Tech-ed Berlin 2009: Day 2

To answer the question that you all have been asking yourself, I can answer with a resounding YES. The hotel serves bacon at breakfast. And as a matter of fact, it is possibly the best bacon I’ve had in years. The correct thickness, and fried just to the point between bending and breaking. It was kept in a bowl, resting on whitebread to absorb the excessive fat so it didn’t slide off my plate either.

They had a variety of bread, cereal, fruit and vegetables, different types of egg, salmon and a couple of terrines, yoghurt, fruit juices, etc. They even had over a dozen types of tea leaves. The only thing that disappointed was the coffee. Overall, the breakfast was superb.

 I also have to say that this is by far the cleanest hotel room I can remember in a long time. The tiling in the bathroom is immaculate, as is the grouting. I could not find a single spot that was less than absolutely clean, so a big kudos to the KuDamm101 hotel.

My trip to the conference center was flawless this time, and I arrived in time to get a cup of coffee and read my email. The coffee is good btw. It is not the black bliss that was poured in Barcelona, but definitely above average.

I forgot to mention yesterday, but during the keynote speech it was proven yet again that computer geeks as a crowd are depressingly easy to please: all you have to do to make the crowd go wild is to throw a box of free t-shirts in the audience. Even bricks of 100 dollar bills would probably not have the same effect.

CLI302: How Windows storage is changing everything

This session is hosted by Mark Minosi. I saw him speak yesterday and so I knew he was a great speaker. I chose this talk because it ties in with VHD, which was mentioned yesterday in his ‘7’ talk and it seems interesting. The contenders for this session slot were VS tips and tricks, and parallel programming for managed developers.

Luckily, Steve’s talk on parallel programming is repeated on Friday. And the VS tips and trick is probably interesting, but not something I can’t easily figure out myself by looking at the slides afterwards.

The talk on VHS was interesting. VHD is technology for Virtual Hard Disks. And since the technology is cool, it is also used by the Windows Backup utilities to backup your files to virtual disk files.

VHDs are like the virtual disks we have all been using for a long time, via VirtualPC, VMWare or whichever virtual technology you happen to use. The difference is that you can mount them in Windows, assign them a drive letter, and use them natively like any other disk.

What you can also do is install Windows in one of these virtual disks, and then configure the boot manager to boot from that virtual disk. This is a cool thing to do.

Now of course, you might wonder what the difference is between this and just using VirtualPC. The answer is: not a lot. For plain yoghurt desktop use, I don’t think this is worth the bother. And annoyingly, you cannot run XP or Vista this way. Only ‘7’ and 2008R2.

The biggest difference would be that the booted OS runs bare metal. It is the sole OS, and gets access to all the hardware and resources, whereas a VM typically only has 1 or 2 CPUs, has to share memory with the host OS, and performs disk IO at a much slower rate. Additionally, direct access to other disks in the machine is not possible with VM clients.

So that might be an interesting option if you need to run different OSes in a multi boot environment without wanting to dedicate individual partitions to each one.

SRV203: Windows Server 2008R2 Overview

This session is hosted by Joey Snow. It is a high level overview of the new features of 2008R2 that make it worthwhile.

The first thing that was mentioned was that the virtualization and hyper-V technology for R2 got improved significantly. Items mentioned were live migration to other hardware (this was impressive to the developer in me), and the usage of new CPU technology to improve performance.

Remote Desktop got overhauled to support cool new things like remote application support and improved performance for media, making it possible to view e.g. an MPEG file on a remote server.

What was also nice was the system management software that includes a best practices analyzer that can scan your network, and then tell you if your DC, DNS, etc infrastructure follows the industry best practices (which are kept as XML config files so they are configurable), what the impact is if you don’t, and how you can resolve that.

The backup tool in R2 is finally becoming usable too. Microsoft finally got to see that we want to back up individual files and folders, and that we want to back them up to a logical volume instead of a dedicated physical disk.

Then there was also Direct Access, which allows for direct VPN connection to the corporate network, using IPv6 and IPSec. At the same time, you can still browse the internet without going through the corporate network.

App locker is a way to control which apps your users can run, via group policy and digital certificates, using blacklists or whitelists. And BranchCache enables people in branch offices to download files from the corporate network and caching them locally in a way that is invisible to the end users, thus relieving the server and network infrastructure.

And one of the things that I personally liked very much is the ability of Powershell to be executed remotely, just by adding 1 line to the top of the script. This allows me to write scripts that can be executed remotely on a server for doing administrative tasks without having to log on to the machine itself. By the way, Joey showed an Integrated Script Editor. It is not quite Visual Studio yet, but it looks very usable, with many nifty features and even features like breakpoints and stepping.

DEV203-demo: MFC stuff.

This was a lunch time session. I quickly ate my lunch and then got to the session. The food was great btw. The pork was perfectly cooked, and soft as butter. The baked potatoes and carrots were very good as well.

I did not attend this MFC session because it was about MFC. I hate MFC. MFC is the spawn of the devil. When God inspired Bjarne Stroustroup to start C++, he had templates in mind. Unfortunately, the devil got wind of this initiative, and caused delays in the formation of the C++ standard. So instead of using templates as God intended it to be, the MFC team decided not to use them and started on the object hierarchy road, paved wit good intentions, that lead to the current mess. ATL and WTL still followed God’s big plan, but it was too little, too late. MFC had a big head start, and is now here to stay, like original sin.

But I digress.

I attended this session because I assumed that because of the dearth of developer sessions, it would be a watering hole for C++ developers. And I was right. Kate Gregory was also there, and I talked to her for an hour or so. Kate has a talk tomorrow which I will attend. It was good talking to her. She is a C++ expert, as well as a nice person.

I did not hear anything from the MFC demo, so my C++ soul is still safe.

SVR315: IPv6 for the reluctant

Another talk by Mark Minosi. I wanted to attend this one because I don’t know too much about IPv6 yet, and since it is part of ‘7’ and 2008, and probably the way of the future, I felt this is an excellent opportunity to learn more about it.

Unfortunately, the session room was full and I was not able to attend this session so I chose the SVR205: introduction to Hyper-V and Windows2008R2

SVR205: introduction to Hyper-V and Windows2008R2

This session was hosted by Edwin Yuen and Jeff Woolsey.

The session was OK. It showed many features of Hyper-V, and I have to say I was impressed. For my environment, the difference between this and VMWare Server is negligible. Currently we run VMWare Server 2.0, but if I ever have the opportunity to switch, I’ll switch to Hyper-V R2. The management utilities are impressive, as is the live migration. What is even more impressive is that you can migrate to servers with a different CPU architecture without downtime.

Hyper-V accomplishes this by normalizing the set of instructions that the VM has access to. This made it possible to migrate a running VM from a P4 to a CoreDuo to a Core2Duo to a Core I7 nehalem without going down. And of course, everything is done via a powershell interface, making it possible to script everything you could want to do with your virtual infrastructure.

There was a lot of infrastructure management provided out of the box, and most of it is 100% FREE. I am not an expert in virtualization by any measure, but I think that this is seriously going to eat into VMWare’s revenue.

SVR302: Windows Crash Dump Analysis

This session is hosted by Daniel Pearson. My alternative choice would have been DAT206: SQL Server 2008 Power Hour. I didn’t really know which one to choose, but since this is in one of the smaller rooms and I was there, I just went ahead and chose this one. It is also more advanced than a SQL Server demo, and possibly I’ll learn some neat tricks here. The room is filling up quickly, and this session room will probably be full to capacity before the talk starts.

Basically, Daniel uses the ‘Not My Fault’ application to load the ‘myfault’ driver in order to cause a specific driver error, such as a buffer overrun, pagefault at dispatch level, or other bug. Then he demonstrates how to figure out the cause of the problem, using windbg.

He also used driver verifier to demonstrate how you can inspect suspect device drivers by performing more stringent checking and analysis at runtime. This has to be enabled explicitly, because it can cause a significant runtime overhead.

All in all it was an interesting session, but not as advanced as I would have expected really.

SIA401: Cracking Open Kerberos

And yet another talk by Mark Minosi.

I’ve always wanted to know more about Kerberos, and this is an excellent time to learn. It is a 400 level session so quite advanced, but I hope I know enough to be able to understand what he is talking about. Mark is a great speaker so that helps too.

Mark explained the process involved in authenticating a user on the domain, by following the Kerberos tickets. The explanation was really good and made sense. After a discussion on what Kerberos does and how it does it, he then explained the difference with NTLM (the old Windows authentication protocol), and why you should take steps to disable it where and when possible. He mentioned that around 5 to 10% of all authentication is still done via NTLM, even in a modern Windows domain.

There are several reasons for this, and they have a severe impact on functionality and security, causing weird problems (like admins not being able to join a computer to a domain) and possible attack vectors due to the weak NTLM encryption.

Mark then proceeded to explain about the new group policies in R2, enabling administrators to audit and block NTLM requests completely.

After that he explained about token bloat, service identity and authentication, and some of the edge problems that may cause Kerberos to stop functioning.

All in all this was a very good talk, and Mark’s gift for connecting with the audience made this session appear much simpler than it actually was. I had a math teach like that once in high school. The difficulty of a topic lies not just with the topic, but also with the ability of the teacher to explain. And Mark certainly has a gift for speaking.

Day 2 wrap-up

I saw a lot of great tech stuff today. On one hand I feel that it is a shame that there are not more developer sessions. I used to be able to choose between 10 developer sessions every hour, and now there are only a handful. The split is probably 60% IT 40 % dev. As Kate said to me: you don’t know you live in a golden age until it is over. The 1 week event type was chosen for economic reasons, so it will probably be so for the next couple of years.

On the other hand I now get to see some interesting sessions that I would normally not have attended, or which would not have been scheduled for the developer week. Since I wear both the developer and sysadmin hat, this 1 week setup has its advantages too.

There was a ‘party’ tonight in the exhibition hall, so I ate some of the food and drank a beer, bought a copy of Windows System Internals, 5th edition and went back to the hotel. I have the 4th edition of this book, and it was written at the time of XP and 2003. The 5th edition covers the Vista kernel and the 2008 kernel. ‘7’ and 2008R2 are not covered (they are too new) but they are based off the same kernel as Vista / 2008, so that doesn’t really matter that much despite the fact that some of the cool new features are not yet covered.

Still, any self respecting geek involved with Windows should read these books, even though they have as much pages as a Robert Jordan novel. Whether it is system administration or software development: if you really want to –know- what you are doing, then you have to have a good understanding of the fundamentals. This book is by far the best such resource that is not covered under NDA.

One thought on “Tech-ed Berlin 2009: Day 2”

  1. Parallel programming is used specifically to serve working software developers, not just computer scientists. It is a complete, highly accessible pattern language that will help any experienced developer “think parallel”-and start writing effective parallel code almost immediately. Instead of formal theory, it deliver proven solutions to the challenges faced by parallel programmers, and pragmatic guidance for using today’s parallel APIs in the real world.

Leave a Reply

Your email address will not be published. Required fields are marked *