Server Virtualization Systems

VDI (BYOD) Bring your own device

As many SMB’s rise slowly out of the recession and have begun to invest in the latest technologies, they are finding their new software and IT systems may support iPhone, iPad, Android, PC  or Mac. All this connectivity ushers in a new ways to conduct business. The variety of these devices can be used to provide better communication and flexibility in the workplace and thus improve business agility. BYOD can also provide both hard and soft returns for the organization’s IT investments. The hard returns of BYOD materialize as savings to your organization simply because it no longer has to shell out funds for the latest and greatest devices. The soft return may be happier employees and morale because they can leverage their device of choice to connect to company resources, instead of having IT and corporate dictate specific devices. It is important to point out BYOD also brings with it a host of cons that must be considered and controlled by the corporations acceptable use policy and IT security experts.

The first and foremost consideration is data security: A company must consider the pros and cons before they allow company data on an employee’s personal device. Once a company allows an employee to download data to a personal device, the company has little or no control or management of its data. This may also bring up legal issues over ownership of the data should the employer or employee relationship turn sour. For example a company’s intellectual property or contact lists could easily be harvested and brought to a competing business. There are many other variables to consider, such as a well-intentioned employee device may malfunction, damaging or deleting email or contacts on the company mail server. The employee may load an unsecure app whose goal is to leach or damage corporate data. The employee may load an app then walk into the business, connect to WiFi with a potential Trojan horse causing a devastating data loss.  For some organizations this is an acceptable risk, and steps can be taken to help mitigate some of these concerns, however for most organizations this is not tolerable.

BYOD introduces a fine line to saving money. There are additional IT and business costs in supporting multiple platforms. For example; IT must configure the company mail server to support Blackberry, iPhone, iPad and Android. IT must track and try to enforcesuggest a baseline of mobile security. This was a difficult enough task on a single platform, with BYOD this becomes 3X more difficult and time consuming. Fixing one issue for iPhone users may break something for the others.   There are also support and security benefits of supporting a single corporate platform. This conservative thinking brought stability and security to organizations for years.

So where does that leave us? Should an organization allow BYOD or not? There is no right or wrong and only an organization can choose whether the benefits can outweigh the risks. Chances are in a small organization this can be managed on an individual basis. Anything beyond a small business or a business that lives or dies by its data needs to seriously consider the implications of introducing unmanaged personal devices into their organization. However what we have discussed so far assumes an organization allows an employee devices to directly connect, sync, and interface with company assets.

Are there other options or solutions? Absolutely! VDI (Virtual Desktop Infrastructure). The industry has been virtualizing servers for years, VDI technologies are one of the hottest topics in IT. VDI leverages the benefits and investments in server virtualization and extends them to the desktop and mobile device space.  VDI software such as VMware View, Citrix XenAPP or Citrix XenDesktop allows secure data access for BYOD’s users. The biggest VDI benefit is that corporate data can be extended to all main stream devices and no actual copy of the data is stored on the device. Rather all data is stored, maintained, and secured in the organizations IT system. The VDI software client is also agnostic to the device or platform it runs on, thus eliminating the actual work in configuring the entire system to work with multiple platforms.  VDI allows the organization to maintain control over its data while still leveraging the benefits of BYOD.

SkyByte is a VMware Professional Partner and a Citrix Solution Provider.  Contact us today for a server virtualization or VDI evaluation.

SkyByte Consulting is a premier provider of Virtualization solutions and technologies.


Recently SkyByte won an RFP for a major suburban park district near Chicago. SkyByte successfully beat out four other Chicago IT firms with our design and project pricing. The park district had approximately thirty aging physical servers well beyond their effective service life. Their server room consisted of two 42U racks full of old server equipment. SkyByte proposed a four server VMware vSphere Cluster connected to a NetApp 2040 SAN. Cisco switches were chosen and NFS was utilized for the storage area network. SkyByte architected a secure DMZ along with multiple production internal networks. The project had the added benefit of centralizing all of the organizations data within the new NetApp SAN. This further improved the organizations disaster recovery options.

SkyByte installed the new VMware vSphere cluster and virtualized all the old servers from P to V. The virtualization candidates were Microsoft Exchange, four Microsoft SQL database servers, file and print servers, application servers and many F5 load balanced web servers.  Upon completion of the project all old server equipment was removed, and a complete 42U rack was removed from the room. 84U U’s of space were reduced to 15U’s. Power and cooling requirements for the data room were reduced by more then 50%. The park district gained fault tolerance, and high availability; the system is designed to continue business operations with a two host failure. The organization also gained much more flexibility within their system to meet the public's needs. Other benefits have been much better performance logging and reporting. The organization has acknowledged system performance was dramatically improved across all servers.

SkyByte has been working with Virtualization technologies since 2003. Over the last several years we have focused our infrastructure practice on server virtualization and server consolidation through the use of VMware vSphere Clusters and standalone ESX and ESXi hosts. He have aligned ourselves with NetApp and EMC for storage solutions. SkyByte has found VMware’s virtualization product suite to be vastly superior to the competing server Virtualization software such as Hyper-V and Citrix XenServer. Specifically the levels of refinement, flexibility, reliability and support are much better with the VMware products.

Contact us today for a free evaluation of what Virtualization can do for your organization. 847.574.6256 or info@skybyte.com

I recently ran into a situation that required me to get some information off of a Windows image backup. The file that Windows backup outputs is a .VHD file which is the same type that Hyper-V creates. I created a new virtual machine and attached the .VHD of the backup as the hard drive. When booting I received an error telling me "Boot Failure. Reboot and Select proper Boot device or Insert Boot Media in selected Boot device". After some digging around on the Internet I found some information explaining why it would not boot.

The .VHD file that Windows backup creates is just a data only file. These are not bootable and cannot be made bootable this is by design. There were some mentions of people getting this to work, but there were many who tried and failed. This .VHD file is intended to give you access to the file system on your old machine but not to be loaded into a virtual environment. To do this you would have to use the convert physical machine selection in Hyper-V or System Center Virtual Machine Manager to use the machine in a virtualization environment.

With the popularity of Server Virtualization Systems on the rise, maybe Microsoft will include an option on the backup and restore for Windows 8 that will allow for converting a physical to a virtual. This could even be just for Professional, Ultimate and Enterprise versions.

How many times have you not had sufficient space on your virtual server due to growing exchange data stores, SQL databases, or Data Protection Manager backups?  It can be a daunting task, in smaller networks, to have sufficient drive space on VM hosts. Using Microsoft Hyper V server 2008, I've setup test and dev machines and just hosted the VM files off on an external hard drive. 

In the past external hard drives running USB 1.1 and 2.0 were too slow to host a file such as a .VHD effectively. Within the last couple of years technologies like e-Sata and USB 3.0 have emerged as great choice's for an external interface. These newer external ports offer superior read and write throughput performance for hard drives. You can purchase expansion cards that give your server the ability to have these ports. In the case of e-Sata, you can also employ Raid setups using external drive housings that support raid 0,1,5,10 and others.

I've found that, depending on your virtualization hosts configuration, you can setup or relocate .VHD files onto an external drive. Also you could add an external drive to house all of your machine backups and images on drives up to 3TB in size. With the performance of both USB 3.0 and e-Sata you can create, deploy, and restore in a fairly quick amount of time. Non-essential or lightly used VM's could be hosted on a single external drive with higher use possible using an e-Sata Raid setup. This solution would be very easy to implement with many server virtualization systems and very inexpensive compared to upgrading the drives in a server.

Last night I ran into an issue where a Microsoft Exchange 2010 Information Store would fail to start after changing a setting on the VMware host.  This particular mail server is part of a VMware Vsphere cluster which needed additional hard drive capacity due to an increasing Exchange store size.  I first began by creating a backup of the server and then converted the hard disk to a dynamic disk.  The next step was to increase the hard drive size in the VMware vsphere client.  One of the many VMware virtualization benefits is the ability to increase a guest OS's hard disk space while the server is running.  After increasing the hard disk size and expanding the volume, I rebooted the server to verify everything was running normally.

After rebooting the server, I immediately noticed Exchange was offline.  My first thought was something became corrupted during the expansion of the drive.  I opened the services snap-in and noticed two Exchange services were stopped.  I tried to manually start each service but they failed and threw an error.  I tried to reboot the server again but Exchange still would not start.  I opened the Event Viewer and found MSExchangeIS was reporting the following error:

"Unable to initialize the Information Store service because the clocks on the client and server are skewed. This may be caused by a time change either in the client or the server, and may require a reboot of that computer. Verify that your domain is properly configured and is currently online."

I verified the date and time were set correctly and that the mail server was able to ping the domain controllers on the network.  I soon discovered the VMware host was behind about 12 minutes from the mail server's time.  From a past experience on another VMware vsphere cluster, I knew this was a time synchronization issue and was likely the cause of Exchange not starting.

The Solution: was to correct the time on the VMware host and reboot the mail server.  Exchange started successfully after rebooting.  The time between the guest and the host in virtualization should be synced as closely as possible.  While this problem was unrelated to the expansion of the hard disk, it is very important to create a backup of the server anytime you make a major system change.

 If you are getting either of the errors below after installing vSphere 4.0 on your Windows 7 or Server 2008 R2 Machine.

Errors-

• Error parsing the server "<servername>" "clients.xml" file
• The type initializer for VirtualInfrastructure.Utils.HttpWebRequestProxy' threw an exception.

Solution-

I’ve run across a fix for users wishing to use vSphere 4.0 and Windows 7 and Server 2008 R2. This issue is resolved in VMware vSphere 4.0 Update 1. Prior to this update, the vSphere Client is not supported in Windows 7 or Windows 2008 R2 and it does not run in Compatibility Mode. This issue may occur because of the .NET loading mechanism change in Windows 2008 R2 and Windows 7.

To bypass the normal .NET Framework loading mechanism:

     1. Download the file system.dll. This file is typically located in %SystemRoot%Microsoft.NETFrameworkv2.0.50727 directory of a non-Windows 7 or Windows 2008 R2 machine with .NET v3.5 SP1 installed.

     2. Copy the file to C:Program Files (x86)VMwareInfrastructureVirtual Infrastructure ClientLauncherlib.

 Note: If the lib directory does not exist, create it.

     3. Open VpxClient.exe.config in a text editor. The file is located at C:Program Files (x86)VMwareInfrastructureVirtual Infrastructure ClientLauncher.

     4. Add the following three lines to VpxClient.exe.config, just before </configuration>:

<runtime>

<developmentMode developerInstallation="true"/>

</runtime>

     5. From Windows 2008 R2 or Windows 7 System Properties, click the Advanced tab > Environment Variables. 

     6. Create a new System variable called DEVPATH and assign the value:

C:Program Files (x86)VMwareInfrastructureVirtual Infrastructure ClientLauncherLib

Note: For 32bit operating systems, replace Program Files (x86)with Program Files.

 You can now launch vSphere Client from a Windows 7 or Windows 2008 R2 machine. You may have to right-click on the vSphere Client icon and choose Run as administrator.

Now that it's working you can use your Windows 7 or Server 2008 R2 vSphere client to manage your VMware vSphere Cluster and take advantage of remote access of your VMware virtualization environment. SkyByte Consulting can assist your firm in its systems virtualization efforts. If you need assistance please go to Contact us for assitance.

• Assess your network infrastructure and decide if you need to acquire a new server or just require some server upgrades. Remember Exchange 2010 only runs on 64-bit versions of Server 2008 and R2. This also means you will need a 64-bit processor in your server.
• Do you currently use virtualization in your network infrastructure? If so you can virtualize your exchange server or servers using Microsoft Hyper V Server 2008,  Vmware Vsphere Installation, and other server virtualization systems.
• Download and read the Planning for Exchange 2010 and also the Deploying Exchange 2010 information on Microsoft's Technet site.
• Does your current network infrastructure design support an edge configuration, or will you be just installing a single server setup?
• If you are upgrading you can only upgrade from Exchange 2007 R2. This may require you to upgrade your exchange 2007 server to R2. If your running Exchange 2003 you will have to perform a migration.
• If your running an older network infrastructure like Server 2000 and earlier, it will require an Active Directory upgrade.
• Do your current email security solutions support Exchange 2010?
• When you finalize your plan also perform a business continuity risk assessment focusing on electronic communications for your business, and update your information Technology disaster recovery plan to include the new Exchange 2010 mail server or cluster. These are very important parts of the process that many neglect to do.

DirectAccess is a new technology in Windows 7 that eventually may replace traditional VPN installation solutions such as Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol/Internet Protocol Security (L2TP/IPsec), and Secure Socket Tunneling Protocol (SSTP). DirectAccess is an automatic connectivity solution that allows clients running Windows 7 to connect seamlessly to the corporate intranet the moment they establish any Internet connection. The adoption of DirectAccess will not occur overnight. Organizations have to make major changes to their network infrastructure, adopt new server and client technologies, and fully change over form IPv4 to IPv6.

DirectAccess is an always connected, IPv6, IPsec VPN connection. If Configured properly a computer or laptop is able to connect to the Internet, and direct access automatically connects the machine to their corporate network. DirectAccess differs from other VPN solutions in the following ways:

• The connection process is automatic and does not require user to do anything. The DirectAccess connection process starts from the minute the computer connects to an active Internet connection. To the user it appears that they are always connected to the company's intranet, whether they are sitting in the office or they are in their hotel room on a business trip. Traditionally, users must initiate VPN connections to the corporate intranet manually.

• DirectAccess is bidirectional, with servers on the intranet being able to interact with the client running Windows 7 in the same way that they would if the client was connected to the local area network. In many traditional VPN solutions, the client can access the intranet but servers on the intranet cannot communicate with the client. DirectAccess provides administrators with a more granular way of controlling what intranet resources are available to remote users and computers. Administrators can integrate DirectAccess with NAP to ensure that remote clients remain up to date with virus definitions and software updates. Administrators can also apply network security policies to isolate servers and hosts.

As you can see DirectAccess is a very useful technology for the corporate user. Although it will require most companies to upgrade their network infrastructure, the simplification of the users involvement compared to a typical VPN installation might outweigh the work involved to implement DirectAccess.

SkyByte is a security based service and solution provider dedicated to the delivery of secure data communications, risk management, data integrity and corporate privacy. SkyByte offers a wide array of IT consulting services such as the design and maintenance of firewalls, VPNs, LANs, WANs, VMware server virtualization, messaging systems and secure wireless networks.
 

An essential part of a proper Business Continuity Management Plan evolves monitoring the environmental conditions inside the businesses data center or computer room. Ensuring optimum temperature and humidity conditions will ensure maximum equipment life. This provides the the best equipment reliability, provides IT ROI to the business and reduces the risk of equipment failure.  

For the past several years, SkyByte has installed and utilized an IT room monitoring system from AVTECH to monitor and alert key personnel of environmental conditions such as temperature, humidity level, air flow, and much more.  The system connects into your existing network infrastructure providing a web page to view real time status of all sensors connected.  The system can also send alerts via email and other communication methods if a problem or sudden climate change occurs. This allows the IT staff or consultants to take immediate action before its too late.

Inside the IT equipment room of a client, SkyByte has installed the AVTECH system, which is a 19" rack mountable 1U control board with connections for various sensors and accessories.  With this installation, we have 2 temperature sensors, a flood detection sensor, a power loss detection sensor and an airflow sensor.   

The two temperature sensors provide us real time air temperature and humidity levels in the rear of the main server rack and the outlet vent of an air conditioning unit.  If we happened to lose air conditioning, the room temperature could climb significantly in just a matter of minutes, posing a major threat to the valuable equipment.

The flood sensor detects and alerts of any liquid that comes in contact with a cable around the perimeter of the room.

The power sensor plugs into an AC outlet and with detect and alerts of a loss in power.

The airflow sensor alerts if the air conditioning system unexpectedly stops running.


Relying on this system provides both SkyByte and the client piece of mind that the environment surrounding their crucial IT equipment is in check.

SkyByte is well versed in Business Continuity Management Plans & Disaster Recovery Solutions as well as wide array of IT consulting services. Call or email us today for more information.


SkyByte is a security based service and solution provider dedicated to the delivery of secure data communications, risk management, data integrity and corporate privacy. SkyByte offers a wide array of IT consulting services such as the design and maintenance of firewalls, VPNs, LANs, WANs, VMware server virtualization, messaging systems and secure wireless networks.


 

Recently SkyByte completed a complicated upgrade of CheckPoint Firewall 1 R61 to R70 for a large park district near Chicago. This particular firewall was at the center of the client’s network enforcing traffic to approximately 10 different locations around the suburb. The Firewall utilized a BGP WAN connection for the external Internet interface and several other internal interfaces and DMZ zones.  The production R61 enforcement point was running Checkpoint's hardened Linux platform called SPLAT and the primary management console was running Windows server 2003 32bit.  SkyByte was brought in due to its extensive experience with network firewall security. The planned upgrade consisted of all new server equipment for the enforcement point and also a VMware virtualized primary management console.  Because the client was implementing new hardware, SkyByte was able to minimize planned downtime during the upgrade. Using CheckPoint best practices; SkyByte designed an upgrade plan to R70 by building the new enforcement point and management console side by side with the R61 production system. SkyByte also provided hardware specifications for new Dell rack mounted servers that met Checkpoint’s hardware compatibility list. Before installation of the new firewall SkyByte performed extensive backups of the production system and implemented a roll back plan just in case of unforeseen problems.  After detailed testing of the new system and confirming all network security was intact, a cut over time was chosen by the customer.  The planned cut over took about 15 minutes and went very smoothly.
 
The client is very happy with their new Checkpoint environment. The new firewall hardware is much more robust and the client is enjoying the new features and network security that Checkpoint Firewall 1 R70 provides.

SkyByte Consulting believes one of the most helpful features we cant seem to live without in Microsoft Outlook is the autocomplete feature of previous names and addresses you've used when composing or replying to emails. For many people this feature is used far more then their contact list. Prior to the release of Microsoft Outlook 2010, the names and addresses for this feature were stored in a .NK2 file located within the user's profile.  With the release of Outlook 2010, the .NK2 was replaced with an autocomplete cache .DAT file.

Its important to know, when performing an upgrade installation to 2010, the installer automatically converts any existing NK2 files for you.  However, in some situations, such as moving a user to a new computer with Outlook 2010 installed, you can manually convert this using a simple run command.

To do so perform the following:

1.  Verify Microsoft Outlook is closed and not running.
2.  Verify "Show hidden files and folders" is enabled in the Folder Options.
2.  Make a copy of the old .NK2 file from the previous Outlook profile.
For Windows 2000/XP, browse to C: Documents and Settings Username Application Data Microsoft Outlook
For Vista/7, browse to C: Users Username AppData Roaming Microsoft Outlook
3.  With Outlook 2010 installed and configured properly, transfer the .nk2 file to the same location from where you copied on the old machine depending on OS.  You may need to enable hidden files and folders on the new machine.
4.  Verify the .nk2 file is named the same as your Outlook profile.  By default the file is named "Outlook.nk2".
5.  Go to start and click run.
6.  Type in "outlook.exe /importnk2" and click OK.
7.  Compose a new email and verify your autocomplete cache is available.

The NK2 file is renamed to "Outlook.nk2.old" during this process.


For more information see Microsoft KB980542.  http://support.microsoft.com/kb/980542


SkyByte is a security based service and solution provider dedicated to the delivery of secure data communications, risk management, data integrity and corporate privacy. SkyByte offers a wide array of IT consulting services such as the design and maintenance of firewalls, VPNs, LANs, WANs, VMware server virtualization, messaging systems and secure wireless networks.

 

Recently SkyByte saw an issue with a Dell Latitude 13 laptop after installing a new SSD hard drive. The symptoms manifested during and after a Windows 7 pro 32-bit install running BIOS A01. The machine would take hours to install Windows 7 and hours trying to start the OS. After much diagnosis and trail and error we narrowed the problem down to the ATA controller. Ultimately the issue ended up being that ACHI (Advanced Host Controller Interface)  needed to be disabled and conventional ATA mode enabled in the BIOs settings. The laptop returned to lightning speed after we made the change and reinstalled Windows 7. 

1. Boot machine from SCVMM or Hyper V Manager.
2. Open an elevated command prompt and run an ipconfig /all and record the adapters settings. (Just in case)
3. Shutdown the VM.
4. Add the regular adapter.
5. Power up machine.
6. Copy the settings to the network adapter.
7. Remove old settings from the previous adapter.
8. Shutdown VM.
9. Uninstall the Network adapter from device manager.
10.  Shut down the VM.
11.  In either manager from step 1, remove the Legacy adapter
12.  Power up VM again.
13.  You should now have a 10Gbps connection to that VM.