Virtualization, Cloud, Infrastructure and all that stuff in-between

Penultimate day at TechEd, still get the feeling its scaled down this year, but still some good content and some of the best sessions so far today. It was a slightly earlier start and late finish due to the 2pm finish tomorrow, today’s hilights as follows.

Note to Microsoft – early start following the country drinks probably not the wisest move 🙂 1st sessions were pretty quiet this morning 🙂

First session was Migrating and co-existence with Microsoft Online; looking at the steps involved with integrating with Microsoft hosted Exchange services which were shown on Monday’s keynote

Key points for me were;

• This is for Microsoft’s hosted Exchange service only, other providers of managed Exchange like Fasthosts and 1&1 don’t have the same facilities
• Tools support import from a variety of sources, Exchange 200x, Domino, POP3/IMAP, Yahoo mail etc.
• Migration & co-existence tools and documentation are downloadable from the online configuration pages, the tools provided are modified versions of the Exchange Transporter/Migration suite.
• Push-based Dirsync to Microsoft online via dirsync tool which is a packaged up version of the ILM product.
• Co-existence is supported through the use of alias domains, disabled target objects and alternative recipients; basically the same method as the Quest tools use to do a cross-forest migration.
• Don’t have to move all  – can operate a mix of local and hosted mailboxes.
• Because co-existence is basically cross-forest free/busy and delegation do not work across the internal/hosted boundary – Microsoft are hoping to address this; but it’s an inherent issue with this type of co-existence.
• Mailbox ACL’s delegates and rules and RSS feeds are not migrated – user will need to re-create.
• Passwords are not migrated/sync’d so users will need to create a new password via online sign-on wizard.
• Can choose to migrate all or a rule based subset of the mailbox contents
• Clients are not automatically redirected once it’s migrated – need to follow sign-on wizard via Microsoft online service which downloads a new MAPI profile to Outlook

Next up was a journey to the centre of a terminal server; a level 400 technical session on the internals of terminal server logons and processes; there was far too much technical information for me to blog so I’ll provide some links.

• Terminal services has now officially been renamed to Remote Desktop Services see here
• A comprehensive Whitepaper on tuning terminal services has been released here
• Terminal Services in Windows 2008 is much more modular with 3 component services, this separation enables much better separation of session management behind the scenes.
• New TS app analyser has been released, which can examine applications and determine their suitability for use on a terminal server looking for common permissions/file issues.
• One thing to watch with RemoteApp sessions is that a full desktop is rendered in the background, if that user profile or application spawns a window-less UI it can become a stuck zombie process when the user closes the RemoteApp session, Acrobat Reader updater (AcroTray) is a common culprit.
• There is a complicated issue with registry profile time stamps in a TS farm which to be honest I don’t fully understand – but Immidio have some free tools to assist with this, Tritsch is an excellent presenter and certainly knows his material

Next was Anatomy of a hack 2008 by Jesper Johansson, showing how malware is being pimped in the guise of anti-malware software!

key points were;

• It’s all about the money – organised crime running the same sort of bait and switch scams as they always did, but now on a massive, easy to do scale.
• Malware developers are getting good, and well organised with some innovative and well thought out lures.
• Some Malware now alter their behaviour if it detects that it is running inside a VM to avoid security researchers usual MO.
• Fraudulent transactions are going to Eastern Europe and infrastructure is distributed around the globe to handle transactions and Malware distribution
• They are definitely targeting layer 8 issues rather than technical steps to compromise systems through vulnerabilities; preying on the naive, careless or less informed.
• difficult to prevent, education and caution the key

Last session of the day was with Mark Russinovitch (of Sysinternals.com fame) on Windows 2008 R2 Virtualization and native VHD support.

How Mark manages to keep all the encyclopedic amount of internal Windows information inside his normal sized head  I don’t know – but his sessions are always very detailed and thorough.

Key points for me were;

• This was the 1st session I attended that Windows 2008 Hyper V has been referred to as Hyper V 2.0.
• there are comprehensive power management improvements in R2 which are propagated through to Hyper V; allowing suspend “parking” of individual CPU cores and consolidating CPU core workload to the minimum required to provide service – thus reducing overall power requirements.
• Intel and AMD have EPT and NPT technology embedded into new CPUs which will handle shadow page table mapping in hardware delivering significant performance improvements and reducing host OS usage.
• VHD (Virtual Hard Disk format) is a strategic direction for Microsoft, intended to replace all other container formats (CAB, ZIP, WIM etc.).
• VHD is an open, documented file format – open to 3rd party solutions and integrations.
• Windows Backup in Vista and 2008 already write backup data out to a VHD file.
• Improved Windows 7 / Server 2008 R2 boot manager will support boot from VHD, BCEDIT is used to point at a file system mounted VHD file rather than the traditional partition.
• Pagefile and boot loader need to remain on a physical partition.
• This enables some highly flexible multi-boot scenarios and makes P2V, V2P much easier.
• Mark showed his laptop which was booting Windows 7 from a VHD file.
• Boot from VHD also supports differential disks, this enables some very cool scenarios where the root disk is a known good/safe image with all changes being written into a differential VHD – allows for neat roll back to a standard condition (Internet kiosk type scenario) or protection from patching etc.
• Also allows for offline servicing of OS through patching too.
• Allows ISV’s to deliver apps or even whole OS/VM installations ready to use (appliances).
• nesting VHD files inside each other is not recommended and >2 levels is not supported.

A final thought from me on this is that if they were to integrate the SIS (Single Instance Storage) features of the .WIM format into VHD files then that would be a very compelling solution for VDI farms, VM terminal servers, and would make the download/streaming of VM images (via MED-V) very efficient, you could distribute a single VHD with multiple variations of a Vista or XP OS build in a very storage efficient manner.

Ok, so that was day 4 – last day tomorrow!