My ramblings on the stuff that holds it all together
TechEd EMEA 2008 IT Pro – Day 4
Penultimate day at TechEd, still get the feeling its scaled down this year, but still some good content and some of the best sessions so far today. It was a slightly earlier start and late finish due to the 2pm finish tomorrow, today’s hilights as follows.
Note to Microsoft – early start following the country drinks probably not the wisest move 🙂 1st sessions were pretty quiet this morning 🙂
First session was Migrating and co-existence with Microsoft Online; looking at the steps involved with integrating with Microsoft hosted Exchange services which were shown on Monday’s keynote
Key points for me were;
- This is for Microsoft’s hosted Exchange service only, other providers of managed Exchange like Fasthosts and 1&1 don’t have the same facilities
- Tools support import from a variety of sources, Exchange 200x, Domino, POP3/IMAP, Yahoo mail etc.
- Migration & co-existence tools and documentation are downloadable from the online configuration pages, the tools provided are modified versions of the Exchange Transporter/Migration suite.
- Push-based Dirsync to Microsoft online via dirsync tool which is a packaged up version of the ILM product.
- Co-existence is supported through the use of alias domains, disabled target objects and alternative recipients; basically the same method as the Quest tools use to do a cross-forest migration.
- Don’t have to move all – can operate a mix of local and hosted mailboxes.
- Because co-existence is basically cross-forest free/busy and delegation do not work across the internal/hosted boundary – Microsoft are hoping to address this; but it’s an inherent issue with this type of co-existence.
- Mailbox ACL’s delegates and rules and RSS feeds are not migrated – user will need to re-create.
- Passwords are not migrated/sync’d so users will need to create a new password via online sign-on wizard.
- Can choose to migrate all or a rule based subset of the mailbox contents
- Clients are not automatically redirected once it’s migrated – need to follow sign-on wizard via Microsoft online service which downloads a new MAPI profile to Outlook
Next up was a journey to the centre of a terminal server; a level 400 technical session on the internals of terminal server logons and processes; there was far too much technical information for me to blog so I’ll provide some links.
- Terminal services has now officially been renamed to Remote Desktop Services see here
- A comprehensive Whitepaper on tuning terminal services has been released here
- Terminal Services in Windows 2008 is much more modular with 3 component services, this separation enables much better separation of session management behind the scenes.
- New TS app analyser has been released, which can examine applications and determine their suitability for use on a terminal server looking for common permissions/file issues.
- One thing to watch with RemoteApp sessions is that a full desktop is rendered in the background, if that user profile or application spawns a window-less UI it can become a stuck zombie process when the user closes the RemoteApp session, Acrobat Reader updater (AcroTray) is a common culprit.
- There is a complicated issue with registry profile time stamps in a TS farm which to be honest I don’t fully understand – but Immidio have some free tools to assist with this, Tritsch is an excellent presenter and certainly knows his material
Next was Anatomy of a hack 2008 by Jesper Johansson, showing how malware is being pimped in the guise of anti-malware software!
key points were;
- It’s all about the money – organised crime running the same sort of bait and switch scams as they always did, but now on a massive, easy to do scale.
- Malware developers are getting good, and well organised with some innovative and well thought out lures.
- Some Malware now alter their behaviour if it detects that it is running inside a VM to avoid security researchers usual MO.
- Fraudulent transactions are going to Eastern Europe and infrastructure is distributed around the globe to handle transactions and Malware distribution
- They are definitely targeting layer 8 issues rather than technical steps to compromise systems through vulnerabilities; preying on the naive, careless or less informed.
- difficult to prevent, education and caution the key
How Mark manages to keep all the encyclopedic amount of internal Windows information inside his normal sized head I don’t know – but his sessions are always very detailed and thorough.
Key points for me were;
- This was the 1st session I attended that Windows 2008 Hyper V has been referred to as Hyper V 2.0.
- there are comprehensive power management improvements in R2 which are propagated through to Hyper V; allowing suspend “parking” of individual CPU cores and consolidating CPU core workload to the minimum required to provide service – thus reducing overall power requirements.
- Intel and AMD have EPT and NPT technology embedded into new CPUs which will handle shadow page table mapping in hardware delivering significant performance improvements and reducing host OS usage.
- VHD (Virtual Hard Disk format) is a strategic direction for Microsoft, intended to replace all other container formats (CAB, ZIP, WIM etc.).
- VHD is an open, documented file format – open to 3rd party solutions and integrations.
- Windows Backup in Vista and 2008 already write backup data out to a VHD file.
- Improved Windows 7 / Server 2008 R2 boot manager will support boot from VHD, BCEDIT is used to point at a file system mounted VHD file rather than the traditional partition.
- Pagefile and boot loader need to remain on a physical partition.
- This enables some highly flexible multi-boot scenarios and makes P2V, V2P much easier.
- Mark showed his laptop which was booting Windows 7 from a VHD file.
- Boot from VHD also supports differential disks, this enables some very cool scenarios where the root disk is a known good/safe image with all changes being written into a differential VHD – allows for neat roll back to a standard condition (Internet kiosk type scenario) or protection from patching etc.
- Also allows for offline servicing of OS through patching too.
- Allows ISV’s to deliver apps or even whole OS/VM installations ready to use (appliances).
- nesting VHD files inside each other is not recommended and >2 levels is not supported.
A final thought from me on this is that if they were to integrate the SIS (Single Instance Storage) features of the .WIM format into VHD files then that would be a very compelling solution for VDI farms, VM terminal servers, and would make the download/streaming of VM images (via MED-V) very efficient, you could distribute a single VHD with multiple variations of a Vista or XP OS build in a very storage efficient manner.
Ok, so that was day 4 – last day tomorrow!