009.
3. We will make a special posting on the Kidaro technology, but to give you an idea:
   during the demo we saw a scenario in which IE6 launched inside a XP-Virtual PC (transparent to the user) based on a specific URL being typed on IE7 - Very useful in application compatability challenges –

Shanen’s full article can be found at: Windows Vista News Blog

Exciting times coming ahead! - Look forward to the rest of 2008 and 2009.

PS - I noticed that we got a quoted by Ina Fried on “Beyond Binary / CNET “ blog … She noted:

I am sure we will be exploring this theme in the near future… Stay tuned!

For the company, such personally owned laptops can save on support costs and serve as a retention tools for Generation Y-ers, said Lee Nicholls, global solutions director for IT consultant Getronics.

“They have a really high expectation of what they want to work with,” Nicholls said. “They want a degree of flexibility.”

In a recent survey done by Gartner of 260 enterprises, 90% of enterprises worldwide have remote workers, but 25% of those organizations don’t know exactly who those remote workers are. Again, according to the survey, the IT departments often have no idea who they’re providing remote access to. Are they executives, sales, engineering, etc. ? How do they primarily connect to the network? Are they teleworking full time or only a few days a week? Better yet, are they roaming nomads that connect from regional branch offices, or maybe from more ghastly places like the airport, the hotel, or the local coffee shop where open WI-FI runs amok.

Here are some more interesting numbers (from Nemertes Research) about what’s happening in the enterprise space as it relates to remote workers:

• 90% of employees work in locations other than headquarters.
• Between 40% and 70% of employees work in different locations from their supervisors.
• Number of “virtual workers” (individuals who work in offices that are geographically separated from their supervisors) has increased by 800% in the past 5 years.
• Companies continue to increase bandwidth in effort to resolve performance problems: 48% of companies plan to increase bandwidth by 100% to 500% annually!

The interesting take on all of this is that a good percentage of enterprises are aware of these issues, but are seriously grappling with the ramifications of an ever changing virtual workspace. Gone are the days where users rely on a single laptop or PC to remotely connect to the corporate network from their home. Has anybody noticed that your laptop, smartphone, PDA, MP3 player, digital camera, etc., has merged into a seamless functioning device where there is longer a distinction between the individual components themselves? And the changing trend in the remote worker virtual workspace has shifted from a mind set of only productivity and effectiveness in the workplace, to more of an emphasis on increasing staff effectiveness. The expectations for connectivity from a mobile workforce has become an anytime, anywhere, any device war zone and IT departments are searching for the solutions to fit this new paradigm.

With the so-called emergence of such solutions as Converged Communications and\or Unified Communications, the big boys like Microsoft, Cisco, Nortel, and the likes are touting such solutions that bring together a one-stop shopping approach to unifying connectivity issues that IT shops are being faced with during this virtual workspace explosion. I think these technologies are fascinating, but does one size fit all?

Needless to say and as I mentioned earlier, one of the biggest hurdles that enterprises face with remote workers is knowing who is connected “How, When, & Why”. For example, than new wam bam Windows Mobile Smartphone PDA Laptop gizmo that the sales guy just got. It has WI-FI! He can sync with the corporate email system and check his mail! He can even VPN into the corporate network. But, what about security, asset, and patch management on this device? These things are probably well-managed on his laptop, but chances are the IT department has no way of effectively enforcing security policies on this device.

Fortunately, I think the big guys are starting to understand this and it will be interesting to see what the future will hold. For example, in a recent article done by counterpart (Jon Connery), Microsoft has introduced SCMDM 2008 (System Center Mobile Device Manager 200 for Windows Mobile devices - that has great promise in filling in the security gap that is desperately needed for these devices.

So stay tuned, as it will be interesting to see how these technologies will impact the remote worker explosion.

Now on Microsoft Connect, the beta of the excellent new SCVMM 2008. The sign up for the beta is easy and installation is simple and fast on Server 2008 (which I am way digging these days). What’s the coolest thing about SCVMM 2008? Probably the ability to manage non-Microsoft hypervisors (e.g. ESX.)

Top 10 Features of SCVMM 2008

1. Designed for virtual machines running on Windows Server® 2008 and Microsoft Hyper-V™ Server
   Hyper-V is the next-generation hypervisor-based virtualization platform from Microsoft which is designed to offer high performance, enhanced security, high availability, scalability and many other improvements. VMM is designed to take full advantage of these foundational benefits through a powerful yet easy-to-use console which streamlines many of the tasks necessary to manage virtualized infrastructure. Even better, administrators can manage their traditional physical servers right alongside their virtual resources through one unified console.
2. Support for Microsoft Virtual Server and VMware ESX
   With this release, VMM now manages VMware ESX virtualized infrastructure in conjunction with the Virtual Center product. Now administrators running multiple virtualization platforms can rely on one tool to manage virtually everything. With its compatibility with VMware VI3 (through Virtual Center), VMM now supports features such as VMotion and can also provide VMM-specific features like Intelligent Placement to VMware servers.
3. Performance and Resource Optimization (PRO)
   Performance and Resource Optimization (PRO) enables the dynamic management of virtual resources though Management Packs that are PRO enabled. Utilizing the deep monitoring capabilities of System Center Operations Manager 2007, PRO enables administrators to establish remedial actions for VMM to execute if poor performance or pending hardware failures are identified in hardware, operating systems or applications. As an open and extensible platform, PRO encourages partners to design custom management packs that promote compatibility of their products and solutions with PRO’s powerful management capabilities.
4. Maximize datacenter resources through consolidation
   A typical physical server in the datacenter operates at only 5 to 15 percent CPU capacity. VMM can assess and then consolidate suitable server workloads onto virtual machine host infrastructure thus freeing up physical resources for repurposing or hardware retirement. Through physical server consolidation, continued datacenter growth is less constrained by space, electrical and cooling requirements.
5. Machine conversions are a snap!
   Converting a physical machine to a virtual one can be a daunting undertaking – slow, problematic and typically requiring you to halt the physical server. But thanks to the enhanced P2V conversion in VMM, P2V conversions will become routine. Similarly, VMM also provides a straightforward wizard that can convert VMware virtual machines to VHDs through an easy and speedy Virtual-to-Virtual (V2V) transfer process.
6. Quick provisioning of new machines
   In response for new server requests, a truly agile IT Department delivers new servers to its business clients anywhere in the network infrastructure with a very quick turnaround. VMM enables this agility by providing IT administrators with the ability to deploy virtual machines in a fraction of the time it would take to deploy a physical server. Through one console, VMM allows administrators to manage and monitor virtual machines and hosts to ensure they are meeting the needs of the corresponding business groups.
7. Intelligent Placement minimizes virtual machine guesswork in deployment
   VMM does extensive data analysis of a number of factors before recommending which physical server should host a given virtual workload. This is especially critical when administrators are determining how to place several virtual workloads on the same host machine. With access to historical data — provided by Operations Manager 2007 – the Intelligent Placement process is able to factor in past performance characteristics to ensure the best possible match between the virtual machine and its host hardware.
8. Delegated virtual machine management for Development and Test
   Virtual infrastructures are commonly used in Test and Development environments, where there is constant provisioning and tear down of virtual machines for testing purposes. This latest version of VMM features a thoroughly reworked and improved self-service web portal, through which administrators can delegate this provisioning role to authorized users while maintaining precise control over the management of virtual machines.
9. The library helps keep virtual machine components organized
   To keep a data center’s virtual house in order, VMM provides a centralized library to store various virtual machine “building blocks”– off-line machines and other virtualization components. With the library’s easy-to-use, structured format, IT administrators can quickly find and reuse specific components thus remaining highly productive and responsive to new server requests and modifications.
10. Windows PowerShell™ provides rich management and scripting environment
    The entire VMM application is built on the command line and scripting environment, Windows PowerShell. This version of VMM adds additional PowerShell commandlets and “view script” controls which allow administrators to exploit customizing or automating operations at an unprecedented level.

Well, the poll numbers are in and it doesn’t look good. 100% of respondents either have a PDA or really, really want one*. And it’s the Wild West out there with all of the different devices, the lack of control and every one of them wants into your network. Business factors demand choice and IT factors drive the need for security and supportability. Is there a compromise here?

Maybe, it’s calledSystem Center Mobile Device Manager 2008 (SCMDM 200 and it gives you the following abilities if your devices are minimally Windows Mobile 6.1:

• Over 130 group policy settings specific to mobile devices.
• The ability to inventory (and view the inventory data in a single application console) every mobile device including their model, make and even which software updates they have received.
• Deploy both software and firmware using standard WSUS 3.0.
• Control which applications are allowed to run on the devices managed by SCMDM.
• Of course you have the favorites: Wipe-and-load, force PIN, etc.

If you want to provide even more security, you can couple this technology with Internet Security and Acceleration 2006 Firewall and Intelligent Application Gateway 2007. I’ll provide more information on these products in a follow up posting soon so check back.

For more information regarding SCMDM 2008, please see http://www.microsoft.com/windowsmobile/enterprise/security.mspx

* Margin of error + or – 3%

Cheers!

The fine folks at bink.nu have pointed out that the downloads for Windows XP SP 3 are finally available. Ladies and Gentlemen, start your imagers!

http://bink.nu/news/windows-xp-service-pack-3-officially-avaiable-to-all.aspx

Microsoft Server 2008 Core could be thought of ‘server lite’, but that wouldn’t be the whole story. Sure Core doesn’t have the GUI interface we’ve all come to rely on with Windows, but even though it’s all command line interface, it still gets the job done for those servers that do specific tasks like network connectivity and file & print services.

When you slip the CD in for the install, you need to work on a clean machine as there is no upgrade path from another OS to Core 2008. The recommended way to install Core is unattended with command line parameters or with a script. As always, don’t forget to read the manual first

Core installs basic components only – nothing else. There is no GUI, just the command line interface (PowerShell). Core is not a development platform, but is meant for supported server functions and their respective tools. This can be useful with some older hardware as it uses less RAM and can run on less powerful CPU’s. This allows some shops time to transition to Server 2008 and not totally abandon some servers that may not be totally obsolete yet. Core allows you to dedicate those servers to specific functions only. Since it can run with as little as 256Mb of RAM, it makes me wonder just how much overhead the GUI uses. It’s not any faster, just smaller. Core still uses the same improved networking stack as the full version of Server 2008 – read that less overhead and better through-put. For basic networking functions like DHCP, DNS, IIS, domain controller, file & print services, it’s great. You still need the full-blown version for things like advanced server applications (e.g. HyperV), exchange 2007, and SQL Server 2008 as these will not run on Core.

A Server Core installation of Windows Server 2008 supports the following optional features: Failover Clustering, Network Load Balancing, Subsystem for UNIX-based applications, Backup, Multipath IO, Removable Storage Management, BitLocker Drive Encryption, Simple Network Management Protocol (SNMP), Windows Internet Naming Service (WINS), Telnet client, and Quality of Service. Some of these optional features may require appropriate hardware to allow them to function. Those requiring additional hardware are failover clustering, multipath IO, network load balancing, removable storage, and BitLocker drive encryption.

The primary benefits of Core are reduced maintenance, reduced attack service, reduced management, and less disk space required. Reduced OS = reduced maintenance. Only what’s needed for that machine is installed, so that’s all there is to maintain. Fewer applications are running on the Core server so there is a reduced attack surface and also reduced maintenance. Core needs only about 1 Gb for the install and about 2 Gb to operate. This is far less than a full installation.

Scripting is useful for regular maintenance of the server. There is a Software Development Kit (SDK) available for Server 2008. Some API’s within can be used in a scripting environment to customize maintenance of the Core server. With any such development, testing is a must to ensure all works as desired. Administrators can see GUI prompts from another connected full 2008 server or System Centre GUI’s. Administrators can also use the MS Management Console (MMC) snap-in from another server running Server 2008 by selecting the Core computer as a remote machine to manage. Additionally, the Core server can also be managed with the use of a Terminal Services remote desktop connection.

Core is primarily useful in situations where you need a remote server for users to connect through and use file & print services or other networking services. The Core server would then be managed through a central location.

To get a feel for the command line reference, click http://go.microsoft.com/fwlink/?LinkId=20331. To learn more about Core, click https://www.microsoft.com/windowsserver2008/en/us/core-infrastructure.aspx.

AppVirt Enthusiasts, rejoice! At MMS this year, they announced that RC1 of Microsoft Application Virtualization 4.5 will be made available via Microsoft Connect in June.

Microsoft’s “Virtualization in Banking Survey 2008,” conducted by independent, Washington, D.C.-based research firm KRC gives some insight into virtualization findings for US and UK banking institutions:

TMCnet had this to say about key finding from the survey:

• 53 percent of those implementing virtualization reported that it eases centralization of deployment and management of applications as well as producing cost savings
• 51 percent reported that virtualization makes it easier to respond to issues such as failures of applications or systems
• 46 percent felt that saving space made it easier to provide security and 34 percent ranked it as significant for driving technology
• 95 percent of current virtualization users have implemented it in regional or national headquarters; 53 percent in branch offices
• 82 percent of those deploying virtualization in branches were in community branches; 31 percent in showcase branches; 28 percent in co-located branches; and 13 percent in mobile branches.

Again from TMCnet:

“In today’s major retail bank, machine operating system virtualization is becoming a foundation for a dynamic and responsive data center. Application virtualization continues to change how banks manage line-of-business software applications.

Within the desktop, it is empowering workers by enables them to run multiple operating systems and presentation virtualization allows bank employees to seamlessly execute an application from a remote computer.”

Remove the percentages and brake this down to some key take-away’s and you’ll see:

• eases centralization and management of applications
• easier to respond to issues
• space saving
• easier to provide security

CNNMoney had this to say -

“The wide variety of virtualization reported in the survey may be a direct result of increasing market pressure on banks to reduce costs, innovate and manage IT resources more centrally. For today’s major retail bank, machine operating system virtualization is becoming a foundation for a dynamic and responsive data center; application virtualization is changing how banks manage line-of-business software applications; desktop virtualization is empowering workers by enabling them to run multiple operating systems on a single desktop; and presentation virtualization allows bank employees to seamlessly execute an application from a remote computer.”

Like the other IT sectors being asked to do more with less, the banking industry is finding they can save real money by virtualizing.

The folks over at TechNet have published a very clear, very concise guide to proper and rational OU design. If you are approaching an Active Directory project, do yourself a favor and read this advice. It’s getting hard-bookmarked on my end.

Designing OU Structures that Work by Ken St. Cyr