Enterprise IT managers and techs all over have become increasingly familiar with names such as Xen, Open Xen, KVM, Virtual Box, VMWare and Hyper-V as the virtualization revolution swings in. With buzz words floating around like Public Cloud, Private Cloud, Hybrid Cloud, IaaS and PaaS, it is no wonder that many professionals don’t know which way to turn for their virtualization needs. In the past, VMWare was definitely the dominant player in the data center whereas the market share for SMB’s has been fragmented with those very same names above. While Hyper-V has always had a good reputation, their has been a fierce battle for supremacy in the virtualization market and the stakes are high. Not unlike a Bill O’Reilly vs. Jon Stewart debate, advocates of both platforms come out swinging when the virtues of either is questioned. I have never hidden my preference for Hyper-V and with Server 2012 the *LOVE* only grows stronger. Read on for all of the goodness.

So what is it exactly that now puts Hyper-V at the front of the pack? Quite simply the most convincing of all arguments is the economics one. Hyper-V now offers a built-in feature set that is robust enough for the data center and flexible enough for even a small business at a cost that is significantly less than VMWare. The bang-for-the-buck factor is undeniable and frankly has brought a new level of fervor and excitement to the virtualization realm. Going with Hyper-V means you might have an extra 20K in your pocket for that IT department barbecue, camp out and paintball weekend you always wanted, or if you are in one of those countries where extra money in the budget means a real party – knock yourself out!

While I don’t want to sound like I am the script writer for the latest ShamWow commercial, I can say honestly that there is likely not a business in existence that couldn’t benefit from some of the new features that have been bought to the table with Hyper-V’s latest iteration.

At a glance, we have:
-multiple and simultaneous VM migration and failover
-live migration of storage
-Hyper-V Replica for entire site replication and failover
-Hyper-V extensible switch
-Support for high availability using non-shared storage and notably SMB
-Improved NUMA memory management

...and many many more under-the-hood improvements to make Hyper-V more performant, robust, and reliable. All of this is essentially included with your Windows server licence and with the Windows Server 2012 Datacenter edition you get unlimited virtualization rights. No longer is Hyper-V just cheaper, it is often a cut above VMWare. It is also something that is designed according to Windows style guidelines and is intuitive and easy to manage for IT support staff already familiar with Windows server. (If they turn this into a Metro App, I will pull the article immediately. Please tell me why we need the ability to play Angry Birds on a server designed to be managed remotely from Powershell?) Anyway, the switch to server 2012, even in a data center environment, is compelling for sure.

Anyway, as I play with more of these features in the lab, you can look forward to more insight on each. I look forward to sharing this all with you in the form of writeups and training videos.

Cheers!

Matt

The first time I heard the term Layer 3 switch, I had a really hard time with it. It’s not that I couldn’t conceive what the device does, or how it would be implemented, but rather it was more an issue of simple pedantry. The term layer 3 switch is indeed slightly paradoxical at best and to some, completely misnamed.

Anyone with an understanding of the OSI model will already be nodding his head in agreement. It is the OSI model itself that clearly tells us that layer 2 is the Data Link Layer, which includes devices such as switches, and Layer 3 is the Network layer which would traditionally include routers and bridges.

So, what in damnations, is a Layer 3 switch. By definition this should be called a router, right? That’s certainly what I thought until recently.

In fact there are some subtle distinctions between a Layer 3 switch and a router. These distinctions however make a not-so-subtle difference in performance especially on corporate LANS connected by a VPN – layer 3 switches are blazing fast and have a throughput that would even make Takeru Kobayashi, the Japanese hot dog eating champion, blush. The ability for these devices to “ram” massive amounts of data through them is the main difference between a router and a layer 3 switches.

Hardware implementation of carefully refined software algorithms is what makes this all possible. By hard coding what would normally be a software implementation on a normal router, Layer 3 switches can attain speeds considerably faster than any normal router on the market and deliver data from across the LAN following the principle of Open Shortest Path First. (OSPF) Most layer 3 switches don’t even have CPUs as a router would, but insted use Application Specific Integrated Chips (ASICs) to get rid of the inherent speed penalty that wasted or tied up CPUs can create.

Additionally, Layer 3 switches typically don’t have a WAN port and are intended to be primarily a switching device that includes routing information. In the real world, this means that data centres using VOIP and/or have a large number of users accessing databases or file systems simultaneously will notice that lag or in the case of VOIP – choppiness – is all but removed.

Obviously, I could go into a tremendous amount of detail on how layer 3 switches are implemented and how the ethernet/MAC fram is bridged to layer 3 protocols such as IP, IPX, apple talk etc, but honestly it really isn’t necessary.

As long as you understand the use of these devices, you will be able to implement them just as easily as any router. I hope this brief explanation helps!

Cheers!

For years, I’ve been complaining about the sorry state of consumer-grade wireless equipment.  It never works properly.  Every product I’ve ever used – and believe me, I’ve used a lot of them – is slow, buggy, and lacking in even the most basic of features.  Originally, this was to be expected.  Wireless was new, it was complicated, and it was expensive.  Consumers wanted it, but they didn’t want to pay hundreds for it.  Shortcuts had to be made.  These days, though, when wireless chipsets are practically free and we’ve had years to refine the technology, there’s really no excuse for it.

Well, enter the Netgear WNDR 3700 Wireless Router.  This little beast sits very nicely between the crappy consumer-grade hardware and the ridiculously overpriced and complex enterprise-grade hardware.  It’s not cheap – at 160ドル to 200,ドル this is one of the priciest routers you’ll ever see in a retail store.  But let’s face it: you get what you pay for.  If cost is your primary concern, you might as well quit reading this now and go buy that 30ドル Linksys model you found on Craigslist.

So, what do you get for your money?  Well, three things, really: you get features, you get performance, and you get reliability.

wnr3700_photoweb_lowres

Reliability is a huge deal for me.  You know how nice it is to work with a system that has a good, old fashioned Ethernet connection?  You don’t have to worry about drop-outs, slow downs, or other grief.  You just get your work done.  Well, that’s what this router brings, except now you can get your work done on the couch without tripping over wires.  Through all my testing, this router didn't even hiccup.  It works flawlessly, ceaselessly.  There's not much more to say about this, but it's a really, really big deal.

And it's fast.  Very fast.  This is something that's often overlooked, because most consumers don't really push much data over home networks.  But when you're copying ISO images, watching movies, using VOIP, working through RDP, opening big files, and doing all the other stuff us technical people do with networks, it really starts to matter.  Perhaps the best way of summing up the performance of this router is by comparing a couple of quotes from SmallNetBuilder.com.  Here are some (conveniently trimmed) excerpts from their preview article:

…the claim of "350 Mbps real-world maximum wireless throughput" definitely smells like "creative" marketing to me.

…the highest speed I have measured from any wireless router is 111 Mbps…

…it's highly unlikely that you'll see anywhere near 350 Mbps of "real world" TCP/IP wireless throughput from the WNDR3700, or any dual-stream draft 11n router, for that matter.

And then, their thoughts after reviewing the unit:

…it turns out that the WNDR3700 actually manages to deliver the goods and will get NETGEAR seriously back into the N router game…

…routing speed well above what most of us can use, plenty of simultaneous sessions and steady throughput…

Yes, the WNDR3700 really can deliver 250 - 300 Mbps…

Sure, there’s a bit more to the story than that, but the point is: this router is fast.  Very fast.  Oh, and did I mention the gigabit Ethernet ports?  And not only is this router fast, it offers very impressive range on the 2.4 GHz radio – and remains fast at long distances.  In fact, this router allows me to get great performance in places where other routers wouldn’t even connect (or would constantly drop the connection).

But perhaps the most interesting difference between this router and the rest of the crowd is the long list of well-implemented features it offers.  All of the basic stuff is there, of course – and well implemented.  DHCP reservation, static routing, a detailed log, great status reporting, good port forwarding and triggering, support for dynamic DNS services, and all the other stuff you hope to find (but often don’t) is right where you’d expect it to be.  There are a few other nice touches, as well: automatic notification of new firmware (with one click to download and install right from Netgear’s server, if you want), very customizable tools to block certain sites or protocols (always, or according to a schedule), the ability to have the routers log e-mailed to you on a regular basis (or immediate notification of blocking activity), SPI firewall, great QOS support (by MAC address, port number, or physical LAN port), and a traffic meter.

But there are a few things that really set this router apart.  Each of the two radios (one for 2.4 GHz and one for 5.0 GHz) can be configured separately, and each radio also supports a separate guest SSID that allows clients access to only the Internet while (optionally) preventing access to the local network or restricting access to the current SSID.  Each of these connections can be configured with different SSIDs and security settings.  This means this router can actually expose up to four different SSIDs and up to three isolated networks.  Wireless repeating is supported, and can again be configured independently for each radio.  And, there’s a USB port on the back for rudimentary NAS support.  This is a very nice way of adding storage to your network, and while it might not be powerful enough to use as a primary storage device, it’s ideal for storing movies and music.  It even runs a DLNA media server.

There are a few problems: the web GUI could be better (the router only lets you connect to the administration site from one IP address at a time), the NAS performance isn’t stellar, and the 5 GHz radio’s range could be better.  But I haven’t come across anything really significant.

All in all, this is one fantastic device, so whenever you can possibly justify replacing your router, I highly recommend you invest in Netgear’s new baby.  Finally, we have a ‘prosumer’ grade wireless router.

Go ahead.  Treat yourself.  Your network deserves it.

This is going to be short and sweet!

Often, smaller networks use RDP as their primary method of remote administration. This is really great if you are using one of Microsoft’s SBS servers because the Remote Web Workplace wizard will automatically add all clients and allow easy access through a website harnessing the power of TSWEB.

But what if you just have a few machines behind a firewall and would like to be able to RDP into all of them? The answer is simple – change the port that RDP listens on on the client OS.

RDP by default listens on 3389. I find 3390 and 3391 are always good alternate choices that are almost never used by any other applications. You can use any port you like if it is free, however.

Simply open regedit32 (this is accomplished by typing regedit on the command prompt or in the run box).

Migrate to the following key:

HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Control\ TerminalServer\ WinStations\ RDP-Tcp\ PortNumber

[画像:image]

On the Edit menu, click Modify, click Decimal, type the new port number, and
then click OK.

[画像:image]

Exit out of the registry editor.

Now, go ahead and forward your firewall to pass that port through to the IP address of the client you have modified.   (Note:often routers will enable you to port forward external ports to different internal ports – this is equally effective and means that these registry changes would be unnecessary. There are many reasons for changing ports – use your best judgement)

Test it by using telnet.

For example: telnet mail.examplecompany.com:3391

You will know if it has connected if your cursor just starts blinking in a blank window and doesn’t display any error message.

Now, when you want to connect, use your RDP client and append your new port number to the address like below.

[画像:image]

It’s that simple.  I know a lot of you out there will find this extraordinarily useful…and oh yeah, by the way…standard disclaimer applies when working with the registry: back it up first, we bear no responsibility in you making a mess of it.

Cheers….

Firewall: The name says it all – this little piece of software (or hardware as it may be) is designed to keep your computer and the fires outside at some distance from each other.  It is an essential service, yet the eagerness of some to let the fires inside and burn their houses down is not unappreciated.

Let’s face it – firewalls can be a real pain in the butt and the one that comes with windows is sometimes nearly unbearable. I know a lot of you out there are tempted to live with this particular warning message forever…..

[画像:image]

I know I certainly have, but actually the windows firewall is very easy to work with. Let’s discuss some ways that we can make this work for you.

Now first and foremost, any configuration you do to Windows firewall should be done through the firewall wizard itself. This often grabs any exceptions that are needed and most of the time will actually pre-emptively warn you when Windows firewall is blocking out something important. Don’t ignore these messages when they pop up – think about what they mean and either allow or ignore as you see fit.  This will save you a lot of time.

Now, after you have tried forwardding ports as they appeared in the wizard/notification area and have failed in making the troublesome service or application work, the second step is to enable logging on the Windows firewall. Far too many people take a non-logical approach to troubleshooting firewall issues and basically just start clicking randomly allowing and denying until their issue is magically solved. Unfortunately, they have also magically opened up numerous attack surfaces on their machine and by two am the next day an army of botnets has already been able to compromise their machine and they are inadvertently relaying thousands of Cialis ads per day…this definitely puts one in between a rock and a hard place.  The moral of the story here is simple: AVOID THE IMPULSE TO RANDOMLY DISABLE/FORWARD PORTS IN WINDOWS FIREWALL. Troubleshoot these systematically.

Here’s how to enable logging:

1. Open the Windows Firewall with Advance Security snap-in, right click on the firewall and choose properties.

[画像:image]

2. Select the profile you wish to troubleshoot.

3. In the logging group, click on customize.

4. More often than not, you will be looking for dropped packets as these are the data packets that windows firewall has rejected and are probably the reason why that undocumented and proprietary software package you are trying to make work is failing. Click on yes for the dropped packets. Or, conversely, click on Yes to monitor which packets windows firewall is allowing through.

[画像:image]

5. Click OK to apply the settings. As you can see above, the log files are kept in the system32\logFiles directory.

Now try to recreate the problem and see if Windows firewall is in fact the culprit. You will want to disable the logging after you are done with it though, as there is a considerable performance hit associated with this as the log only stores the last 4 KB of data.

Now there is one other tool that is often overlooked in tracking down port forwarding issues.

The simple netstat command when used with the –a and –b switches is a powerful tool in tracking down applications that require access to the machine or in the case of spyware blocked.

Netstat when used in this fashion will allow you to see what services and/or processes are listening for incoming packets.  This, combined with a tool like process explorer by Sysinternals, is extremely useful in quickly figuring out access requirements.

[画像:image]

With all of these tools at your disposal, there is no reason to completely disable a firewall again nor will you be forced to just click aimlessly and randomly in the firewall configuration.

Enjoy!

Undoubtedly, one of the biggest sources of complaints from adopters of Vista and Server 2008 has been the new Networking UI and some of the shit that goes along with it. Yes, even I, have sat staring dumbfounded drooling incessantly as  Vista seemingly takes over and “Network Awareness” tells you that your perfectly configured router is incapable of accessing the internet or you are totally unable to even browse network shares on computers around you. WHY>>>AAARGH!!!!

The frustration, the agony, and the eventual exorcism and sacrifice of the Vista Demon that has brought unspeakable amounts of suffering to you and the pane-glass living room sporting a perfect IBM-sized hole are immeasurable. But wait, why would Microsoft do this, surely there is some reason, right?

Unfortunately, for many of us, that answer for the time being may be “No.” There isn’t a lot of apparent usefulness. But, that doesn’t mean that there aren’t any improvements at a lower level actually making the OS work better…in fact there really are (really, I’m not bullshittin ya!). Microsoft, as usual, has done a really terrible job in showing the average user why they should care about any of these configuration options – but for the IT professional- some of these changes DEFINITELY bring increased reliability and lower TCO (Total Cost of Ownership). 

Vista and Server 2008 have a completely re-written TCP/IP stack that is now referred to as the Next Generation TCP/IP stack. It replaces the venerable, well-known, but buggy standard Windows TCP/IP stack that was basically unchanged since the Windows 95 days. Let’s face it, with the role that TCP/IP has assumed in modern computing, and the demands that have been placed on this protocol suite, it is no wonder that the Microsoft Engineers wanted to tackle this one. Undeniably, nobody imagined that this 70s era protocol would be robust enough and able to keep up with streaming media, VOIP, and the massive routing that packets are forced to go through nowadays. It is the next generation TCP/IP stack that makes it all work just a little better.

One thing I want to say now. DO NOT DISABLE IPV6 IN ANY PRODUCTION SERVER. THE RESULTS CAN BE CATASTROPHIC! (This one is for you Devon) I don’t say this out of personal experience, but my fellow colleague can vouch for it!  With that little not-so-casual warning out of the way…Let’s jump into this.

The changes in the TCP/IP stack not only apply to IPV6, but also apply to our trusted friend IPv4.

Here are some of the changes:

Modified Fast Recovery Algorithm

This feature provides the ability for windows to alter the way in which a sender can increase the sending rate if multiple segments in a data window are lost and the receiver has acknowledged the partial data receipt.  The end result here is greater reliability and speed.

Network Diagnostics Framework

Provides a framework within the stack that can help users recover from networking errors and troubleshoot networking issues. Often, to understand the information this framework present still requires a thorough understanding of networking in general.

Compound TCP 

This is an optimization that is able to increase the amount of data sent in a connection without adversely affecting other TCP/IP sessions.  This often does produce a noticeable speed increase.

Automatic Black Hole Router Detection

This particular enhancement is hugely useful in network segments that have lossy routers and general patchiness. This actually forces TCP connections to not terminate when an intermediate router is silently discarding large TCP segments and will force the connection to stay alive even when error messages and retransmissions occur. The end result here is reliability.

Automatic Dead Gateway Retry 

Similar to above, except that it will actually periodically try to contact and unreachable gateway and will start utilizing it once it is alive. This, too, adds to the overall reliability of a TCP network.

Spurious Retransmission Timeout Detection

Offers correction for sudden increases in retransmission timeouts and prevents unnecessary retransmission of segments. This can have a huge impact on speed in an environment with some unstable routing equipment.

The following apply to IPv6 only.

Link-Local Multicast Name Resoulution

At some point in time, this little feature is going to become hugely useful –especially for the technically challenged setting up a Vista or Server 2008 home network.  This little feature will actually allow IPv6 clients to be able to resolve host names without a DNS server provided that the hosts are all on one single subnet.  This will greatly increase reliability, especially in small business environments.

 

Random Interface IDs

This feature helps thwart scanning attacks based on Networking equipment manufacturers company IDs Basically, it generates random interface IDs for auto-configured connections including public and link-local addresses.

This list is by no means an exhaustive one, but I hope that it helps highlight some of the strides forward that Microsoft has taken in developing this stack.  While we all hate change, at some point in time we WILL all be using IPv6, so why not get ahead of the curve now and learn how to leverage this technology into grater performance for your IT environment. Change is inevitable, it brings some pain, but 5 years from now we will all be reaping the benefits of our highly robust computing platforms.

Server2008 networking is a giant leap forward, so get your game shoes on and save yourself the cost of a new window!