Wednesday 29 May 2013

Windows Azure – Client OS Policy Update and SMB IT

We have a lot going for us in the Hybrid Cloud/On-Premises solution set as we grow our product knowledge and develop solutions to blend the best of both worlds.

However, this is one announcement that really hits home for us in SMB:

image

There’s no guarantee that the above link will be functional at a later date so:

Dear Customer,

We recently published an updated support life cycle policy for Windows Azure Cloud Services for web and worker roles. This email outlines these new policies and the associated timelines for migration:

Guest OS 1.x deprecation (retirement deadline: June 1, 2014).

60 days auto-upgrade policy for Cloud Services using manual OS upgrade option for Guest OS version.

Retirement of Windows Azure SDK for Cloud Services versions 1.0, 1.1, 1.2, 1.3, 1.4, 1.5 effective June 1st 2014.

Changes to Guest OS families
The Guest OS 1.x family based on the Windows Server 2008 operating system is being retired. We are providing 12 months advance notice to you. The official retirement date for the Guest OS 1.x family is June 1, 2014. After that date, you’ll no longer be able to deploy new web and worker roles with family 1.x deployments, and your existing family 1.x deployments will be automatically moved to a supported Guest OS family.
Please plan to transition your Cloud Services deployments that use the Guest OS 1.x family to the following supported Guest OS families:

• Guest OS family 2.x (based on Windows Server 2008 R2)

• Guest OS family 3.x (based on Windows Server 2012—recommended)

Customers who are using the Guest OS 1.x family don’t need to redeploy their Cloud Services because an in-place upgrade from version 1.x to 3.x is supported in the Windows Azure SDK 2.0. If you don’t upgrade by the June 1, 2014, deadline, you’ll automatically be upgraded to a supported Guest OS family.
Changes to Guest OS version
On June 1, 2013, the new Guest OS Version support policy becomes effective. Starting June 1, you have 60 days to upgrade your Cloud Services deployments to the current or prior Guest OS version in each supported Guest OS family.
As soon as possible, please start the transition of your Cloud Services deployments to one of the following supported Guest OS versions:

• Guest OS family 2.x supported releases: 2.13 (Release 201210-01) and 2.14 (Release 201302-03)

• Guest OS family 3.x supported releases: 3.1 (Release 201210-01) and 3.2 (Release 201302-03—automatic upgrade is recommended)

The official retirement date for all previous Guest OS versions is August 1, 2013. Any Guest OS deployment that’s not running one of these supported Guest OS versions at that time will be automatically upgraded to the current Guest OS version.
Changes to Windows Azure SDK for Cloud Services
We’re also announcing the retirement of the Windows Azure SDK versions 1.0, 1.1, 1.2, 1.3, 1.4, and 1.5. The official retirement date for the above SDKs will be June 1, 2014. After that date, you’ll no longer be able to use these SDKs to author and deploy new Cloud Services (web and worker roles). Further, Customer’s Cloud Services authored & deployed using deprecated Windows Azure SDK will not be covered under Windows Azure Cloud Services SLA. Customer’s Cloud Service will not be covered under support contract as well.
Notifications
The OS and SDK retirement dates will be communicated to customers through an MSDN or RSS feed:
MSDN: Windows Azure Guest OS Releases and SDK Compatibility Matrix

RSS feed

To get more details, refer to the support life cycle policy.
Thank you,
Windows Azure Team

We run a lot of legacy applications at client sites. Accountants and lawyers have applications that just don’t play nice with more modern 64-bit operating systems.

What does the Azure Team mean by “in-place” upgrade anyway? As in upgrade that production VM operating system from Server 2008 to Server 2008 R2 or 2012 RTM via in-place?

We are most certainly not sure what is meant by this but we stopped in-place upgrades in the NT 4.0 and Server 2000 era for a reason.

We have an advantage, at least at this point until software vendors force everyone into their Cloud services, in that we can customize our IT Solutions for the client’s environment.

In this case, Windows Azure has a limitation in the solution set flexibility that we can provide. Plus, the situation with the drop of one OS means that the client would probably be forced into some sort of cost/support scenario for their Windows Azure hosted environments.

In a positive economic situation this may not be too much of a hurdle for an SMB to overcome.

However, if the economies of the world sour even further that monthly nut for Cloud services may put a real damper on the business’s ongoing monthly cash flow.

On-premises offers the SMB the assurance that their business can keep operating, even after pulling the MSP plug (hopefully they _own_ the licensing and equipment), for a year or two when things are tight.

And, that on-premises solution set can be paid for while the cash is there. :)

And, BTW, note how Windows Azure gets around the actual “Windows Server” product life cycle by creating their own Azure version 1, 2, 3, etc?

 

image

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Tuesday 28 May 2013

Intel Server Configurator Tool – Excellent Rework

We edited the previous post with this content, but here it is:

image

The Configurator now has a similar grid to its pre-Silverlight days where we now see a simple grid with product features and an actual picture of the product.

This is a _huge_ step in the right direction for us!

Oh, the the linked documentation directly below the product is HUGE! Product research steps just took a huge step forward in efficiency.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Intel Server Configurator Tool – Registration Required

We use the Intel Server Configurator Tool _a lot_ for our on-premises Intel Server Systems configurations.

So, we were a little more than surprised to see the following this morning:

image

We clicked the “Not Registered” link as our Intel Reseller username and password did not work and finally ended up here:

image

Okay, so registration is required. What could this mean? Well, since the tool has been open to the public for many years now it is hard to say at this point.

But, one thing is pretty clear: Intel wants to know a bit more about the folks using the tool.

EDIT: Meh ... hit SEND too quickly. :S

For those of us that have used this tool for a long time we will get a pleasant surprise once we click into the wizard:

image

Instead of a hard-to-read text based description of each product line we can finally see a nice grid with pictures of each product. This is how the Configurator used to look before Silverlight took over.

This is definitely a step in the right direction! :D

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 23 May 2013

System Builder: Replacing that OEM COA

For those of us that are OEM System Builders we can request a replacement COA label if the original one was damaged beyond recognition or the case it was affixed to needed to be replaced.

We just replaced a case for a client that has an integrated power supply. So, we needed to apply for a replacement COA.

When we did so the result was:

image

So, we sent an e-mail off to the address with all of the relevant information. Hopefully we get word back.

In this case the Windows 7 Ultimate x64 OEM software package was purchased through legitimate distribution channels here in Canada. And we are the system builders. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Wednesday 22 May 2013

Capacity Planner for Hyper-V Replica

Found on Microsoft's Download site:

We head on over and download both the executable as well as the Word document that accompanies it.

image

Then on to:

image

And finally:

image

Ooops. We are looking to assess a Hyper-V Replica that is set up and online already!

Well, like any good IT Professional the next step is to actually read that manual! ;)

image

Based on the FAQ later in the document we will need to run this tool against some VMs hosted on Server 2012.

So, the next step for us will be to run some tests against the required Hyper-V environment to get an idea of what the tool will be reporting.

More to come on that . . .

The link for this little tool comes to us via Susan Bradley the SBS Diva.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Tuesday 21 May 2013

Repeat After Me: DHCP and DNS Belong on a DC

When configuring any network one needs to have an understanding of just how DNS works.

If DNS is not set up correctly there are so many things that break it is not funny.

Unlike mail routing (MX records) that offer a priority system for directing mail to the final destination where the system compensates for an offline mail server DNS operates in a round robin fashion.

So, if DHCP is set up on a router and delivers the following IPs for the client’s DNS queries:

  • 192.168.99.5 (local DC)
  • 192.168.99.1 (router)
  • 8.8.8.8 (Google DNS server)

Guess how many times the client’s on-premises resource DNS queries, in general, will fail.

If you guessed “67%” then you would be right.

It seems that folks are missing the reason for “Domain” in “Domain Naming System” or DNS for short.

The primary excuse we’ve heard so far to set the above DNS server IP settings on clients and even Remote Desktop Services servers and other servers is:

  • I want my clients to be able to browse the Internet if the DC and DNS goes offline.

There is, however, a fatal flaw in that line of reason . . . the missing “Domain” in DNS.

Or, to be blunt: A lack of understanding how DNS works on-premises and on the Internet and why the two are separate from each other.

Let’s have a look at this very crude drawing:

image

The left hand box is the on-premises Domain network. On that network MYDC is authoritative for that domain. Everything inside the box boundary for the network belongs to that DC and its on-premises DNS setup.

MYDC is the Start of Authority (SOA) for that domain (DOMAIN.LOCAL).

Being that our MYDC has the SOA means that no other DNS server _anywhere on the planet_ will be an authority for that domain. At least, for _that_ particular domain name in that particular location.

Not to mention the Top Level Domain (TLD) .LOCAL is not to be found anywhere on the Internet either.

What that means is that any client that queries DNS where MYSQL is will get the correct IP address from the DC that hosts the on-premises _domain’s_ DNS because that server is _authoritative_ for that domain.

Now, what happens on the client if they query DNS for MYSQL.DOMAIN.LOCAL and Google/OpenDNS server IPs are on the client’s DNS “where to query” server list and they respond?

That query goes OUTSIDE of the domain network to Google or OpenDNS and the response back is, “I have no clue who, what, or where the chicken DOMAIN.LOCAL is. Check ROOT SERVERS.” And of course, they answer same.

So, we have 67% of our on-premises queries failing DNS resolution.

Let’s think about that for a moment.

. . .

67% of our DNS queries are FAILING.

That means poor network performance, network print problems, LoBs that depend on database/SQL connections losing their connections, improper RDP routing, and so much more.

The _proper_ way to configure a domain’s DNS is as follows:

  • On the only DC on the network
    • AD and DNS are properly integrated
    • DHCP on the server
      • Name Protection Set (Ticks on 2003):
      • image
      • Admin credentials set to update DNS with IP:image
  • The DC NIC properties:
    • IP: 192.168.33.5
    • SN: 255.255.255.0
    • GW: 192.168.33.1
    • DNS0: 192.168.33.5 (SELF ONLY)
      • AD integrated DNS takes care of delivering IPs for other DC with DNS on the network. There is NO reason to put any other IP in DNS1.
  • DHCP configuration:
    • Scope Options:
      • 003 Router: 192.168.33.1
      • 006 DNS Servers: 192.168.33.5 (and other AD integrated DC/DNS server IPs)
      • 015 DNS Domain Name: DOMAIN.LOCAL
    • That’s it. Google/OpenDNS server IPs DO NOT belong here.
  • DNS Server service
    • Forwarders Tab
      • OpenDNS IPs or ISP’s DNS server IPs (at least two).

DHCP belongs on the server. Period. Full-stop.

If DHCP is on the router with DNS pointers to Google/OpenDNS or ISP DNS servers served to the on-premises DHCP clients then changes need to be made to put DHCP back where it belongs. . . on the DC.

If there is a concern about the only DC going down and leaving the clients helpless then make sure the backups are good.

If a need for redundancy is there then install an HP MicroServer with a Standard license and DCPromo that box into the domain. Make sure replication and AD integrated DNS are functioning between the now two DCs on the domain (we’ve seen situations where the second DC or RODC had no SYSVOL due to broken replication).

Or install an online cold backup device but make sure that the primary server has Software Assurance as Cold Backup is an SA only option.

For Small Business Server networks there _is_ a caveat to having another DC on the domain when in a disaster recovery situation.

In the end, a good chunk of the problems on a network such as connectivity, Line of Business application problems, performance, and more can have their source in an improperly configured DNS structure.

It is our job as IT “Professionals” to know the “WHY” things work so that we can set things up properly.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Monday 20 May 2013

SMBKitchen Project Open Chat Today

We will be having an open chat with the SMBKitchen Authors this afternoon/evening at 1600Hrs Mountain (1800Hrs Eastern).

Please make sure to use the full Lync client as the Web based client seems to not pick up audio streaming properly.

The feedback on my How-To video for setting up Hyper-V on Windows 8 as well as a greenfield VM based DC with DNS and DHCP along with setting up the Hyper-V networking and a 2008 R2 Standard VM as a router.

I go through step-by-step for setting up the vSwitches, NIC(s) on the VMs, installing and configuring the operating systems, and then finally setting up AD/DNS/DHCP on the 2012 VM and RRAS in NAT mode on the 2008 R2 VM.

We will discuss our current content along with the content we should be posting over this coming month.

This chat is open to everyone both subscribers and not.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Friday 17 May 2013

Creating a Fixed VHD in Windows 7 and a ShadowProtect P2V

We have a VHD creation process running in the Windows 7 Disk Management console:

image

The above VHD is being created on a network share hosted by one of our Hyper-V servers (2008 R2). It will be a 160GB fixed VHD that will host the Windows 7 machine’s OS once ShadowProtect is finished.

While that process is running ShadowProtect is taking an image of the Windows 7 machine as it will be P2Vd onto the above Hyper-V host.

image

This image is running to a 2008 R2 file server.

The machine is a Core i7-875K with a pair of 80GB Intel X25-M SSDs running in RAID 0 and is soon to be retired.

We will use our P2V Hyper-V Integration Services (previous blog post) step to get rid of the RAID signature and enable IS in the OS. Then, we will use our Hardware Independent Restore (previous blog post) steps to clean out any left-over devices from the physical machine.

We find out of all products available to us, including Microsoft’s own Disk2VHD too, that ShadowProtect gives us the most reliable method of moving a physical machine into a virtual setting or taking a VM and restoring it to hardware.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 9 May 2013

Repeat after me: SATA does not belong in servers.

One of the very last servers we deployed with SATA drives had yet another failure in it.

There is a new Intel R2208GZ4GC 2U server in place with eight 600GB 10K SAS drives configured in a RAID 6 array already installed and waiting for tax season to slow down for them (they are an accounting firm).

image

Our client recently moved to a new location with the servers now located in a dedicated room in the basement. The little A/C unit in that room was a leftover from the previous occupant that we were not too sure about.

Well, the hot spare in this server, an Intel Server System SR1560SFHS with three 750GB Seagate ES series SATA drives, died about four months ago. Since the system was slated for replacement we left the remaining two in a RAID 1 array alone.

Well, that ended this morning with one of the drives in the pair having gone full stop. This was probably due to the fact that the temp in the room upon arrival this afternoon was close to 90F.

Someone had fired up the A/C unit without realizing that the hose that puts the heat outside was not connected to the back of the unit. Thus all of the heat it was trying to pull out plus its own heat yielded a very high temperature in that room.

Once the hose was affixed to the back of the unit the temperature started to come down.

So, here we are writing this blog post at 2216Hrs on a Wednesday evening after having logged in to check on the progress of the array rebuild and the above was what we saw.

The RAID controller is an Intel RAID Controller SRCSASRB with battery backup.

SATA does not belong in a server when it comes to spindled hard drives. This experience with the blind failure and the dismal rebuild times, during off hours no less, are definitely a part of it.

SAS/SCSI was designed and engineered to run in server environments. SATA was not.

The firmware tweaks that the hard drive vendors have introduced, along with the pretty much failed NCQ effort, to try and mimic a SAS setup within the SATA controller do not come close to the performance, longevity, and stability that SAS drives offer.

By the way, this goes for NearLine SAS drives as well. These drive types are SATA internals with SAS electronics slapped on to the external of the drive. There is a very good reason why the drives are called "NearLine". :)

The cost on 2.5" 10K SAS drives in 300GB and 600GB sizes have come down quite a bit in the last year. The 900GB 10K SAS drives are still relatively expensive per Gigabyte but provide an opportunity for a large aggregate of storage when needed.

Another way to look at it is this: How many RMA efforts have gone in to server setups with SATA drives in them? Compare that with the servers that have SAS setups. In our case, where we have lots of servers deployed, there is virtually no comparison. Over time the SAS drives have completely trumped the SATA drives in all aspects.

Even with 24x7x365 by 4 hour response times most vendors require time wasted on the phone prior to initiating that on-site visit to replace the failed drive. This time is expensive and to some extent a waste.

Oh, and one more thing: If going with parity in an array go RAID 6 with at least eight 10K spindles and make sure the RAID controller has either flash backed cache or a battery backup.

Storage is almost always the weakest point in a server both for hardware failures and I/O bottlenecks. Kill both. Use a wide array of eight spindles or more and make sure the drives 10K SAS.

The risk when using SATA is just not worth the "savings" IMNSHO (in my not so humble opinion).

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Tuesday 7 May 2013

The “Right” Client and Our Business

Fellow MVP Cris Hanna pointed to the following article:

It took us almost 5 years to be able to start being choosy about the work we took on and the client relationships we wanted to build.

In that first five years we had to learn _a lot_ of lessons from the school of hard knocks.

Everything from a long standing and ongoing client not paying for work they signed off on to folks that expected a whole lot of work for no pay.

Then there was the scope creep on big projects where the original job, say a migration, then included a bunch of Line of Business application upgrades and migrations . . . and were not in the original proposal/agreement but, “since you’re already here . . . “

One of the more difficult lessons was in communication. That is communicating with the client about ongoing scheduling, jobs, and other task needs.

A really bad habit to break is to _not_ communicate with a client we have an appointment with that we are running late or even that we may need to reschedule.

In this day and age where we are facing pressures from all sides to cut and run we need to be extra mindful of the one gem in the rough we have in SMB: The face-to-face contact and relationship with our client contacts.

  • Be a man, or woman, of our word.
    • Need to make a change? Communicate first.
  • Use the tools at hand.
    • Outlook calendar invites, ticketing system if you use it, and keep lots of notes!
    • Phone is best. Texting seems to be a close second.
  • Be legit, stay legit, and deal with folks that operate above board.
    • This is especially true for software licensing.
  • Be personable.
    • When on-site reach out, say hello to everyone, and especially ask them how their day and tech are doing!
  • Operate on principle.
    • Create a project scope and a set of terms & conditions.
    • Stand by them.
    • Add-on charge _everything_ not included in the original scope.

Having an established set of terms & conditions is one thing.

Abiding by them and following through on them are two _very_ important aspects of the business relationship. By doing so, we place the expectation ball in the prospect’s/client’s court of being honest and forthright in their communications and negotiations with us and ours with them.

By not following through on our commitments, and holding them to theirs, we place ourselves in a very awkward position where precedent gets set that the prospect/”client” may indeed be free to take advantage of us.

This is a very dangerous precedent to set.

The same is true for time spent on _any_ client related need. Any and all time must be billed for and tracked with a full set of notes. But, most importantly, the client _must_ approve that work in writing ahead of time.

Yes, on-the-fly this may be difficult to be had, but again this is where communication abilities come in to play.

An e-mail simply stating that we hit a snag and that extra time will be needed can be fired off from a Smart Phone in a matter of seconds. If the contact approves of it verbally confirm that by e-mailing them back with a “Thanks for your approval” note.

Keep a paper trail. Keep an e-mail trail. Keep all documentation and notes related to any and every project small or large. Get a scanner that can do scan to PDF with OCR so that any font text can be read into that PDF and be searchable later on.

Scan all handwritten content in and set it into a client’s folder called NOTEs or ticketing system.

In the end if a question about what we have done ever comes up then we have something to fall back on including any and all communication with the client/contact.

We also use SNIP in Windows to take snippets of all of the situations we are working with.

In the end keeping the above approach to running our IT business protects both our clients and us.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 2 May 2013

Signs of the Times: IBM PartnerWorld Withdraws the Registered Reseller Program

We went through the grief of getting registered with IBM as we had a proposal that required Tier 1 with IBM fitting the bill better than Dell.

image

With the recent rumblings that IBM is looking to sell their System X (Intel x86 line) product group possibly to Lenovo the above announcement makes some sense.

Though, given how difficult the whole partner process was to get signed up and registered in the first place maybe enrolment was really low to begin with.

In the end, our Tier 1 hardware needs can be more than met by Dell so long as it is backed up by the 24x7x365 by 4 hour on-site response warranty with no “Phone Support” clause. :P

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer