MS Online Archiving or ‘a pain in the archive’.

 Providing for Exchange archiving for Online Exchange

A new customer referral out of the blue, direct from Microsoft looking for archiving for online exchange, only 5 licenses so the sales guys don’t flutter an eyebrow, but we are here to help, and this should be a rudimentary task, the service details are:

£3 PCM per seat (min 12 months) plus the optional cost for archiving data that already exists on a volume basis.
This archives the data for 10 years satisfying all current compliance regulations.
It can also capture IM and Bloomberg messaging.
It is described and available on the MS website, surely click and add and away you go? Not quite….

Read more of this post

Access Denied message when changing printer port

I have just changed the IP address of my network shared printer. When I have done this in the past it has been straight forward but it looks like Server 2008 R2 had different plans for me

I went into the printer properties:

selected the ports tab and found the port I wanted to change:

Read more of this post

Microsoft Application Infrastructure Virtual Launch Event

Well worth a look:
http://www.appinfrastructure.com/

Lots of good informational videos, case studies, whitepapers, etc. No registration required.

Fastest laptop disk setup ever?

People that know me will know I have a bit of a love affair with shiny laptops, but also that I have high standards and if something isn’t right then I won’t accept it. I have sent back a total of NINE (just done a quick count and even surprised myself!) for full refunds over the past 3 years and in fact due to these refunds until a few days ago I still had the very same £2.5k I spent in late 2006! It might sound like the ideal situation, but its not all sipping champagne and using bleeding edge laptops for a few weeks at a time, it was actually a real nightmare not having a laptop you can rely on!

But anyway, I have just finished my latest round of research, searching the owners forums, etc and have parted with my hard earned money once again. I have a shiny new Sony Vaio Z-Series:
http://www.sony.co.uk/product/vn-z-series
and first impressions are excellent, which is unusual for me.

In the past I have always gone for power over portability, have never bought anything smaller than 17” (weighing around the 4kg mark) and they have always been “pimped” out with the highest specs possible. They have not really been laptops as such, more portable desktop PCs with a TFT strapped to the top!

This little ZSeries laptop is 13” and defies belief in many ways. First of all it is the lightest laptop I have ever seen weighing in at just 1.4kg – yet the specifications would have me believe I am still using one of my 17” monster laptops:

Read more of this post

iSCSI Target Performance: DataCore – expensive but worth it.

Carrying on from the post yesterday regarding the software iSCSI SAN I was building I thought I would post a few performance figures for the vendors I tried.

In the past I have used a Product called “SanMelody Lite” from Datacore. Their full SanMelody product has been proven in many large scale environments and the “Lite” version was essentially a starter pack costing $199, limited to 2 targets, 2TB of storage and none of the enterprise features such as thin provisioning, snapshots, etc – which was very reasonable for the cost.

Sadly when I tried to purchase a new licence last week I discovered they had discontinued it and in its place is a package costing $950, limited to 3TB and containing features that while useful are frankly unneeded for my deployment. I phoned Datacore to see why Lite was discontinued and was told they didn’t sell enough, make of that what you will I suppose…

Anyway, with that gone I decided to check the latest offerings from other Vendors. The two main ones I looked into were:

Read more of this post

Windows 7 Wi-Fi Connectivity issue

I recently rebuilt a new laptop to get rid of the manufactures image. Post fresh Windows 7 installation, I duly went on the Dell website and downloaded all the latest device drivers.

Whilst on a client site a few days later I had intermittent issues with Wi-Fi connectivity. The laptop initially discovered and connected to their public Wi-Fi, but a few hours later dropped off. The following day, Windows couldn’t even detect their Wi-Fi SSID. Puzzling….

As I didn’t have any LAN Manager or Wi-Fi catcher installed I couldn’t blame that. I moved my attention to Kaspersky Internet Security (KIS) assuming that, as it ties into the NIC, was throwing a spanner ion the works. With KIS disabled I was able to detect and connect to Wi-Fi. KIS re-enabled the connection maintained.

With the problem successfully bodged I went to a meeting thinking I’d at least found the culprit. On return to my desk, no Wi-Fi!

Tinkering continued for a further 2 or 3 minutes until, out of anger more than anything, I removed the device drivers and rebooted. Once logged on, Windows 7 discovered the WLAN card, installed its driver and connected to Wi-Fi in seconds.

That was a week ago and no issues since. The lesson learned; Windows 7 rocks. Just trust it to work it’s magic and only install drivers when it can’t do it for you.

Cloud Computing – the sixth phase of computing? Wait a minute…

Last week I attended an excellent seminar on Cloud Computing. Speakers included Bob Muglia (President of Server and Tools Business for Microsoft) and David Chappell. Both were excellent but it was Dave Chappell that really got me thinking, he was talking about how computing has changed in the past 50 years and how we are now entering the sixth phase of computing. He listed the phases as:

1. Mainframe
2. Server
3. Personal Computer
4. Laptop
5. Mobile Phone
6. Cloud Computing

He is an excellent speaker and I would highly recommend him, but I must confess to drifting for a minute or so at this point, thinking about virtualisation and why Dave did not include it in the list….

Read more of this post

Fake-Raid or not Fake-Raid, that is the question…

Last week I was building a cheap and cheerful file server using a software iSCSI target, a workstation and some off the shelf SATA disks. I have done it before with great results, but sadly my preferred iSCSI target vendor has recently stopped selling the low cost edition of their product and the new “entry level” is almost three times the cost – forcing me to re-examine the competition.

I will leave the comparison of other target vendors for another blog – this is more of a flashing red “Danger Will Robinson!” warning to others using workstation RAID configurations for such tasks so they don’t get caught out as well.

The workstation used was a Dell Precision 390, their top end enterprise level machine from a couple of years ago. It comes with an onboard Intel raid card capable of RAID0/RAID1 and RAID5 and I have used it with success on Windows platforms in the past. However while I was exploring other iSCSI vendors I tried to install a Linux based platform and discovered it was ignoring the RAID configuration and able to examine the individual disks.

There were five disks in total:

Read more of this post

Installing Windows from a Bootable USB stick

I was recently tasked with setting up a quick method for provisioning new physical servers/workstations. I have a Server2008 R2 AD forest with VMWare VSphere for virtual machine server infrastructure.

Virtual machines are provisioned via template images from the Virtual Center server, but with almost our entire infrastructure virtualised there are only a handful of physical machines to worry about. They are all workstations that will likely only be rebuilt once a year with most of the configuration done via group policy. With that in mind I didn’t want to use a dedicated deployment method such as Microsoft’s BDD (Business Desktop Deployment Services). The added infrastructure, image creation, image maintenance and overall setup just didn’t seem worth it for so few machines.

Its always best to keep things simple so with that in mind I chose a straight install from a bootable USB stick. The main reasons for this method were:

Read more of this post

No Drive Encryption? All your Data are belong to us!

Hopefully everyone is already aware of the benefits of using passwords to protect data held on computers, however passwords are all well and good until someone has physical access to the computer – at which point all your confidential data belongs to them whether they already know your password or not. It really isn’t difficult to bypass windows security once you have physical access.

Consider your laptop being stolen or accidently left on the train, perhaps it contained confidential client data? The sort of data that if “found” would cause significant embarrassment to your company, damage client relationships and on a personal note may put your job in jeopardy.

These days it is just not good enough for this data to be merely password protected. Given physical access to your computer a malicious person has numerous ways to gain access, such as booting from a Linux boot disk with tools to reset the local administrator password. Once they have administrative access on your machine the game is pretty much over – but that is outside of the scope of this blog. What I want to do here is talk about how to prevent someone from getting to that point by using full drive encryption to render those lost hard disks expensive paperweights.

There are many full drive encryption solutions out there, however for the purposes of this blog I will talk about Microsoft’s own BitLocker Solution. The main reason for this is its excellent Active Directory integration and that fact it comes built in (free!) to the windows client editions that business use (Vista:Business/Ultimate/Enterprise & Windows7:Professional/Ultimate/Enterprise).

Setting up Bitlocker is considerably easier with Windows7 than its Vista counterpart. With Vista you might remember a “Bitlocker Preparation Tool” that you needed to run and setup the drive partitions. The reason for this is the boot sector cannot be encrypted, it needs to sit on a separate unencrypted partition to allow the computer to know there is something to boot and prompt for the key. This is no-longer needed with Windows7 as it separates the boot sector onto its own partition by default (this is the small 100MB partition you might have noticed at OS installation). No data is held on this boot partition and it isn’t mounted in the operating system.

BitLocker works by encrypting/decrypting on the fly, meaning your drive is always encrypted apart from the items currently in use. The official performance impact of this is stated to be in the single digits, but in my experience it is generally around the 3-5% mark. Not really a noticeable hit considering the obvious security benefits.

Protection and Recovery Methods

Before you jump in and setup BitLocker, there are some important setup/recovery considerations:

The first choice you must make is what encryption method to use. This is dictated almost entirely on whether your computer has a TPM chip installed. Most recent enterprise grade laptops will have a TPM chip, but sadly the majority of small business grade laptops still lack it. Essentially it is a factory installed physical chip tied to the specific hardware in you machine that generates a complex encryption key from a simple pass code which is then entered to boot the drive. Removing the disk and placing it into another computer with a different TPM will result in a different encryption key being generated from the same pass code and prevent decryption. This is the easiest way to setup BitLocker and is both the most secure and Microsoft best practice.

If you don’t have a TPM then its not the end of the world, but you will need to make a few group policy changes to allow BitLocker encryption without it and use a USB stick to store the encryption key. This USB stick will need to be inserted at every boot/resume or the system will be unable to boot.

If you are anything like me, you are now imagining the problem scenarios:

1. The TPM enabled laptop hardware breaks.
2. The USB stick containing the encryption key is permanently lost/destroyed
3. That fateful morning when you get on the train ready to settle in to some work only to realise you have left the USB stick containing your decryption key on your desk.

Well the good news is that part of the best practice is to prevent any encryption from taking place until BitLocker can backup the recovery key to the associated computer account in Active Directory. The recovery key allows emergency drive decryption and in the event of a problem your system admin can provide you with recovery key (ie – read it to you over the phone if you are remote) so you can boot and regenerate your key to a new USB stick or to the current TPM hardware.

NOTE – This BitLocker tab is optional and for it to show up you will need to install the RSAT optional BitLocker management tools as shown below:

The good news is that if your laptop has been lost/stolen (or bad news if you have just misplaced your USB stick!) is that until this recovery key is entered your laptop is just a big paperweight and your data is secure. Congratulations

IMPORTANT – This sort of protection is very effective and definitely worth doing, however the obvious mistake is to leave the USB stick containing the key or a post-it with the TPM passcode in the bag with the laptop. If you have left your laptop on the train then there is a good chance the two are lost “together” and the protection you have put in place is null and void. Don’t do it! Personally I keep my USB key on my keyring which I keep on me at all times. For reference I have:

Go forth and encrypt!

Summary:

Good Points:

• Lost/stolen disks are paperweights and your data is secure.
• Excellent recovery options in the event of accidental loss of the USB stick or TPM hardware failure.

Bad Points:

• Small performance hit due to the on the fly decrypt/encrypt (official figures state single digits)
• If you don’t have a TPM (which most people won’t) then you will need to carry a USB stick.
• Losing the stick while on travels will result in a phone call to IT for your recovery key.
• Unable to use the Sleep function. Will have to use hibernate instead which takes a little longer.

Useful Links:

Microsoft best practice policy for Windows7:
http://technet.microsoft.com/en-us/library/dd875532(WS.10).aspx