There are a few more things I'm aware off (and I was working with VMWare and VPC before VPC "joined Microsoft" ;-) ) - they also work with Virtual Server or VMWare:
- Keep the file-based disks as less fragmented as possible (Sysinternals provides a tool called Contig which is able to defragment single files).
- Due to fragmentation I'd prefer to keep the VPC-Images on a different partition / drive than documents.
- If you want to use an external Harddrive for your images, use Firewire instead of USB. USB is theoretically a bit faster, however it's harder on the CPU. Firewire is much faster when running VPCs.
- Clean up your VPC-Harddrives - there's a tool in VPC SP1, the Virtual Disk Precompactor. After running it the file will be compacted better (VMWare provides this Option in the Client additions).
- Compact the files on the Host (NTFS-Compression), don't compact them inside the client. I've got this tip (among others) from my friend Ronald Beekelaar who's MVP for VPC and who's one of the best sourcens when it comes to VMWare or VPC.
- If you are running multiple machines with the same OS, use differencing disks. That means you create one disk with the Operating System (configure it how you all your machines prefer) and sysprep it or copy newsid (from Sysinternals) on it (you can also start it using the Runonce-Key). Then create differencing disks for different machines (never run the base-disk again - it'll corrupt your differencing disks). Make sure to change the name, IP and SID on every machine you are planning to run at the same time. Differencing disks will increase your performance when running multiple machines at the same time. E.g. an installation of Windows XP might need a bit over 1 GB, so two machines would make more than 2 GB. If you are using differencing disks, the differencing disks size will be about 200 MB after changing the SID, so two machines of XP would add up to 1 GB (base) + 200 MB (diff 1) + 200 MB (diff 2) which is significantly less than two full disks. Think of the disk caching the host has to perform - much more performance (Note: VMWare is also introducing differencing disks in the next version - or current beta. However you'd be able to create differencing disks with every Version of VMWare higher than version 3 (at least) - but you had to create them manually. But this might be a different topic).
- Increase the RAM of your Host, and decrease the space your Virtual OS is using - clean up temporary files, different caches, resize your pagefile, …
- For a single VM create a full-sized disk instead of a expanding. If the disk is in the final size and defragmented it will not be increased later (thus performing better). If you are using differencing disks use a expanding disk and make it as small as possible.
- If you do WebCasts, Netmeeting or any other forms of Application Publishing use the Virtual Server Remote Client (VMRC) with Virtual Server - it's great for switching between machines easily.
- If you do presentations, use Remote Desktop instead of the VPC Windows (or the Virtual Server Remote Client, or VMWare). Remote Desktop (in Windows 2000 known as Terminal Services in Administration Mode) is faster, and you are able to increase it to full screen. If you have been to any of my classes/presentations you know what I mean - you can present from one machine like it's a monitor connected to a KVM-Switch, which increases the experience for the audience.
I guess that are the most important tips using VPC, Virtual Server or VMWare. I love those products - and I work a lot with them. I've simulated every environment or scenario at customers during my projects in the last years, gave many presentations and classes using them, and you can do almost everything you want. They ROCK!
Some people are thinking that ADS is the acronym of Active Directory Services. I don't like that - it was used during and right after the Windows 2000 beta - however I haven't heard a official reference lately and I don't like it. Active Directory is not a service, and not a suite of services. Sure, some services provide some of the functionality of the Active Directory, like DNS is used to locate resources and the File Replication Services (FRS) are replicating Sysvol (usually Scripts and Group Policies). However as of today the Directory Service itself is not a Windows Service, and so I dislike referring to Active Directory as ADS.
However, I want to talk about ADS right now - Automated Deployment Services. This is a pretty interesting product - and actually free to customers who have a Windows Server 2003 Enterprise Edition license. ADS is made for installing multiple Servers. It works like Remote Installation Services via Network Boot Request (PXE), but ADS is much more powerful and configurable. The top feature of ADS is that it is providing multicast deployments, meaning that it's installing multiple servers at the same time and the image is traveling over the network just once instead of once per installation-client. You are also able to control the systems: if you install a service on the servers they also connect to the ADS-Server and fulfill the jobs they are supposed to.
In the ADS-Console you are usually running jobs, which are designed by a sequence editor. A sequence is a XML-File which defines which commands are run in which order. For example to deploy a server you can define a sequence to reboot first, go via network service boot request into the deployment agent (a small bootable Windows Server 2003 image which takes the further commands to capture, deploy or modify the machine), and then deploy an image (which was prepared using sysprep). After the image is on the installation-client the job is also able to change the answer-file for sysprep to contain the right IP-Adress, Computername or whatever you want. You are also able to change the registry-files (there's a command for offline-editing the registry), then reboot and change the default behavior of the machine to boot to harddisk (which is also a PXE-Image which redirects the boot to the harddisk). There are multiple options available in the sequences - you are also able to run any command either on the client or on the ADS-Controller, or you can create a floppy-image and instruct the client to boot from this image. Everything you have to do in the ADS-Console, like adding clients, taking control of them, defining their default jobs, adding them to computer sets, running a job and so on is also scriptable - the help provides the reference for every command, and everything is doable via a batch script.
ADS is only supported to install servers, however it also works for clients (I've tested that to roll out a classroom). The installation of the classroom took me only about 20 minutes.
However it's not that easy to get started - but that's mainly Hardware. What I've run into:
- Don't change the IP of the ADS-Server or you'll have to change it in every service of ADS in the registry.
- If the install client supports 100Mbit, and the ADS-Server only 10Mbit, you are running into a timeout.
- If you change the network you might need to reboot the clients or the server.
- If the clients support 100Mbit, but they are connected to a switch or hub which only supports 10Mbit, they are able to load the Deployment Agent, but they are unable to connect to the ADS-Server afterwards (and therefore not able to capture or deploy an image).
Another thing: ADS does not need a DC or DNS - you are able to run ADS on a standalone Machine, you only need DHCP. The traffic of ADS is encrypted by default, ADS is using a certificate on the server for that purpose.
The last thing I learned the hard time (just got back from work at 11pm and wasn't able to go to the gym what I was looking forward to): Don't rely on your hardware unless you have tested it already (installation clients, ADS-Server and Network equipment in between), and don't start installing to late. I already tested the installation-client and the server, before installing the classroom, but due to a 10Mbit hub in the classroom I had to get my small 4-port hub as replacement for the installation and install in multiple shifts.
As MCT I love to train and talk about technologies. But my job is working as senior consultant in the Microsoft area - mainly migrations, scenarios for solutions and speaking about technologies. However during those project I'm also training customers, and I'm also training our own technicians and consultants. But right now it's kind of different - there are loads of requests for trainings. Last week I did a training on Microsoft Technologies and Security. I had to cover a load of topics in a few days - we did Windows XP, basics of management, Windows Server 2003, introduction in DNS and Active Directory, and security topics like XP SP2 enhancements and Windows Server 2003 SP1 enhancements, and a overview of Windows Update Services (WUS) and Internet Security and Acceleration Server (ISA).
Next week I'll have to give a class about Windows XP (which I tend to spice up with security topics as well - SP2 is a great excuse to spread the word about security). The week after and two weeks later I will be at a customer site training Windows Server 2003.
What's great - my department recently moved into another floor on our companies building in Munich. Within a couple feet of my desk we have a big testing center, and a full features classroom equipped with everything needed. The classroom is brand new, so I am able to provide feedback about usability. I'm really exited about this classroom - we are MS Partner and not training center, and in the last years I always had trouble organizing hardware for trainings. Now I have a classroom not much further from my desk than the next coffee machine, which contains everything needed, and has a link into the testing center for further demos (there are SANs, Backup-Robots, Clusters, …).
I just realized that I haven't blogged for a while, and that I missed to write about some topics which I'd consider as interesting.
I won't put everything in one post - and I won't write everything tonight - don't worry.
First thing: I had one exam voucher to expire by the end of 2004, so I decided the last day before Christmas to sit in a exam I wanted to take for some time but haven't had the opportunity/time. So I went into 70-298 Designing Security for a Microsoft Windows Server 2003 Network", and it was very interesting. It covered a broad range of security topics and technology. The exam is in the same style the other Designing Exams are - you have to read a lot of text (Current Infrastructure, planned infrastructure, interviews with CIO, CSO, admins, users, partner companies, ...) then answer a couple questions how you would implement the solutions to meet the requirements. After you've finished one scenario you can carry on with the next one, but not browse back to the finished one.
Downside: I'm not a fan of those "reading contests" - but however, the exam is OK. Another thing is that it covers solutions you can implement with Microsoft products - OK - it is a Microsoft exam, but most customers I know rely on appliances or third party products when it comes to RAS.
But overall the exam tests you against a good set of scenarios and products - and I think that every admin should know those security technologies.