Server 2008 Virtualization – Catch It!

This past Monday I had the opportunity to present what I call a 'Let's Get Excited' presentation to an architect audience at Microsoft Canada.  I was asked to showcase several new features of Windows Server 2008, due to launch on February 27th.

While preparing for the presentation I thought back to the first time I presented virtualization, when Microsoft Virtual Server 2005 R2 was released.  I was at the time amazed at how much more powerful the product was than Virtual PC, which I had been playing with for a while.  So when I started playing around with Hyper-V (alternately known as Hyper-Visor, Windows Server Virtualization, and a number of other names) I was amazed by the improved functionality.

If you are a critic of Microsoft – or even if you are not – you are probably quick to point out then features that Microsoft initially promised to be included, such as live migration of virtual servers between parent machines, the ability to add (virtual) hardware components on the fly, and a number of other features that have been removed from the product (for now).  You might complain about Microsoft's seemingly fragmented virtualization picture noting that its much vaunted System Center Virtual Machine Manager (SCVMM) which offers spectacular functionality such as the automated migration of a physical network environment into virtual, intelligent placement of virtual machines on appropriate hosts, and the ability to automatically provision new virtual machines in a few minutes and with a number of keystrokes from a library of templates for systems such as file servers, domain controllers, mail servers, and myriad other possibilities.  You will certainly mention, as a critic of the world's premiere software goliath, that the Hyper-V feature that was supposed to release with Windows Server 2008, has been delayed and is only now issued as a semi-public beta program.

Of course saying all of that would be correct, but for my money Hyper-V offers a number of features that make it worth the wait.  I would like to cover a number of these, leaving for the moment that Hyper-V will be neither an add-on nor an additional cost, but will upon release (assumedly through a Microsoft Update patch) be distributed to all Windows Server 2008 installations as a new role, easily installed in minutes.

If you were to examine servers in any average data centre you would note that the resource usage for most of them is quite low.  If a server's CPU runs at, on average, twenty percent usage, and the company paid (to use a simple number but not based on actual pricing) $1000, doesn't it stand to reason that these companies could have just as easily purchased a CPU with one fifth the capacity for one fifth the price?  This is of course not an option, and virtualization allows us to fill that unused CPU capacity.  On Virtual Server 2005 R2 there were limitations to the functionality of the guest OS, and taxing on the host OS.  With Hyper-V both of these issues are addressed; it eliminates the host/guest operating system model that we have gotten used to and replaces it with a parent/child model in which the parent (or primary) Windows Server instance hosts the Hyper-V role, but the virtual (child) OSes address the physical resources of the hardware, rather than detracting from the parent, as was previously the case.  This allows several servers to operate in tandem on the same box with the resources you allocate to it, without draining each other.  To test this I built a Server 2008 lab environment within a Dell Lattitude 830 laptop with a 2.4GHz CPU and 4GB of RAM, The parent OS (Windows Server 2008 Enterprise Edition, RTM) hosted the Hyper-V role; Three virtual machines hosted one NAP (Network Access Protection) server on Server 2008, a domain controller and System Center Configuration Manager Site Server, both hosted on Windows Server 2003 R2 (Enterprise Edition) with Service Pack 2 installed.  I did not see any performance degradation on any of them.

(It should be noted that although Server 2008 is available in both 32- and 64-bit editions, only the 64-bit edition will support Hyper-V.)

A huge advantage to Hyper-V over its predecessor is the ability to support 64-bit child servers.  This is a huge advantage to companies who would otherwise virtualize servers such as mail servers, but couldn't due to Exchange 2007 only compatible with 64-bit servers.  I am looking forward to playing with that particular configuration in coming weeks.

If you previously built your virtual environment around the Virtual Server 2005 R2 platform you are bound to be happy that your virtual machines are going to be fully compatible with the new Hyper-V platform.  In the current beta build of the product there is a bug that prevents you from importing VMs, but there is a simple work-around… simply create a new virtual machine and then rather than create a new virtual hard drive select your existing .vhd file.  Make sure you check your settings, but having played with it for weeks I can attest that the method is flawless.

That being said, there is some minor preparation required before you migrate; your old Virtual Machine Additions are not going to be compatible with the new platform, and must be uninstalled from either Virtual PC or Virtual Server before bringing the VMs into Hyper-V.  Though offering similar functionality, Hyper-V now offers Integration Components in place of the old VMAs.

Before you kick off in Hyper-V you should be aware that all of the old key-combinations that we got used to in WVS and VPC have been replaced; if you are familiar with Remote Desktop Client then the transition will not be too tough, which brings up another favourite feature of mine: Rather than requiring a special client or connecting through Internet Explorer (an option that is certainly still available) you can connect to your Hyper-V machines using Remote Desktop Client, and since they are sitting on the hardware independently you can access them from remote machines as you would any remote server.  This will prove to be a huge benefit to systems administrators who manage geographically diverse servers, whether they be across a campus or around the world.

It just happens that earlier this week the mail servers in my fiance's organization were down for an entire day this week due to faulty hardware.  The time it took for the server provider to get and install the replacement part meant that nobody in the entire organization received or sent e-mail for an entire business day.  Without addressing the glaring lack of redundancy in their infrastructure I can imagine that their entire organization – especially the CIO – must have been visibly aging while the server was brought back online (eleven hours later).  I did a quick test and discovered that I could easily automate Hyper-V to take a snapshot of my servers every fifteen minutes; once done I was able to turn off the Server 2008 machine, attach the Network Attached Storage device storing my VMs to a different Server 2008 machine running Hyper-V, and restore the VM and then that snapshot to the previous snapshot within minutes.

Microsoft has nothing to be ashamed of in its current iteration of Hyper-V, beta release and all.  Although there are certainly features that have been removed (which hopefully will be included in future releases) the product as it stands is certainly a value-add to Windows Server 2008.  Its functionality is not what was hoped for but certainly offers improvements over Virtual Server 2005 R2.  I look forward to SCVMM integration and management, and the live migration will be a huge feature for the next release.  However for architects and systems engineers trying to decide if now is the time to virtualize or if they should wait I would certainly recommend keeping your eyes open for the RTM Hyper-V and then do it.  In the meantime have your systems administrators download the beta release to familiarize themselves with it so that when it is released there need be no further delays… as our critics will bring up we have had enough of those already.

Hosting Servers Without a Static IP Address

Microsoft Windows Small Business Server is a great solution for small businesses of any size, from two to seventy-five seats.  The standard package offers the complete functionality of Windows Server, along with a web server, mail server, SharePoint Services, and much more for a small business price.  It allows small companies to bring their IT in-house and to compete with their larger competitors on an equal footing using the same technologies.

Unfortunately the way the Internet is designed in order to host public-facing servers (web, e-mail) you need a static IP address, much like having a business requires a telephone number.  Not every company with an Internet connection wants to pay the higher monthly fees (depending on the ISP and service often between $75 and $200 per month) for those benefits, and instead opt for a dynamic IP address, or an address that changes every so often. 

To address that problem a number of DNS Providers offer what is called dynamic DNS services, by which companies can configure a software client on the server (many inexpensive routers have the client built-in) to report back to a central server every time the dynamic IP address changes.  The DNS Provider then gives them an address (such as mitchgarvis.dyndns.org) which they can use to access their servers remotely anytime. 

Although this solution does address the initial problem, it creates a number of problems as well, such as:

  • Visitors know immediately that the company does not use static addresses;
  • The DNS Provider's name (or a variation thereon) is always part of their web address; and
  • Many ISPs block the default ports for many popular services on their lower-priced packages.

In this article I will offer solutions for all of these issues.  I will offer a solution for a fictitious company called Alpine Ski House that:

  • Registers their own domain name (alpineskihouse.com);
  • Configure web services and e-mail services at that address;
  • Redirects the necessary ports for the mail services*; and
  • Costs the company less than $100 per year, over and above their basic ISP fees.

What you need:

Although many of these methods can be adapted to different configurations, this article assumes that you have:

  • A properly configured server running Microsoft Windows Small Business Server, Standard Edition; and
  • A permanent connection to the Internet.

Domain Name

First things first, in order to do any of this you must purchase your domain name.  Choose something simple but explicative… so if your company name is Alpine Ski House try to choose something like alpineskihouse.com, and not theskichaletdowntheroadfromthatplaceIoncehaddinnerat.com.  Unfortunately it is true that most of the good domain names are taken, and consider alternate top-level domains, such as .info or .tv, if your first choice is taken.

Once upon a time there were only a couple of companies selling domain names, but those days are behind us.  Companies such as domainsatcost.ca, godaddy.com, and dyndns.com all sell domain names, and depending on what you want you may need to go to a few of them (domainsatcost.ca sells Canadian domain names which many of the others do not, though they should all sell .com, .net, and such).  Pick one that offers what you need at a reasonable price.  Recently a client told me they had paid $98 per year for their domain name and asked if they had paid too much… the same week that I paid $12.95 for one.  Shop around if you like and find a site you are comfortable with.

Register with a Dynamic DNS Provider

Open an account with a DNS Provider that offers Dynamic DNS services in addition to regular DNS services.  For the purpose of this article I used dyndns.com, but there are others such as no-ip.com who offer comparable services.  This service should be free, though it will start costing a bit as soon as we start adding options.  You will be asked what hostname you want to use (alpineskihouse.dyndns.org) as well as what domain name you want to use (dyndns.com offers several choices in lieu of dyndns.org).

NOTE: Especially if you have outside consultants working on your network I recommend selecting a password for this account that is completely different from all of your other services such as banking and such.  The password for your dynamic DNS will be configured either in your router or in a dynamic DNS client on your server, both of which are clear-text and unsecured.

Install a router with a DDNS Option

Even many of the lower end home routers these days offer a Dynamic DNS feature, and it is one less service that needs to run on your server.  For extra points get one with Universal Plug and Play (UPnP), which will allow the Small Business Server wizards to open all of the necessary ports in the device's firewall and direct them to the right server, which saves having to do this all manually.

Typically configuring Dynamic DNS will require selecting which dynamic DNS Provider you use, the username, password, and hostname.  Once you set this up properly it should report back to your DNS Provider the current IP address, and you should be ready to go.

Configure all Internet and E-Mail Services on your server

In short, run the Configure E-Mail and Internet Connection Wizard (CEICW).  This will configure everything automatically, and by selecting the option to configure your UPnP Router option when asked.  Make your selections according to your needs, so if you intend to host Exchange Server with Outlook Web Access, make sure to select the E-Mail option and Webmail options when asked.  When asked for the mail domain, enter the domain name you purchased (alpineskihouse.com).

Custom DNS Services

Now we may not like it, but this is where we start paying for all this.  The good news is that it is not overly expensive – recently I paid $22.50 for one year.  For mail and web services you will need a Custom DNS service.  The custom DNS will link your actual domain name to the dynamic account.  Because of this I recommend purchasing these services from the same DNS Provider that supplies your DDNS Service.

A Record: Forward looking records, the main record that points your name (alpineskihouse.com) to your server.  It is the only record that will point to an IP address.  If you purchased your domain name from a provider that is not your Dynamic DNS Provider then you will either have to transfer the name, or go into the records where you purchased them and substitute the original Name Servers with the ones that your DDNS  Provider supplies you with.

CNAME Record: Canonical names are the records for sub-names, such as www.  They are not required, but do not cost any more.

Although these records may only take a few minutes to create do not expect them to work right away.  The entire Internet DNS directory has to be updated appropriately, and this can take anywhere from 24-72 hours.

Ports?  What Ports?

If your ISP does block the necessary ports – typically port 25 for e-mail servers, then you have to play around a bit. 

  1. You will need to add a Mailhop Relay service to your DNS Zone.  This is another cost – I recently paid $42.50 for one year.  Configure the Mailhop service to your domain name, and select an alternate port to use – a common one is port 2525 which is generally not used for anything else.
  2. You will then have to create two MX Records in your zone.  Again this will take 24-72 hours.
  3. Open the custom port in your router and redirect it to your SBS server.

MX Record: Mail Exchanger records control the e-mail addresses, the infamous name@address.com.  When you purchase the Mailhop service you will be instructed to create two MX records within the DNS account, and how to do so.

<WARNING> We are about to play in the advanced options of your Small Business Server.  If you are not comfortable doing so have a professional do this for you. 

  1. Log onto the Small Business Server with Administrator credentials.  In the Server Management console tree expand Advanced Management, then First Organizational Unit, then <your servername>.  Under servername expand Protocols, then SMTP.
  2. Right-click on Default SMTP Virtual Server and click Properties.
  3. In the General tab of Default SMTP Virtual Server Properties click on the Advanced… button.
  4. Click Add
  5. In the Identification window in the box next to TCP Port enter the value of the custom port you selected (2525).
  6. Check the boxes next to Apply Recipient Filter and Apply Intelligent Message Filter, then click OK.
  7. Click OK to close out of the Advanced window and OK to close out of the Default SMTP Virtual Server Properties window.

Test it!

As mentioned the DNS settings may take a couple of days to fully work, but in essence you are done.  Go for lunch, take the afternoon off, and tomorrow morning, from a remote location, try the following tests:

  1. In a web browser try to navigate to your server by typing http://alpineskihouse.com.  If that works then the main DNS records are properly configured.
  2. Try to send an e-mail to administrator@alpineskihouse.com.  Because I am impatient I usually configure 'Request Delivery Receipt' so that I know exactly when it shows up, but if you can log onto the Outlook Web Access (https://alpineskihouse.com/exchange) as the Administrator and the e-mail is there, then it works!

What About SBS Premium Technologies?

If you are using Windows Small Business Server 2003 Premium Edition then you likely are using Internet Security and Acceleration Server 2004 as your firewall, possibly in addition to your router device.  If that is the case you will have to configure the Mail rules to use the custom port instead of Port 25.

Good luck and happy SBSing!

*These instructions are technical in nature, and do not address contractual parameters set forth by your ISP, which may exclude you from hosting these servers.

An Organized Office, and the Journey into the Unknown

A couple of months ago I effectively moved in with Theresa; that is to say I have not yet vacated my apartment, but have relegated it to being little more than a drop box, sometimes office, and place to store things until we actually hire a truck to move the lot down to Oakville. 

Other than the obvious there have been some tangible benefits to Theresa and Aaron, one of which is that all of the computers and related components (networks, wireless, printers, etc…) are always working, protected, and safe (see my recent article on Internet Safety).

One of the downsides, for Theresa anyway, is that she has had to share her home office.  In my absence this room could generously have been described as cluttered, with what few shelves there were crammed with boxes, files, books dating to the turn of (thankfully this) millennium, and software manuals that predated those (The Viso Corporation, Excel 97…).  As a tribute to Theresa's musical background a clavinova occupied an entire wall, and a plastic 6' work table occupied another, although to identify this table would have required clearing off myriad piles of bills, reports, and boxes of games for Aaron's Nintendo DS.  The last wall was (thankfully) occupied by a desk and a filing cabinet.  The desk was home to the computer in the same manner that an untended garden is home to garden gnomes – it was there and accessible, but the overgrowth (papers, not weeds) made its use uncomfortable.

The clutter was initially made worse by my presence.  The inkjet printer that sat quietly on the filing cabinet in the corner was out of ink and rather than buy more (it was more expensive than the printer) I brought my spare laser printer; the new printer did not occupy the same space as the old one because the old one still had a flatbed scanner in it so that stayed there, and the laser printer took what was at the time the only uncluttered corner of the desk.  When Theresa moved her laptop from the plastic work table to the family room to let Aaron use it more comfortably the space was freed up was immediately taken over by… well, me.  My laptop did not come alone, it came with a pile of CDs that we wanted to rip to listen to on the Zune in the car, a few papers and five external hard drives… with the cables.  Six (yes, SIX) software boxes for Windows Vista and Microsoft Office were strewn about the table wherever they could settle.

The room is well lit by the window during the day, but in the evening a single lamp in the corner weakly lit the room.  There was a light switch, but it did not do anything, and Theresa explained that it was connected to a wall socket that was not used.

Enough was finally enough.  We had put it off long enough, but as we had organized the kitchen and the dining room, and forced Aaron to do the same to his room, we decided to bite the bullet and make this room right.

Three weeks ago I was to be home all day while everyone else was out, and I announced I was going to organize the office, but standing there looking at the reality of the project I knew it was not a job that I could do alone, not because it was too big a job, but because there was a method to the madness, an organization to the confusion; I could not start boxing or worse throwing out papers which were not mine.  This was a job that would require several distinct components:

  • A well thought-out plan of action;
  • Teamwork and Cooperation; and
  • Refurnishing.

The project started one evening with Theresa and I standing in the middle of the room and taking in the room… what was where, what was important.  The room had been thrown together over the years, and the furniture was what had been available, rather than what was required

The music just did not belong in our vision of a home office.  On the other hand it is important to Theresa, not to mention a potential source of revenue going forward.  However if we were to make this an actual office we would need space for shelves – lots of them, not to mention a work area for three computers of mine (you didn't think I woke up every morning and magically knew the material I have to teach or consult on?) and a desk for Theresa to manage the finances, bills, taxes, and such… not to mention her computer.

We are lucky enough to have two extra finished rooms in the house, not to mention the basement (currently terra inhospitable to me, as it is home to the cats).  There is also a large and spacious family room (probably poorly named, as Aaron and his clutter monopolize much of it).  What if we were to make the office hers and mine, rather than for the entire family?  Aaron had been doing his thing just fine since we moved the laptop into the family room, so why not make that his permanent work space?  Of course he would not have the laptop and I would have to get the extra computer working for him, as well as put in a desk but none of that would be overly difficult.  The third downstairs room could eventually be made into a music room/recording studio… a soundproofed room where Theresa could play and record her music, and I could record podcasts and such. 

The plan was forming… but how would we get there?  Theresa and I agreed that unlike the other organizational projects, for which we had enlisted Aaron's help, this would be us alone.

Step 1: Slash and Burn.

Well of course we neither slashed nor burned anything, but we cleared all of the non-office items into the unused room.  Clavinova, boxes of music, some boxes that did belong to the office (my new laptop, some other accessories), and bags of cables.  Anything that looked like it belonged in a basement – tools and such – went into the basement. After three hours of hard work we had one wall completely cleared, and the middle of the floor was relatively free of clutter as well.

Step 2: Acquisitions.

While the room was relatively (ha!) empty, we decided to bring in a standing lamp from the unused room.  We put a good energy-saving bulb in, and stood it in the corner by the socket that was connected to the light switch.  It was not overhead lighting (which both Theresa and I prefer for an office) but the improvement over what had been was measurable.  The lamp has three shelves in it and because this room would be off-limits to children we decided that it would be a nice place to put some of the jade and marble animal carvings that I had brought home from the Orient.  It might be an office, but it is our office, and if for no money we could spruce it up to reflect our tastes, then why not do it?  To complete the menagerie we added a wooden camel that must have come back from Israel with me years ago, but whose actual origins are a mystery.

The plastic table would not be long for this room, but because of the sheer amount of otherwise unmanageable… stuff on it, we would not touch it until we had the necessary places to move everything to.

At the office supply store we found a desk box with eight cubbyholes which would be used to manage papers.  It had a nice leather look to it, but for under $20 it was actually cardboard and plastic.  We also bought a desktop accessory to hold hanging files, along with legal-sized file folders.

It would be exaggerated to call Ikea a necessary evil, but suffice it to say that I have never liked shopping there.  However it is a great place to buy just about any furniture one could need for reasonable prices, as long as you are handy enough to assemble it yourself… and have a car that can hold a box six feet by four feet.  We needed desks, I am pretty handy, and my Toyota Matrix was built for the task.  Saturday evening we picked out a desk that was functional and not unattractive (called Frederik) and bought two of them.  We also picked up a couple of plastic mats for the floor so that our chairs would not muck up the wood floors any worse than had already done so.

We could have gone home and continued to work… but it was Saturday evening and we had a babysitter, so those of you with children will understand that we opted for Chinese food and a movie.

Sunday afternoon I assembled the desks, and we were ready to start populating them.  My desk was immediately occupied by two laptops and the external drives.  The first shelf (there are two shelves above the desk area) is home to the laser printer and software boxes, while the top shelf holds one of my PCs, and presently all of the 'not now' stuff… Nintendo boxes and such which will eventually find their way into the family room.  Theresa's desk has the files, trays, and cubbies needed for organizing papers and such, and we spent a lot of time getting the papers and files into their place.  It is hard to believe that the plastic table is gone, and you can actually walk around the room!

The week-end was over but the project is not… but the progress we made is remarkable.  The next phase will involve getting rid of the 'garage sale desk' and bringing proper shelving in… we bought the desks to match the shelves I have at the apartment which will come over in the next few weeks, and we will move on to the next phase of the organizational project.  However we now have something that we had never had before… a comfortable place for two people to sit side-by-side and work in!