Wednesday 31 July 2013

Blackhat 2013 – NSA General Alexander’s Keynote

The director of the NSA, General Alexander, gave a keynote address at the Blackhat conference.

Mark Maunder gives a good overview of the speech along with his thoughts around it.

The blog post is a good read and a link to an audio recording of the speech is at the bottom of the post.

But in all seriousness, headlines seen lately that the latest leaks are hurting US based Cloud businesses should be expected. Not only that, but folks need to keep in mind that pretty much all countries have some sort of monitoring agency or agencies in place.

So, again the question is begged: Who owns the data and has access to it the moment it leaves the on-premises setup?

EDIT: Hat Tip: Susan Bradley

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Friday 19 July 2013

Too Cute For Friday :)

We have a few additions to the “family”.

WP_20130713_005

They are now about 2 weeks old and we are really enjoying having them around.

All I can say is four kittens is good therapy! :D

Have a great weekend and thanks for reading.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Some Thoughts on the Need for a Physical DC for Windows Server 2012 Hyper-V Clusters

Introduced in Windows Server 2012 was the ability to cold-boot a Hyper-V cluster without a DC present outside of the cluster setup.

One still needs Active Directory up and running _prior_ to standing up a new cluster in a greenfield deployment but that is pretty much the only “requirement” as far as DCs and clusters go.

The above KB tells us that we can make an exception in that greenfield setup to actually DCPromo _all_ of the nodes prior to standing up the cluster. Then we have our AD and are good to go so to speak.

We, however, prefer to have a standalone DC in place prior to running a greenfield cluster setup or introduce a new physical server box with Windows Server Standard that will be DCPromod into the existing domain and remain after the existing server systems are retired.

Why do we do this?

  • A separate/independent DC is needed for standing up a new cluster.
    • We don’t support the idea of running a DCPromo on all of the nodes in a new cluster and then backing them out afterwards.
  • DNS is absolutely critical when working on a cluster in a recovery/systems down situation.
    • No DNS can mean no RSAT management of the nodes.
  • AD can be needed for authentication purposes when making changes on the nodes.
    • We don’t log into the nodes very often. So, in a setting where domain admin credentials change on a somewhat regular basis we could be locked out.
  • Constrained Delegation for access to resources hosted elsewhere on the network can break without a live DC.
    • No access to that recovery ISO that we needed yesterday. :(
  • A physical DC is needed for high load VMs where timing gets skewed****.

For the cost of a small server and a Windows Server Standard license we can avoid so many headaches in the event that something goes wrong and we need to go into troubleshooting and recovery mode with our cluster.

Depending on the situation one can also build a fairly robust server configuration for that independent DC with a lot of storage. This is our preference where our cluster storage is fairly close to 100% utilized with dedicated LUNs for those VHD/VHDX files.

Then, if we run into a situation where an admin accidentally snapshots something and the VM goes Paused-Critical (previous blog post) we have some free storage to combine the AVHD and VHD files.

Keep in mind that we are talking about a two, three, or four node cluster running in a smaller setting where there may not be any other DCs present beyond the main office.

If there are branch offices with a local domain controller present one needs to carefully evaluate as to whether that standalone DC in the main office should be left out of the picture. Even in this type of situation we prefer to have an independent DC in the main office.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 11 July 2013

Server Core: PowerShell Install-WindowsFeature RSAT-Clustering Seems to Hang at 68%

On a Windows Server 2012 Core deploy we ran the following command:

  • Install-WindowsFeature RSAT-Clustering

And we saw the following for a _long_ time!

image

The “Start Installation...” line kept blinking on and off all during the time it seemed to be stuck.

With a little bit of patience we eventually saw the following result:

image

The entire process took about 15-20 minutes.

So, be patient. ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Monday 8 July 2013

Things are Cloudy: Some Monday Morning Cloud Reading and Thoughts on Trust

Here are a few interesting articles that paint some reality on the ongoing Cloud picture.

Both articles are a good read and provide some insight into company’s perspectives on being in the Cloud and Microsoft’s vision for the Cloud.

BTW, what exactly is meant by an “update” anyway? We are not too sure on that one.

Conflicting Messages for SMB IT

Now, the kicker that really brings about the meaning of the word “irony” is in this quote from the Business Week article.

The Office unit says packaged releases will still be available to users who are resistant to Office 365 and its frequent updates, but most of the team’s energy will be focused online. “Microsoft has an established history and trust with customers [emphasis ours],” says Pisoni. “So far those who are hesitant about going to the cloud, they’re willing to put their trust in Microsoft. No other competitor—Google, Box—has that established trust.” Raman Padmanabhan, chief information officer for Xerox’s (XRX) business services unit, has been briefed on Microsoft’s move to faster updates and says he supports the shift as long as the product is good. “It’s all about service and quality,” he says. “You have to have a certain quality or it just kills your business.”

How many of us in SMB have been banging our heads against the wall, so to speak, trying to make the message clear that in SMB IT it is the face-to-face time and relationship trust that we build up with our clients that are keys to both business’s success?

The business relationship and trust have always been, and will always be, the foundation to our way of doing business.

The Cloud Message and many of the Cloud Prophets have been trying to blow that off for SMB IT for the last three or four years now and yet here we have it straight from Microsoft. _Trust_ is the foundation for moving forward.

Yes, there is a little bit of frustration here and it may show so our apologies for that. :S

But, at least it is good to see in print that our own SMB IT way of doing things is confirmed, though not directly. :)

As time goes on we shall see how all things play out.

From this arm chair it looks like Microsoft is in the process of slaughtering their cash cows and diving in for the lowest common denominator ... which in the end means that they will be on the same, and level, playing field as the other Cloud Vendors.

IMNSHO, this is _not_ a good place for Microsoft to go.

Most especially because a huge chunk of the Microsoft Partner base, that is those of us IT Providers in SMB, is being stepped on to get to wherever Microsoft’s current Cloudy Vision is leading them.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Saturday 6 July 2013

Updating the Intel Modular Server from v6.5 to v6.8 Involves Taking the Storage Controllers Offline

We are in the process of updating the firmware on our Intel Modular Server from v6.5 to v6.8 on our way up to v6.10.

When we uploaded the file using Modular Server Control (MSC) we came to the point where the firmware would not go any further before we reset the Storage Controllers into Safe Mode.

image

The process of flipping the two Storage Controllers into Safe Mode takes about five to ten minutes with a few CONFIRM steps required.

Once they are offline, we are able to move on with our firmware updates:

image

Given that storage is offline this particular update will need to be run after hours. A backup is mandatory for any servers whether physical or virtual prior to running this update (we only back up the guests in the case of a Hyper-V Failover Cluster).

image

IE10 is a waste of time. IE9 in Compatibility Mode with the MSC in Trusted Sites will work for the most part. Third Party browser may be the best option for this process.

Note that the IMS will go into Limp Mode once the first SCM goes offline. That means that hearing protection should be worn during the process.

image

The update process can take anywhere from 40 to 60 minutes to complete. Please budget time for this process accordingly.

Intel Modular Server Support:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer