We have had a VMware ESX cluster for a while now, but last night I put together our first diskless ESX server. I’m excited about this because it eliminates a failure point from the environment - the local disks in the servers. I’m using Qlogic iSCSI HBA’s and booting from a 10GB volume on our Equallogic SAN.

I got everything configured and tested last night. Today, it gets racked and added to our cluster in Virtualcenter. Here’s a few pictures:

No disks The machine on the bottom and the Mac are a test environment for our upcoming Windows 2008 and Mac OSX Leopard deployment. The procurve switch is just for testing on the workbench, once racked, it will be attached to our Cisco 6500 core switch.

It doesn’t even know there’s no disks (boots up really fast too)

VI Client showing specs of new machine - 8 x 2.5GHz cores and 20GB of RAM - lots of horsepower

It’s home once I rearrange a few things tonight. The 4 machines at the top are our current ESX cluster. The disk array just underneath is for disk-based backup. The SAN is in another rack.

I had a battle with this last night after installing Vista SP1 (Apparently TS Web Access requires Vista SP1 or XP SP3), so thought I’d share some details. Why Microsoft waits a year after releasing a new OS to make their remote serer admin tools work on it is beyond me. They did the same thing with XP and 2000.

The Server 2003 “adminpak.msi” kind of worked on vista. Installing it required “Compatibility Mode” be set to XP SP2, then, there was weirdness in some of the tools. For example, in AD Users and Computers, there was no indicator to show an account as being disabled. In DHCP management, you couldn’t do anything except set the “Server Options”. None of the scopes were visible. Since I migrated my workstation to vista, I’ve had to RDP to a server to do AD management more times than I’d like to.

MS finally got around to releasing RSAT, the ADMINPAK replacement. Several new tools are included for managing Server 2008. The download for 32bit Vista is available here and for 64 bit here. I downloaded and installed RSAT last night, after upgrading to SP1, and the admin tools were no where to be found:

Well, it turns out that the download installs all the tools, but places them in a disabled state - seems like a weird way to do it to me. You have to go into “Windows Features” and enable the newly installed tools for them to be available in “Adminstrative Tools:

It took a little while to figure all this out, since documentation is somewhat scarce. Once all of the above was done, I was able to create a custom Management Console with all of the tools I commonly use, and they actually work correctly

I love being on the bleeding-edge of technology.  In our “wired” world, technology is critical in empowering our staff to more effectively carry out the mission of the church.  We were a relatively early adopter of Exchange 2007 - migrating from Lotus Notes last summer.  Now, we are actively exploring the cool features Windows Server 2008 has to offer as well as beginning to roll it out in our production environment.

Things have gone relatively smooth so far, with a WSUS server, three terminal servers, and a few other miscellaneous apps successfully running on Server 2008.  I’ve recently been looking into migrating our exchange environment to Server 2008.  Since they are both Microsoft Products, it should be easy, right?  NOT!  I wonder sometimes if MS makes it hard for us on purpose.  Here are a few of the stipulations for running Exchange 2007 on Server 2008 (from the Exchange Team Blog:

• RTM version of Exchange 2007 will not install run on Server 2008 (I can understand this, since Exchange 2007 was released way before Server 2008)
• Exchange 2007 SP1 runs on Server 2008 (sounds good so far)
• Upgrading to Exchange 2007 SP1 on Server 2003, then upgrading to Server 2008 is a No-Go
• Upgrading from Server 2003 to Server 2008, then installing Exchange 2007 SP1 = absolutely not
• Clean install of Server 2008 + clean install of Exchange 2007 SP1 is gold.

So, basically, the only way to get exchange onto Server 2008 is to do a clean install of Server 2008 on bare metal, then install Exchange 2007 SP1.  At that point, you must configure all appropriate Exchange roles on the new server, migrate all the mailboxes, and then decommission the old server.  Doesn’t sound like much fun.  And, to think, I have 3 Exchange servers.

Obviously, I’ll survive and it will all get done, but it’s a bit frustrating that a company like Microsoft can’t plan for better integration/interoperability among their own products!

I attended the Microsoft product launch event in Atlanta yesterday.  Been traveling all day today, so just not getting a chance to type up a post about it. Overall, it was a great experience.  Got to see and learn about lots of cool new features in Window Server 2008 that I haven’t had a chance to test yet.  Also talked to several interesting vendors.  Here’s a few random thoughts:

• Freebies are always nice.  I walked away with a full copy of Windows Vista Ultimate and limited or trial versions of several other products.
• Overall, the speakers were really good.
• The exhibit hall was like way crowded in the morning.  Hard to have a serious conversation with the vendors do to the number of people present.  Got a little better later in the day.
• Network access protection is interesting - can check certain aspects of a machine, such as antivirus and firewall status and only allow access to servers if certain criteria are met.  Optionally, traffic to servers containing sensitive data can be IPSec protected.  Awesome concepts, but I have a feeling it’s going to be difficult to manage and create headaches for users and IT staff.  I might play with it a bit if I can find time.
• TS RemoteApp is really nice.  We already have a couple of servers running it and will roll it out in our production environment really soon for Shelby and EMS.
• I really, really like Terminal Server Gateway and Web Access features.  Combined with RemoteApp, it seems like the perfect solution for users to access certain apps from their home computers.  Basically, the user logs into a web site and it presented with a Windows desktop looking screen with icons for apps and servers they can click to connect to.  All the traffic gets tunneled over SSL, which makes me less concerned than opening RDP to the outside.  It can also be hidden behind an ISA server (which we already use for remote Exchange access) for additional security.  I really think this is the answer to some of my remote access woes.
• I thought the web server session was boring.
• MS has come a long way with their virtualization products.  In my opinion, it’s still not up to par with VMware though.  There’s still no live migration ability.  There’s still a host OS involved (I think about how many times I have to reboot windows servers vs how I never have to reboot ESX).  There’s no way to resize a virtual hard disk (seems really odd to me, VMware has had this for years).  Give it a couple more years, and HyperV might be the way to go.  I’m not convinced yet though.

The last year or so, we’ve been moving full force at doing lots of cleanup and building an enterprise-class infrastructure.  There’s still a ways to go, but now it’s time to develop a solid IT strategy.  I’ll be making several updates along that journey, but one of the bigs things that’s came up is what do we do when things don’t go right?  A big issue is: What do we do if there’s a major power outage and we have to shut everything down and bring it back up?

Now, last year, we had the opportunity to install a 15KVA UPS that’s capable of running our entire server farm, network core, and phone system for about 2 hours.  We rarely have an outage that long, so we haven’t had to do a full shutdown/startup in quite a while.  During the last year or so, as we’ve implemented technologies such as SAN storage and Virtualization, it seems our infrastructure has gotten considerably more complex with lots of systems being interdependent on each other.

Here’s a short list of dependencies that come to mind:

• Exchange, Blackberry Server, SQL Server, Virtual Center, and VPN all require Active Directory to be up.
• Virtual Center obviously needs the ESX servers up to function.
• Virtual Center and Blackberry Server use the SQL server.
• Blackberry Server depends on Exchange being up.
• The ESX cluster, Exchange, and SQL server all require SAN storage.
• The SAN requires the core switches be functional before it comes online.

As you can see, the dependencies quickly get complex.  If you have to shutdown everything, what order do you do it in?  How do you bring it back up?  I’ll be documenting all of this over the coming weeks and hopefully actually doing a test at some point.  More updates to come.

One thing that seems to always be an issue here is getting big files to outside vendors etc. Obviously, email is good for small files, but it never ceases to amaze me how many printing companies have email systems that can’t accept a 5MB file. Then there’s the bigger files that shouldn’t be emailed anyway.

The obvious solution is FTP. However, it requires client software and user training. The training it no big deal, but the software is - another app we have to roll out and support. Windows explorer can kind of do FTP, but it really doesn’t work very well. There’s also the issue of having to maintain passwords (which would have to be separate from internal AD passwords do to outside vendors needing access) or have anonymous FTP, which is not a good idea for obvious reasons.

Then there’s web-based drop boxes, but they have many of the same issues as FTP. There’s a need to not have access wide open, yet allow outside parties access. From the user perspective, it would be easier, since there’s no special software required - only a web browser is needed. Still, not ideal.

I guess what I’m looking for is something where the staff member can upload a file and enter an email address, and the recipient will receive an encrypted link to download the file. Basically, kind of like yousendit, but ideally it would be hosted locally. I’ve searched and searched and can’t seem to find an app to do this. I may just end up writing it myself if I can find the time. If anyone has any ideas on this, please let me know.

As much as I am not a huge fan of new release from Microsoft, I must say Windows Server 2008 is a release I’ve been looking forward to.  Specifically, the new terminal services features are really nice.  RemoteApp allows you to stream individual apps over the RDP protocol - similar to what can be done with Citrix, but without the hassles.

We currently use a Windows 2003 terminal server for remote users to access Shelby and EMS.  The goal is to replace that setup with the Windows 2008 RemoteApp functionality.  I was able to make some big progress on that today.  I got a Windows 2008 virtual machine built (Virtualization is pretty standard for any new servers we deploy).

After several headaches, I was able to get Shelby installed and an RDP file generated.  I must say I’m impressed.  After installing the app, you simply publish it as a RemoteAPP and generate an RDP file (and optionally, an MSI for group policy deployment).  Once that’s done, the RDP file gets placed on the users machine and it appears just like the app is running natively - Awsome!

Next steps are to get EMS working (requires an update to run on Windows 2008/Vista) and Ultimately run Outlook as a RemoteApp for Mac users (Mac RDP client doesn’t yet support RemoteApp).