Virtualization Pro Tips Blog en Off-Topic: The Challenge of Eliminating Administrator Rights when the User Owns their Computer <div class="node-body blog-body">Another off-topic post for today, this time on the ever-present problem of successfully eliminating administrator rights.  If you’ve been around IT for any period of time, you know that administrator rights represent one of our biggest security challenges.  Microsoft Windows, for all its greatness, gives us what amounts to an on/off switch for assigning rights to most people:  Either they’re Administrator, or they aren’t. Problem is that the real world knows that on versus off mentality just won’t fly any more.  Its for that reason why I was recently asked to present a webinar (which you can view on-demand here) on exactly these challenges. There were some unfortunate technical difficulties that precluded my helping out with the post-event Q&amp;A.  That that I’m greatly disappointed, because one of the people watching asked this intriguing question: How do you justify to &quot;professionals&quot; (e.g., lawyers, doctors, faculty) the removal of control of &quot;their own&quot; computers? The person who asked this question nailed privilege management’s “people” problem right on its head.  Namely, that all people are reticent to give away rights when they feel a sense of ownership.  If a user’s computer belongs to the company and not them, they’ll argue less when you pull their privileges.  At the very least, they’ve got no leg to stand on when you do. But when that computer is actually owned by its user, pulling their privileges is a lot like taking someone’s car keys away.  They still own the car, but they can’t drive. It is in exactly this situation where the art of privilege management enters one of its most challenging grey areas.  Challenging, because of the obvious ownership issues; grey area, because the good of the public is arguably better served by inconveniencing the good of the individual. There are no technical answers for eliminating administrator rights in this situation.  There’s no script I can suggest you run or box you check in an inte</div> <p><a href="" target="_blank">read more</a></p> Virtualization administrator rights Viewfinity Virtualization Virtualization Pro Tips Blog Thu, 28 Oct 2010 20:26:39 +0000 57349 at Podcast: Increasing Hyper-V Storage Performance by 3x with Virsto Software <div class="node-body blog-body">Are you running Hyper-V as your hypervisor, but concerned about performance? It could be your storage. In this podcast, I talk with Mark Davis, CEO of Virsto Software about the thrashing problems with Hyper-V and some interesting solutions for better IOPS. Catch up with @ConcentratdGreg on Twitter!</div> <p><a href="" target="_blank">read more</a></p> Virtualization iops mark davis virsto Virtualization Virtualization Pro Tips Blog Tue, 05 Oct 2010 20:38:50 +0000 57560 at Free Book: Private Clouds: Selecting the Right Hardware for a Scalable Virtual Infrastructure <div class="node-body blog-body">I’m in the middle of constructing a new book for Realtime Publishers titled Private Clouds: Selecting the Right Hardware for a Scalable Virtual Infrastructure.  Four chapters long once its complete, I’m giving it away for free at the Realtime Publishers’ website: This one’s an interesting new topic for me.  In it I attempt to re-write the conventional wisdom of virtual hardware, focusing people towards the benefits in pre-packaged and pre-engineered virtual hardware.  The concept is a lot like the old “white boxes” of yesteryear.  Back then you at some point realized that building your own servers out of individual pieces and parts was never as good as those you could pick up from a Tier 1 hardware vendor. This book’s argument is that we’ve essentially come to the same inflection point in virtual hardware today.  Rather then constructing your virtual environment out of individual pieces and parts, it makes more sense to purchase pre-packaged and pre-engineered “modules” of processing, networking, and storage.  Only by abstracting hardware into “units of processing” do we finally embrace the otherwise-confusing concept of Private Clouds. To me, its turning into quite the interesting read. Drop on by and pick up your free copy.  Chapter 1 is up, with future chapters coming every four weeks or so (following the usual Realtime Publishers model).  Definitely let me know here what you think of the discussion. Here’s the blurb from the site to whet your appetite even more: Private clouds are quickly becoming an effective means of stretching infrastructure to meet growing application needs. But the definition of the term &quot;private cloud&quot; can be somewhat elusive. What exactly is meant by &quot;private cloud&quot;? How do you build one? Once you have a private cloud, what is the benefit for the application consumer? And, finally, how can modular hardware make a cloud </div> <p><a href="" target="_blank">read more</a></p> Virtualization modular private cloud scalable Virtualization Virtualization Virtualization virtualization Virtualization Pro Tips Blog Thu, 30 Sep 2010 13:26:43 +0000 57700 at VMware Releases Workstation 7.1.2 Update <div class="node-body blog-body">You’ll find a new update for VMware Workstation the next time you power it on.  Version 7.1.2 includes a set of fixes for various operating systems, as well as some performance improvements for NAT networking.  I’ve been experiencing problems myself with NATted virtual machines since the 7.1.1 update.  I look forward to seeing if this fixes those problems. Here’s what VMware’s website advertises as the highlights: Added Microsoft Visual Studio 2010 support for Integrated Virtual Debugger’s live debugging mode. Addressed issues with running Windows 7 SP1 Beta, RHEL 6.0 Beta and Fedora 13 in a virtual machine.  Each of these Operating Systems versions are still in development or have known issues, therefore they are not fully supported by VMware. Made several performance improvements to NAT networking. VMware Workstation 7.1.2 has been tested with the new standalone VMware Converter 4.3.  VMware Converter 4.3 now handles Windows 7!  Download VMware Converter for free. Easy Install now supports older versions of CentOS. Added Windows 2008R2 and Apache Server 2.2.15 support for ACE Management Server. Read the VMware Workstation 7.1.2 release notes for more details. Remember that you can always manually check for an update by clicking Help | Check for Software Updates Now inside Workstation. Catch up with @ConcentratdGreg on Twitter!</div> <p><a href="" target="_blank">read more</a></p> Virtualization 7.1.2 NAT Virtualization workstation Virtualization Pro Tips Blog Mon, 27 Sep 2010 13:12:46 +0000 57794 at WEBINAR: Achieving Server Recovery in Minutes with Virtualization <div class="node-body blog-body">The nice people over at AppAssure asked me not long ago to join them for a webinar.  That webinar essentially asks the question, “What do you do when you need to bring a crashed server back online – literally – in minutes?”  The answers might surprise you. If that’s a capability you wouldn’t mind having, check out this webinar.  I’ll talk about some of the simple and stupid reasons why you won’t get there today, along with some smart alternatives that will make “in minutes” a reality. Here’s a bit more from the webinar’s blurb: Achieving Server Recovery in Minutes through Virtualization Uh oh, your mission critical server is down. What do you do? Look for its last backup on tape, hoping that last night's backup job actually succeeded? Start rebuilding a new server? Look for a new job? Or, simply click the button marked Recover Server, wait a few minutes, and then go about your day? With the right backup solution in place, that second option is an absolute reality. Today's disk-based backup approaches go much further than simply shifting the backup medium off of tape. They enable files, individual emails, and database entries to be restored without restoring volumes, data stores, and databases. They enable fast server recovery to any 15 minute interval in the past. They enable lost servers to be restored in minutes, either onto the same server or even onto an alternate one. And they finally solve the age old problem of what to do when that mission critical server is down. The answer: Recover it in minutes to a virtual server, giving you the breathing room to fix its original hardware without massive downtime. Learn all about how to get there with IT industry analyst and Windows IT Pro blogger Greg Shields. In this quick but informative webcast, Greg will highlight the Seven Requirements Your Backup Solution Doesn't Have, and show you why disk-based backups will better preserve your servers…and your job! Register Today!   Catch up with @Concentratd</div> <p><a href="" target="_blank">read more</a></p> Virtualization AppAssure Virtualization Virtualization Pro Tips Blog Fri, 24 Sep 2010 17:42:26 +0000 57009 at Simple Fix: vSphere Client Performs Slowly on Windows 7 <div class="node-body blog-body">I love these little, “turn off something we turned on” fixes for common problems.  Surfing through VMware’s recent knowledgebase articles today I found 1027836.  That KB is titled vSphere Client performs slowly on a Windows 7 system. The symptoms suggest that the vSphere Client may experience slow performance when run atop Windows 7, particularly redraws and especially when maximizing the client. The resolution is rather simple.  Right-click the vSphere Client’s shortcut and choose Properties.  Under the Compatibility tab, select Disable desktop composition.  Then give ‘er a try. Catch up with @ConcentratdGreg on Twitter!</div> <p><a href="" target="_blank">read more</a></p> Virtualization kb Virtualization vsphere client Windows 7 Virtualization Pro Tips Blog Mon, 20 Sep 2010 13:12:28 +0000 57911 at Get Your Hyper-V Visio Stencils! <div class="node-body blog-body">The web’s full of all kinds of great Visio stencils you can download to make your Hyper-V graphics look snappy.  A quick search pulled up three that are worth a look-see: Get your set of handmade Visio stencils, compliments of IT Consultant Jonathan Cusson, from this URL: Over at the TechNet blogs, TONYSO points you to the Microsoft Office 2007 Professional Add-In for Rack Server Virtualization (Virtual Rack).  His link is If App-V is your game, then check out these nifty App-V stencils from;task=view&amp;id=51&amp;Itemid=30. Catch up with @ConcentratdGreg on Twitter!</div> <p><a href="" target="_blank">read more</a></p> Virtualization stencil Virtualization visio Virtualization Pro Tips Blog Mon, 20 Sep 2010 12:05:00 +0000 57253 at Video Training Tiplet: Teaming & Load Balancing ESXi NICs in vCenter Server 4.1 <div class="node-body blog-body">A single network connection won't get you far in ESXi. It'll absolutely get you network connectivity, but you'll quickly lose that connectivity should you lose the NIC. Learn how to team network connections in ESXi and vCenter Server 4.1 in this Video Training Tiplet.   Transcript: Hey, this is Greg Shields with another Windows IT Pro Video Training Tiplet, this time on Teaming and Load Balancing ESXi Server NICs in vCenter Server version 4.1. So you’ve completed the installation of ESXi and you’ve probably got your vCenter Server up and running, and the next thing you probably want to do is team some of the network connections so your virtual machines have a redundant connection to the production network. Now when you team those connections, you’ve got a couple of different options for how you team them. First is failover teaming, which essentially means that one NIC will pick up when the other one fails, or you can also do load balancing teaming which uses the 802.3ad link aggregation protocol on the network switch side to actually go through and complete load balancing so that both of the NICs are in use at all times. Now the way that you go about doing that involves a couple of steps. The first thing that you need to do is obviously here inside of the vSphere Client. You’ll see that I have two servers that are currently attached to Our DataCenter. And for this server, 221, I’m actually looking at its configuration tab here under Networking. You’re probably familiar with the virtual networking configuration of ESX. Here on the left-hand side we have the virtual half of the equation. Here are our Virtual Machine Port Groups and also the VMkernel port that is being used for the management network. In the middle we have our grey box that references the virtual switch. And on the right-hand side we have the physical adapters that plug into that virtual switch. Adding an additional physical adapter starts by clicking the Properties button. When you click the </div> <p><a href="" target="_blank">read more</a></p> Virtualization 802.3ad load balancing teaming Virtualization vmkernel vswitch Virtualization Pro Tips Blog Sun, 19 Sep 2010 12:29:36 +0000 56996 at Video Training Tiplet: Connecting ESX 4.1 to iSCSI Storage in vCenter Server <div class="node-body blog-body">I’ve always been a big fan of network storage over traditional Ethernet.  With iSCSI’s long history and the new technologies we’re seeing in Fibre Channel over Ethernet (FCoE), storage technologies are pretty obviously making a push towards using the copper infrastructure you already have.  If you haven’t made iSCSI connections yet in ESX 4.1, I’ll show you the steps to set up a simple one in this video.   Transcript: Hey, this is Greg Shields with another Windows IT Pro Video Training Tiplet. Today, we’re connecting an ESX server version 4.1 to iSCSI storage inside vCenter Server. Let’s say that you’ve completed the installation of your ESX server, and you’ve got some of the networking done but what you want to do is connect that ESX server to a little bit of shared storage where you’re going to put your virtual machines. We start that process here inside of the vSphere Client. Now let’s assume that we’ve already created a volume and exposed that LUN to this ESX server. You’ll see here On this server we have two port groups and one physical adapter that are both connected in to the virtual switch. What we want to do is make a connection between this ESX server and that iSCSI storage. We start the process by going here under Add Networking and creating a VMkernel connection type. This connection type is used for things like vMotion, iSCSI, NFS, and even host management. In this case, because we’re doing iSCSI, this is the type of connection we want to create. We have two options here, one for creating a virtual switch or one for using the existing virtual switch. In our case, we’re going to use that existing virtual switch. I choose the Next button, and I have the option of creating a network label, which I’ll just call iSCSI. This is just a friendly name for that port group. You’ll notice three options down here for whether we want to use that port group for vMotion, for Fault Tolerance, or for management traffic. Now because this is a stora</div> <p><a href="" target="_blank">read more</a></p> Virtualization 4.1 esx esxi iscsi storage Virtualization Virtualization Pro Tips Blog Sun, 19 Sep 2010 12:26:00 +0000 57027 at Add to Your RSS Feed: Microsoft Support’s Top Windows Server and Client Problems and Solutions. <div class="node-body blog-body">These are not necessarily virtualization-focused, but they’re useful nonetheless. I was recently introduced to two new Microsoft RSS feeds that you might add to your watch list.  These two highlight a set of most-commonly seen support issues at Microsoft Support along with a set of possible fixes.  All are tutorials that step you through potential solutions, those that you’ll probably be asked about upon calling Microsoft Support.  Some are fairly simplistic, while others highlight “scientific method” ideas that you might not have thought about. Add these two to your RSS feed to keep abreast of new tutorials as Microsoft releases them: Windows Server: Windows Client:   Catch up with @ConcentratdGreg on Twitter</div> <p><a href="" target="_blank">read more</a></p> Virtualization microsoft support rss Virtualization Windows Client windows server Virtualization Pro Tips Blog Fri, 10 Sep 2010 21:26:15 +0000 57771 at Microsoft Releases Compilation of Recommended Hotfixes for RDS in 2008 and 2008 R2 <div class="node-body blog-body">…and the list is surprisingly long.  Six for device redirection, seven for authentication, seven as “core” updates, four for RemoteApps, three for RD Gateway and RD Web, and three more for Session broker. Find the links here: You might have missed this update, as it was a “Fast Publish” TechNet article released about a month ago.  If you’re running either RDS or XenApp, check out the link above and see if any problems you’re experiencing might be fixed with a hotfix.</div> <p><a href="" target="_blank">read more</a></p> Virtualization hotfix RDS remote desktop services Virtualization Virtualization Pro Tips Blog Fri, 10 Sep 2010 21:16:23 +0000 57073 at Video Training Tiplet: Adding an ESXi 4.1 Host to vCenter Server and Configuring Lockdown Mode <div class="node-body blog-body">Going through a vCenter upgrade to 4.1, and need a quick tiplet? How about this one on adding an ESXi 4.1 Host to vCenter Server. You’ll learn how to accomplish the task, as well as how to verify that the ESX server you’re adding is indeed the correct ESX server.  At the same time you'll learn about setting Lockdown Mode on that host, a great solution for restricting configurations to only the vCenter Server console.   Transcript: Hey, this is Greg Shields with another Windows IT Pro Video Training Tiplet, this time on Adding an ESXi version 4.1 host to vCenter Server and also configuring Lockdown Mode. Now if you’ve already gone through the process of installing ESXi onto a server somewhere, you’ll see I have already done that here, the next step is to add that ESXi host into a vCenter Server somewhere. That vCenter Server provides the mechanism to manage that ESXi instance across all the ESX servers you have. Now, obviously, in order to do this you need to have a vCenter infrastructure. You have to install vCenter Server. I’ve done that here to the server You also need to create a Datacenter. That Datacenter ends up becoming the boundary of administration, and I’ve done that here by creating Our DataCenter. Now adding a host into that Datacenter is relatively easy, you right-click and choose Add Host. Its at this point that we create that connection between vCenter Server and that ESX host. We do that here by putting in the hostname or the IP address. In my case, that’s, and then the username and password. Remember that we’re connecting in to an ESX host here. So our username starts with root, and then whatever password we entered in when we finished the post-installation configuration of that ESXi host. If I click the Next button here, you’ll see that we get a security alert that says that vCenter Server is unable to verify the authenticity of the host we’re attempting to connect to, and the SHA1 thumbprint of the certif</div> <p><a href="" target="_blank">read more</a></p> Virtualization esxi lockdown mode sha vcenter Virtualization Virtualization Pro Tips Blog Fri, 03 Sep 2010 20:11:50 +0000 57684 at There’s a New Microsoft Poster! This Time it’s the Remote Desktop Services Component Architecture. <div class="node-body blog-body">Everybody loves Microsoft’s poster series.  They’ve handed them out at conferences, and even dropped them in Windows IT Pro’s hard copy magazine from time to time.  They’re loved because they take a very complex topic like Active Directory, Server 2008 Features, Hyper-V R2, and others, and display them graphically in HUGE format. If you liked those, then you’ll really like Microsoft’s newest one.  Just released is the Remote Desktop Services Component Architecture Poster, a soft copy of which you can get here.  No one knows if hard copies might be coming inside (hint) certain (hint) Windows-oriented (hint) magazines, but they’ve had a history of getting these really neat wall coverings distributed to people.  Let’s hope so!</div> <p><a href="" target="_blank">read more</a></p> Virtualization poster RDS remote desktop services Virtualization Virtualization Pro Tips Blog Thu, 02 Sep 2010 14:41:20 +0000 57605 at Microsoft Takes a Shot at VMware. At VMworld. In the USA Today. <div class="node-body blog-body">You’re assuredly getting all sorts of news already out of this year’s VMworld.  I won’t reproduce that news here.  There’s plenty to see with a huge attendance, crowded breakout rooms, and an even more crowded expo floor. One interesting piece of news arrived as a full-page ad in today’s localized edition of the USA Today newspaper.  That ad was sponsored by Microsoft.  In it is what amounts to a letter from Microsoft directly to VMworld’s attendees.  Read on for its content (in its entirety), and comment below what you think… Dear VMware customers, VMware is asking many of you to sign 3-year license agreements for your virtualization projects.  But with the arrival of cloud computing, signing up for a 3-year virtualization commitment may lock you into a vendor that cannot provide you with the breadth of technology, flexibility, or scale that you’ll need to build a complete cloud computing environment. Microsoft believes cloud computing, which lets you store information and programs in datacenters and access them from almost anywhere with the same ease as accessing a website, represents the biggest opportunity in decades for organizations to be more agile and cost-effective.  Information Technology is evolving into a service accessible from almost anywhere, anytime, and any device.  Virtualization clearly played a role in enabling this move toward IT services by simplifying the deployment and management of desktops and datacenters, which is why we made virtualization part of Windows Server.  However, virtualization represents only a stepping stone toward cloud computing. Imagine never having to set up a server, update an operating system or build a database system.  That is the promise of cloud computing: the ability to access core services quickly and roll out legacy software and new applications at Internet scale without having to deal with today’s deployment logistics, which exist even with a virtualized datacenter.  In other words, if you liked th</div> <p><a href="" target="_blank">read more</a></p> Virtualization Azure Virtualization vmworld Virtualization Pro Tips Blog Tue, 31 Aug 2010 21:39:12 +0000 57701 at Greg to Speak in NYC on Managing Administrator Rights for PC Lockdown – Free Event! <div class="node-body blog-body">A little aside today from the usual virtualization-focused content, but a topic that’s no less important! In just a few short weeks, I will be speaking at a free half-day workshop in New York. Join me, a few other experts, and the sponsor of the event – Viewfinity – to explore some real-world lessons in implementing PC control policies. You already know that handing out Administrator rights simply isn’t a good idea. With widespread Administrator rights, IT no longer really controls their computers any more.  During this half-day event I’ll help you understand why focusing on “The Administrator” just isn’t enough anymore. Among other things, you’ll learn: …that distributing the right permissions to the right people goes so much further than simply eliminating administrator rights.  Applications require them.  Some users need them.  Administrator alone isn’t granular enough. …that smart businesses are replacing IT’s traditional focus on people alone.  That new focus secures desktops based on who the person is, what they need to do, and when they need to do it. …that smart tactics exist to implement Least Privilege, finally solving the problem of effective PC lockdown. If you are interested in joining me in New York on September 15th for a morning workshop, please feel free to reserve your seat here:</div> <p><a href="" target="_blank">read more</a></p> Management & Mobility Virtualization Active Directory Administrator administrator rights pc lockdown Viewfinity Virtualization Virtualization Pro Tips Blog Sun, 22 Aug 2010 23:58:56 +0000 57524 at