Tuesday, August 11, 2009

Adding a VMWare node, and my big one for the year...

So I got the go-ahead to add another VMWare node to our infrastructure. This makes sense in lots of ways - I've only got two nodes at the moment and they're oversubscribed really - I couldn't run all my VM's on one box if the other fell over. I've also got another reasonably powerful, new box sitting around from our stalled Email project, so my only cost right now is in licences.

So I went to the reseller, and said simply - I want to add a new node. I'll add right now, I'm no VMWare guru. I can do what I need to with ours, I've built a fair few virtual machines on both ESX and VmWare free - we have a touching aquiantance, let's say. Our existing infrastructure is ESX 3 nodes, Virtual Center / Server 2.

Which they don't sell anymore - we're onto ver 4 - VSphere. Which doesn't work quite as wholeheartedly as the reseller led me to believe. My own silly fault for not going religiously through the upgrade section on the VMWare website, which would have pointed this out to me. This is, of course, an omission on my part of which my boss is going to remain blissfully ignorant.

The next fly in the ointment is that our existing estate is out of support. So I went back to our reseller and got a quote to renew it (without which I can't upgrade our existing nodes to VSphere and restore harmony to the universe.) Then, I thought, I'll cover my arse properly this time. So I raised a support ticket with VMWare themselves to confirm that this support contract covered everything I needed. Not too difficult, but that was a month ago, and I'm still waiting for an answer.

Anyway, licensing fun and my biggie aside, the installation's been incredibly easy. I created another VM datastore on our HP SAN, pointed the new and both old nodes towards it. The new node's picked everything up, the older ones won't pick up the new storage until they're rebooted. So now I have three datastores on the same SAN. I know I could have added extents to my existing datastores, but given the expansion in our VMWare holding that's likely over the next couple of years, I don't see that as a problem. I've got two Citrix XenApp VM's purring away on my new VSphere node, I can import VM's from the other two if required - I just can't use VMotion or HA, and I'm having to administer it for now through the VSphere client.

Which is all well and dandy, but if that's what I wanted then I could have got Citrix XenServer for nothing. Come on, VMWare, get your arse in gear.

Yeah, do stuff...

The latest dictat from up high is that we, the IT department, are to start selling laptops to students. This is because that another institution, revered by our CEO, does so.

Well, not quite. They actually provide a room for their hardware supplier to knock out stuff to students. That's it. Us being small, provincial, and in a different county from their supplier, our CEO reasons we can do the same thing ourselves, being as they've probably pissed themselves laughing down the phone when he mentioned it. (Likely sales, I'd guess, might amount to ten laptops a year.)

Quite apart from it not saying - not once, I've checked - on my resume that I am, ever have been, or have any desire to be a shopkeeper - I have a few objections, here.

Firstly, we're an HP shop. And as anyone who's ever had the desire to dig through the HP website can find out, becoming an HP reseller ain't a piece of cake. It requires things of their partners like certified hardware techs, which in turn would require the institute to bother investing in its people. I can understand why they don't, because confronted with a continual stream of half-baked ideas like this one (to which our corporate culture is that it's not OK to raise obstacles, as they interfere with the deep, deep, blue-sky thinking going on upstairs), most of the IT staff, when confronted with the prospect of being actually certified would either:

a) apply for another job straightaway
b) refuse to take the course as they'd have to repay the money in two months when the job they've just applied for is due to start
c) go sick from shock

So being an HP reseller is probably out, then. But he's adamant that we've got to have it, so at some point we'll have to find a way of doing it. Selling ten laptops a year from someone else, jeopardizing our relationship with HP - one which saved us a third of the cost of replacing our network infrastructure with (lower-spec) Cisco gear eight months ago. And I don't even want to know what sort of a deal they gave us on the couple hundred new PC's we ordered at the same time.

I will bet, however, it was worth more than the profit margin on ten laptops. And I haven't even discussed the prospective joy I feel at students coming into my office to make a warranty claim on whatever half-assed arrangement we ultimately inherit. I could go on and say something else, but you get the picture.

Monday, August 10, 2009

It's been a while...

A long time since I posted last. It's been a long time too, since I last built a Citrix farm, but even though the name's changed and we're three versions on from the last time I built one, the good bits about the install are still good and the bad bits are still crap. Although I think we can add the main GUI for the install list to the bad pile: it looks like Mr Citrix's three year old got hold of the crayons.

One of the other niggles I've always had with Citrix has been building the new farm directly onto SQL during the install process, and I can report that hasn't changed. It doesn't seem to matter how careful I am setting up and testing ODBC connections, even whether or not I set the ODBC connection up using the SA account (not recommended, just out of experimental curiosity to see if it was a rights issue) - I'll always get an error.

And when you get that error, you'll get it again if you try and confirm the farm membership using CHFARM, at least if you go straight from a failed SQL install to another attempted SQL install. The solution here's to run CHFARM, set up a local Access based farm, then run the CHFARM operation again, having first taken care to flatten your SQL database. I don't know why it should be that way - it just always has been...

Wednesday, March 4, 2009

Will the madness stop?

I haven't blogged for a while, mostly because it's just been utter chaos here : all the fun associated with the start of a new academic year and some fairly major moves and changes. I'm still having fun with my accounting application via citrix, and I'm now just about ready to give up on it and install a VPN solution instead for the affected users, rather than carrying on with NFuse. This of course, means more digging around the uncharted depths of our ancient PIX firewall, where hundreds of obsolete, uncommented entries do their level best to confuse me into tears every time I look at it.

I've started looking seriously now at the problems, threats and opportunities that implementing Exchange 2007 is going to pose, and I'm quietly confident. It looks like there's some good bolt-on functionality with Outlook Anywhere and Sharepoint, and that could - I repeat could - let me get the goal of some kind of Portal off the ground without as much pain as I was thinking it might be.

Our mail scanning server then, has chosen something of an inopportune time to start pissing me off. We're running a standalone server in the DMZ which runs IMSS 7, and today it's decided it doesn't want to do anything much unless I restart the IMSS SMTP service every five minutes and bugger around with hold queues. I'll bounce it again tonight, and hope the fairies fix it, because I haven't got a clue.

Monday, February 9, 2009

Weirdness solved; A dumb request.

Solved the networking weirdness that had befallen some of our servers since upgrading our networking infrastructure. We'd implemented HP's LACP solution,understanding that it would work with the HP server NIC teaming thing to give us a really high-speed, fully teamed solution. Apparently not, for some reason. The 802.whatever that the NICs would have been picking up automatically - the team type being set to auto - just doesn't seem to work reliably.

So I broke the teams on the problem boxes, then set the trunk type on the switch to "trunk" instead of LACP - you can trunk two different ports on two different cards within the chassis, giving you redundancy - then recreated the teams to NLB with Fault Tolerance, then unchecked the TCP onloading box, which seems, from reading around, to be giving loads of people shit. It's apparently corrected in the latest NIC drivers, but just to be sure, you know. Problem gone, performance not quite as good, theoretically, but there's so many other throttles right now I can't tell. So that's good.

What's not good, however, is a reputable database provider asking us to add an entire class B network to our firewall ACL, then another class C network. That's right. Dear gullible fool, please open 65000+ addresses to your ACL list. The reply was neccesarily short and to the point, as you'd expect...

Wednesday, February 4, 2009

Fun and games, Google and Novell's different Wednesdays.

Trying to sort the routing this morning for the new exchange server, with the help of our friendly local firewall guy. I've never learned any PIX, and on the evidence of this morning I think I probably got the good end of the deal there. It's a bit of fun, eh? Anyway, the upshot is it's sorted now, and I've learned a valuable lesson: When you make a change to your firewall - TAKE OUT THE REDUNDANT ENTRIES. This will then save the time and sanity of your replacement as he tries to reverse engineer the inner machinations of your DMZ (tell me you have one of those) via IP addresses which may or may not either be: a) still be in use b) assigned to a different machine or best of all and my personal favourite; c) assigned to a machine of the same name which has since been rebuilt and now has a completely different function. And you can add comments on PIX entries too, so take a second and put 'em in. The lifespan of networking equipment is considerably longer than the tenure of the average IT worker, so I'm sure karma will come into this somewhere down the track.

Google, I see, are writing off $768 million, due to the decline, fall, and plummet from space of AOL. They want out completely, and I think the only thing they can be blamed for there is taking too long to bite the bullet. The sooner the excresence that was America Online gets wiped from the face of the earth, the better.

Novell would probably like to be able to afford to write off something else other than another tranche of workers, but they can't. Be nice if the job losses could stop now, please.

Tuesday, February 3, 2009

A weird one...

I've got one of those weird ones today. We've installed a new network infrastructure - all shiny new HP Procurve stuff. Yesterday morning, one of our servers didn't back up, with BackupExec reporting that it couldn't see it. RDP'd to the server fine, and I could ping the backup server, and ping the errant server from the backup server. I could also, from either server, open an UNC share on ANOTHER server but not on each other. They're both on the same subnet, plugged directly into the new core switch, the ports on which are effectively, at the moment, wide open.

This morning, another server had the same problem, despite backing up yesterday. The error logs on the servers which can't connect have the odd DCOM error which, on closer investigation, could mean one of about forty different things, none of which look like an easy fix. It's all too easy to go off on some wild goose chase here. The core switch is new, so there's a cloud hanging over that, but I had something similar before it was replaced, which I didn't investigate too deeply as it was only a day before the new switch went in. One things for sure - something out there is screwing up my NetBIOS traffic, and I want to know what it is.

Monday, February 2, 2009

A day of deep joy...

How I love sysadmining while surrounded by morons. Today's a prime example. We have an accountancy application which is, like most of these things, just about OK when used in the environment which it was designed for. Local domain, fat client, normal, networked printer. Even then, it's needed a fair bit of tweaking to get it right - it prints from an environment variable, for example, because thats the way it does it. It's one of them.

Someone tried to put it on citrix and we had a nightmare with it. We couldn't get it to print properly at all, despite the application vendor's being on site for a couple of days and dialling in god knows how many times. So I made sure that the people who needed to use it got full-fat clients, quick sharp. Everyone happy.

Except some genius has decided that it would be just too great for someone at a related institute across town to be able to dial into our accounting application through citrix. And our interface to the outside world, I might add, is rubbish. Not in terms of speed, but reliability of service of certain things. We have other people who connect through citrix, for example. Sometimes their printer auto-creation works, sometimes it doesn't. Depends on the wind. Sometimes it takes five minutes to log into NFuse (that's how far behind we are); sometimes, seconds. Reboot router, phone up ISP and complain. Right now, those are our options. So it's not going to work. In a month of Sundays. Even if it did work in the first place, which it doesn't.

Obviously, someone's ego's going to be bruised when it becomes apparent that this is going to have be er, altered. No guesse for who's going to end up wearing it, though. Be nice if I got asked at the start, for once.

Wednesday, January 28, 2009

Fun with Exchange mailboxes, part 2...

I'm in the middle of upgrading our organization to Exchange 2007 from 2003, and I'm currently "enjoying" the effects that adding a 2007 server to our Exchange organization's having. Not only does it screw our existing global address list, but helpfully, it's also "updated" it so that I can no longer administer it from the Exchange 2003 box. Marvellous.

I've also discovered that I've got a few shared mailboxes out there that have dissappeared, altogether, from any address list. So now, I can't even get my users to see them - which is lovely for our internal marketing, as we're rolling out a new desktop image. It's an issue I can really do without. Tonight I'm going to rebuild the Recipient Update Services on the 2003 box and hope like hell something shows up tomorrow.

On the image rollout, we've been ordered to put Office 2007 on the new image, which as you probably know, is more different to previous versions of Office than any release ever. One would expect some staff training - for our users - to be in order, then. But no. The person who's supposed to be doing THAT, had Office 2007 installed nearly a year before everyone else for precisely that reason, and who was one of the main drivers for putting Office on seems to have rinsed their hands of it. No guessing which department everyone's looking at to blame. IT and short memories seem to be natural bedfellows around here.

Thursday, January 22, 2009

Plate full of Password Problems

Every week or so something fun gets tossed onto my brimming plate, and today it's the turn of password management. It's a pain in the ass, full stop, and now I'm to look at smoothing troubled waters by implementing some kind of solution that'll enable our users to reset their own passwords: memorable question kind of thing. It's the kind of thing that even a year ago would have had me in a cold sweat, thinking of all the possible security horrors. I seem to have undergone some kind of transformation though - if it adds to the user experience, makes students and the helpdesk's lives easier, then I'm all for it, and I'll deal with the security horror if it appears. Quest's Password Manager looks like it might do the do. How easy it'll be to implement is, of course, entirely another matter.

So Microsoft's officially cutting jobs. And they can't even bring themselves to issue a revenue / profit forecast. Share price fell nigh on 10%. Not a good week for them.

Wednesday, January 21, 2009

Citrix finding a new raison d'etre?

I talked before about Citrix being a company in need of a new killer app. Virtualization, it seems, is where Citrix are putting their money on their new future being.

They paid out $500m for open-source virtualization company XenSource, and have been aggressive in pushing their new baby. They've also got an interesting take on the cloud / no cloud thing. They reckon companies need internal clouds first - hosted of course, on Citrix virtualization / application delivery boxes - to be ready to take advantage of the opportunities when the bridges to the real cloud fall into place. They've developed Citrix Cloud Center too, to push to the third-party cloud vendors, just so you're in no doubt they're serious.

Now they're collaborating with Intel, creating a bare-metal hypervisor based on the Xen one, probably aimed at delivering virtualized desktops, which will have the considerable bonus of being fully encryted.

Now all they need to do is get the Xen hypervisor integrated with HP's industry leading System Insight Manager. Fortunately, it's apparently "on the list."

Just when I thought they looked dead and buried, Citrix suddenly looks like it might not be takeover fodder after all.

Tuesday, January 20, 2009

Fun with Outlook Address books; Cisco looking for a fight.

I'm having fun with Outlook Address Books this morning. A couple of weeks ago I built and introduced an Exchange 2007 server, looking towards migrating our accounts over from Exchange 2003. I created connectors between the two servers, and they're seeing each other fine. I pulled over a test mailbox, which seemed to go smoothly although I haven't been able to fully check that out yet because I need to update the ACL's on our PIX firewalls to include the new server.

So far, so good, until it was pointed out to me that somehow, mysteriously, the behaviour of my users address books in Outlook has changed. One set of users defaulted to one address list, another to another - both stored below the Global Address list. Now, those lists aren't visible from outlook, even though they both still work as email distribution lists. Confused yet? I am.

So I've populated two address lists above the GAL and they work fine, only problem being I haven't yet sussed if I can push our users to these via Group Policy, which would be ideal. So for now, the helpdesk are going to have to sort it - if someone complains, which as yet, they haven't. I know they will though, and probably before I fix it.

On another note, it looks as though Cisco are wading into the Blade-Server market. Coming hot on the heels of news that they're planning on wading into the virtualization market too, and in the face of HP's switch/routing challenge in the shape of Procurve, it's beginning to look more than a little like the day when KFC peddled their first burger and Ronald McDonald deep-fried his first chicken bollock. Hopefully, like that happy day, this ends up as good news for the customer, but with no sickly aftertaste, clogged arteries, or lingering sense of guilt attached.

Monday, January 19, 2009

Opera slings mud at Microsoft, sticks.

So the antitrust thing's back. The EU says Microsoft's violated competition laws by continuing to include Internet Explorer with versions of Windows. Opera, the original re-complainant, is understandably delighted.

So where's Microsoft go from here, other than back into the courtroom? Given that the fine dished out by the EU last time was 899 million Euros, it's a fair bet that someone's going to be digging into their pockets, deeply.

And with Microsoft feeling the pinch - its share price this morning stood at $19.71, down from over $35; and with persistent murmurs of impending cutbacks - now represents perhaps the EU's best chance to get the software giant to sit up and listen, properly.

Yes, the last antitrust issue before the EU was different - that was to do with Microsoft getting in the way - as the commission saw it - of other vendor's attempts to get their software to work properly on Microsoft operating systems.

But the EU budget's not getting any smaller, and member countries are raising less tax revenue than six months ago, thanks to the recession. Milking the Redmond cash cow might, in the once-removed eyes of European ministers, go down an absolute storm.

Sunday, January 18, 2009

Active directory management permissions

Our user accounts aren't, inexplicably, created within the IT team. That's a fight for another day, but right now I'm securing our Active directory, specifically against the people whose jobs it is to create our users, non of whom is anything else other than an IT part-timer. Unbelievably, they've been given full admin rights up to now, but today that stops.

So what I've done instead is to:

  • save an .msc file of the AD users and computers MMC snap in.
  • Create a user group called Account Managers and add these staff to it. I've granted this group Read Access to the .msc file, and provided them with the file path to it.
  • Give the Account Managers the neccesary permissions - Read, Write and Modify - to the OU's in which our user accounts (not our System Accounts - they're somewhere else)
  • Delegated control of user accounts by right-clicking on the root domain in AD Users and Computers and - well, just walking through the wizard.
  • Remove our users from the Admin groups
I'm sure there's going to be some whingeing sometime soon, but that I can handle, by the old-school SysAdmin technique of hiding behind my manager. Hey, it's what he's there for. And I'll sleep just a little bit better tonight, although I know I'll wake up tomorrow and find something else that frightens me.

Downadup panic

I got to work, opened my email, checked the web for news and found that the Downadup worm's causing untold panic, such is the rate of spread. F-Secure estimate that the worm had infected nearly 9 million PC's by Friday, up from just over 2 million on Monday. The worm's hitting a long-standing vulnerability in XP, 2000 and Server 2003 which Microsoft patched - with plenty of publicity - 3 months ago.

Apart from demonstrating just how many systems out there haven't been patched, Downadup's also notable for the numerous ways in which it propogates, via flash and network drives, plus the usual array of social networking hooks.

It is though, easily removed. Tools are at F-Secure for free, and better directions at precisesecurity.

If nothing else, Downadup's showing again the best security practices of all - regular patching, up-to-dat AV and malware programs, and not opening spam. How easy does it have to be?

Saturday, January 17, 2009

Replacing Altiris with Configuration Manager

Altiris has been around for a while now. It hasn't changed much since I first used it, in terms of functionality at least. It's under the Symantec jackboot now, and it'll be mildly interesting to see what becomes of it. I've got to admit to not always being the world's biggest fan of Symantec: my experiences with Norton AV haven't ever left me with anything approaching joy, and on the few occasions I've had to use them, the Symantec product support mechanism has frequently left me at entirely the other end of the spectrum of joy, to the point where I've wanted to chew my own hand off.

But that's by-the-bye. My point is that Altiris is, for us at least, now approaching the point where we're looking round for a replacement. As an educational institute we get really good deals from Microsoft under our campus agreement, so I've been looking at Systems Center Configuration Manager. From reading the blurb, it looks like there's nothing that this won't do.

What it can tie in with and what it needs in order to run effectively are confusing me right now. I already know that it speaks to our WSUS server and imports some of the stuff from there. How the software packaging side of things works is a mystery to be solved.

The biggest mystery at the moment though, is how to get the client software to install. From within Configuration Manager there's about five different options for pushing it out. Configuration manager can see my clients - it imports them from AD - but I'm not getting any joy with any of the installations. There's just nothing happening, and the thin, dusty trail in the logs is proving to be fruitless.

I have no doubt I'll solve it eventually, but right now Altiris lives. And that's important because it's this time of year we re-image all our desktops and push out all our software for the upcoming academic year. So far, it's been totally trouble free.

And right there you see our difficulty. There's so much we can potentially do by becoming a one-stop, Microsoft shop. What we're seeing already though, is that the costs we save are going to be offset by an increase in the difficulty of replacing 3rd-party systems like Altiris, like VMWare, that became popular because they work.

That doesn't mean the challenge isn't a valid one. Once all those clients are out there for this year; once all our students are in and settled; I'll be bringing more and more of these projects forward from the back burner, looking towards the future.

Friday, January 16, 2009

More casualties

The downturn's hitting hardware makers too. AMD have just announced 1100 job cuts - 9% of its workforce. The pain's even reaching to the boardroom - AMD's CEO and executive chairman are each going to take a temporary 20% cut in their base salary, and other employees at the chip-maker will also have their wages cut by between 5 and 15%.

That comes hard on the back of job losses at the number one hard drive manufacturer Seagate looking at slashing 10% of its workforce. CEO Bill Watkins didn't survive that one to take a salary cut. Number two in the storge market, Western Digital, is ahead of the curve, having stated that it would slash 5% of its workforce way back in mid December. HDD head manufacturer TDK is letting 9000 go.

The mighty Intel can't be far behind. as yesterday it posted a 90% drop in profits and warned of even tougher times ahead.

With so little money going through the IT industry, it's a bad time for Microsoft to have the EU taking yet another look at it over the seemingly never-ending saga of bundling Internet Explorer with Windows. Maybe this time Microsoft won't simply be able to pay, stall the EU with a flotilla of expensive lawyers, carry on like before. Stranger things are happening in the world right now.

Thursday, January 15, 2009

Times like this can make a man nervous.

So, the seemingly impregnable Google's laying off workers. The guys and girls for the axe are 100 recruitment workers, so don't be hankering for that job at Mountain View any time soon. And the old company of new Yahoo! CEO Carol Bartz (already labelled in some areas of the press as "foul mouthed", although personally, "friggin'" doesn't register on my radar unless it's uttered by a cheeky matelot with a glint in his eye), Autodesk, has also put the knife in today.

And now Microsoft's wielding the axe, according to some sources. Or not. Either way, it's a fair bet there'll be few requests for a pay rise at the software giant anytime soon.

Sign of the times? I did some crystal ball gazing for work this afternoon, trying to come up with a three-year plan. Practically an impossible task, given the pace in change of the world around us right now.

What did I come up with? Well, if we're going to upgrade from Server 2003 we'll be facing some pretty substantial hardware costs as 2008 R2 is 64 bit only. I'm sure there''ll be a few issues on the back of that one, given the number of legacy apps we're running. Virtualization will be something we'll make more of, although I suspect we'll be looking closely at other offerings beside VMWare.

The other thing that I feel I have a duty to look at is exactly what parts of our server estate could be candidates for moving into the Cloud. Now, my knowledge of the possibilites that Azure, Google and whatever it is that Amazon eventually comes up with is tiny. Nothing at all, in fact, beyond knowing that they're going to be there. But it seems a funny time, to be sure, to be leading the charge in a direction which could very well put me out of a job.

Expanding a Point

I thought I'd expand on one of yesterday's postings; that which alluded to Citrix's killer app status slipping as the competition have caught up.

I've always been a fan of the possibilities of thin-client computing. The picture that Citrix paint - and deliver, to be fair, in many places - of an IT infrastructure with a smaller TCO, a smaller carbon footprint and centralized administration: who isn't waiting to be converted?

So when I came here and found a legacy Citrix environment - Metaframe XP FR3, two years out of support but still happily chugging along, supporting a couple of hundred users quite happily - one of the first things I looked at was updating this and asking the questions: What else can I do with this? Can we expand our thin-client useage, save money on our clients and our power bill, reduce our carbon footprint and be responsible global citizens? And unfortunately, to all of those questions, the answers were not enough and no.

Citrix do quite a good job of pointing out the cost / benefits of a thin-client network. But who, I ask, can afford to chuck their existing fat clients in the bin, and start again? Who can afford to run two networks side-by-side - because that's what we found we would almost need to do. Yes, we could look to savings three years down the track, when our current desktop refresh cycle reached it's end. But for a public sector organisation, especially one in up to its neck in the financial mire - three years is forever.

The real killers though, are Microsoft and Procurve. Microsoft because their new Windows Server 2008 does everything XP FR3 did (albeit without the crap that no-one used, like application billing). Procurve have finally been unleashed by HP and allowed to compete with Cisco, who have started making grumbling noises sounding like Cisco are going to kcick off their own range of Blade Servers, but that's bye-the-bye. Net result: when our network infrastructure reached the end of its lease, we were able to deliver gigabit to the desktop at two-thirds the cost of the Cisco offering - which offered less.

So the extra bandwidth that Terminal Services - or whatever Microsoft are calling it now - is going to consume doesn't matter any more. Citrix is looking pretty dead.

The final nail in the coffin is the ability of the machines now reaching the end of their lives, ones which we traditionally stuck a Citrix client on and punted to the backroom staff, so they could still have a reasonable user experience on old hardware. With 2ghz P4's now coming into retirement - where's the need?

Wednesday, January 14, 2009

Linux speak...

Linux, the Operating System of choice if you're the kind of person who'd get a kick out of building your own television set. It seems that every year there'll always be someone trotting out the "This is the year when Linux takes it to Windows" line. It seems that this year, or this week at least, it's the turns of the good folk over at ZDnet.com

First up is their education guy, and I've got to admit he's the one that had my jaw on the floor. So, it's "far easier to justify installations in an educational setting than it was even a year ago", is it? Microsoft do a Campus program for educational institutions. We have site licenses for everything, often free upgrade rights. By any commercial standards, our Microsoft costs here are absolutely tiny. Try less than a hundred bucks a year for Systems Centre Configuration Manager. A hundred New Zealand bucks.

Now look at what it is that we use our computers to teach, what it is we want our students going out into the world able to use. Microsoft Office. Tick. On Linux? Fail. Adobe Creative Suite? Tick. On Linux? Fail. Autodesk. The list goes on. Fail all the way down.

And don't make me laugh by telling me it's free. Most of the costs over an operating system's life are going to come in supporting it. If it's easy to justify sending your entire IT staff away on a two-month training course while they get as competent on Linux as they are with Microsoft, I apologise.

And, of course, there's a guy with a beard, telling us Linux will survive. Of course it will. Netbooks are a comin'. But here? On the desktop? No case to answer.

Where next for Apple?

Steve Jobs is taking time out, as you probably know. I wonder where that leaves Apple? Even more so than Microsoft when Bill Gates was in charge, Apple is Steve Jobs. Apple's shortcomings and strengths are also, therefore, tied up in him. So what might be on the cards for Apple if the new hand on the tiller keeps their own lookout and doesn't simply use Steve's binoculars?

I said yesterday that Apple's server offerings are awful, and I meant it. Microsoft's building all sorts of fun stuff into the Windows Server family these days - virtualization, remote application delivery with Terminal Server 2008, CRM; loads of good stuff. Plus of course, all the tried and tested backoffice stuff that we've been using for years.

Someone else is getting into virtualization now - Citrix are finally looking serious about gettnig into the game, and about time too, given that Terminal Server 2008 does everything that the Presentation Server releases of only a couple of years ago did. Whether it does enough to distinguish itslef from either the ubiquitous VMWare or Microsoft's own offerings is another matter. Citrix is looking like a company in need of a space.

Have Apple got that? They've got the iPhone, and the iPod, and the Mac, and Citrix is all about accessing the same applications across different platforms. If the downturn goes on and domestic customers find themselves unable to justify that new Mac, Apple's going to need business customers. For that, it needs something to put on its servers...

A Dusty Cupboard

Fun and the command line aren't natural bedfellows, especially if like me you've spent most of the last few years doing those most important of Sysadmin functions: idle web surfing and scatter-gun character assassination. However, a change is as good as a rest and all that jazz, so just for a while I've foregone Wikipedia (the last internet refuge for the terminally bored) and plumped for a spot of work instead of passing my time alternately cogitating, digesting and forgetting about Lysander's role in the Battle of Thrace.

So today I'm continuing migrating stuff across from our old SAN. Fortunately for me, I'm employed at an educational establishment, and our students are currently somewhere else. Some would debate the point that they're seldom anywhere else other than somewhere else even when they're here, but either way, their absence from the campus at the moment is making my life a little easier. I mentioned a couple of days ago I was pulling profiles across: that seems to have gone well, and now I'm digging into migrating a few different groups home directories over. It's a little more involved than the profiles, because not only am I dealing with pulling the data and permissions across but in this case the folders also need to be shared, the users made folder owners, and then then pointed to the new location through Group Policy.

None of it's rocket science though. In fact, none of it's beyond the average twelve-year old. Which makes it slightly galling just how much I've been struggling to remember how to use these most basic of command line utilities. I even forgot how to share a folder from the command line, and had to look it up on Google. That's just plain embarrassing.

I've never used Group Policy Modelling before, but now I'm addicted. It's a left-field comparison I know, but in its functionality it reminds me of the old Query Analyser in SQL 2000 in that it's a great get-out-of-jail tool for people whose job demands they use it but who can't be arsed to find out how to do it properly. Or as in my case with the old SQL Query Analyser; those who have met a DBA or two who understands SQL properly. If it's not too late already, heed my sage words: run to the hills, just in case it's catching. You don't ever want to be like that.

Tuesday, January 13, 2009

The Windows 7 Conundrum

Windows 7 seems to be all over the news this week, with the release of the first and probably final public beta before it goes RTM, probably somewhere around the end of this year. The uptake of Vista in the Enterprise has been woefully low for Microsoft. The jump in hardware requirements needed to run the new operating system, the plentitude of applications which either worked poorly or just plain didn't on Vista, and the presence of a predecessor which did everything required of it plenty well enough all conspired to stick one of those old-fashioned hairpins firmly though Vista's spine. A mid-life ad-campaign quite unlike anything else I can ever recall - both in terms of it's timing and how quickly it dissappeared off the radar - failed to breathe new life into the twitching corpse. Vista, is to all intents and purposes, dead.

But it isn't really, is it? Windows 7 has already had accusations of plagiarism chucked at it - the similarity of the new taskbar to Apple's Dock has been duly noted, and probably encouraged by Microsoft, eager to for once, earn a more flattering comparison to the anvil upon which Vista has been smacked, at least in the domestic market. The real plagiarism, however, lies in the breadth of the new release.

Apple's "new" Operating Systems are seldom that, not when seen from a Microsoft point of view. Do you think, say, that the difference between Mac OS 10.4 and 10.5 is anything like the difference between say, Windows XP SP1 and SP2? Something like 2/3rds of the code for XP was changed in SP2, and it still didn't merit being touted by Microsoft as a new product. They could have jazzed up the GUI, ran another Mojave Experiment, made hay. That they didn't tells you something about the corporate mindset at Redmond when releasing a new OS. Each successive new version of Windows was always a big jump from what went before, because that's the way Uncle Bill liked it.

Now though, Uncle Bill's off doing good stuff for one-armed lesbian Malawians, and Windows 7 is a new operating system, even though it only takes the smallest of glances under the hood to see that it's not. It's Vista, SP3. And I for one will be a happy man if Microsoft find that stealing the Emperor's New Clothes idea from Apple turns out to be a good fit. The pain we've all experienced with Vista has been good for us: Applications now have to be written properly. Vista is, contrary to the public perception, a damn sight more secure than XP. With SP2 and on the right hardware it's now something approaching acceptable, but we all know it's too late.

But Windows 7 - I mean Vista 2 - couldn't have come at a better time. Microsoft have been losing market share in the home market hand-over-fist to Apple. Now, as a recession looms - who out there really has the money to spunk on a 24" iMac, not when a similarly 'specced PC might save you a thousand bucks? Corporate networks running XP - like us - are looking around now, knowing that sooner or later we're going to have to do something. Macs don't, for all their slickness in a standalone environment, do the networked thing. Apple's pathetic server offerings are, as far as I'm concerned, more or less a tacit admission of this. Besides, we all have legacy apps. We need Windows.

Dell have this week announced they're shutting their plant in Ireland with the loss of 1300 jobs. Their stock's down by what - a third? HP are similarly strapped. And the IT service sector - the big outsourcers like EDS et al? Life Support. What all of those companies need is Windows 7 to be released pronto, and for the big boys that stayed with XP to take advantage of the service provider's predicaments to go over to 7 sooner rather than later.

There's already talk of major Government IT projects scaling back. In this recession, Windows 7 and its success - or not - might be the only thing between the IT gravy train and the buffers.

Monday, January 12, 2009

Welcome...let's begin

Welcome to my first venture into the blogosphere. People write for lots of different reasons, but I suppose one overarching reason is that most human of instincts: the desire to leave our mark on this earth.

Fulfillment of this instinct, of course, presupposes two things. Firstly, of course, that the contents of the author's mind are in some small way worth anything (and I'm not saying that mine are - read on) and secondly, that the author isn't a Sysadmin, in which case he or she has already chosen a path in life leading 180 degrees away from the Golden Mountain of Deep Meaningfulness, towards the valley of Pointless Futility and the permanent campsite of A Wasted Life. This is where I pitch my yurt, and I invite you in for a daily(ish) glass of the soured yak's milk that flows from the udders of the System I'm paid to manage.

So today, I'm moving user profiles from an old SAN to a new one. As this is a public institution we're not allowed to delete anything until the Prime Minister himself signs the release sheet, using a pen carved from the twisted thigh-bone of one of Snow White's short-arsed friends, dipped in the blood of a sacrificially slaughtered Dodo. There's more chance of this happening than any request for him to do so being passed up more than two levels of management without vanishing, or more likely sent back with some lame query aimed at proving nothing more than the intellectual disability of the sender. But I digress.

So I'm moving user profiles. I'm doing this on a by-OU basis in Active Directory Users and Computers. I'm navigating to the OU which I want to migrate, right-clicking and going to View, Add/Remove Columns and making sure I can see the pre-windows 2000 logon name. I'm then Right-Clicking again, going to Export List, and saving it as a CSV file. Open this file in Excel and delete everything else except the login name. I make sure this is in the second column, then I fill in the first one with md \\servername\profilesharename\ - for the destination folders for the migrated profiles. Then the file's saved as a .cmd file. Run that, and you've made your destination folders. Easy.

It's a bit more fiddly - but the same principles, to then make another command file in the same way, this time using your usernames thus:

xcopy \\originalservername\sharename\username \\destinationservername\sharename\username /E /V /C /O /H /K /Y

The /O is the most important one here, as his copies across all the ACL information. Used to be a time long ago when xcopy wouldn't do this and you had to bugger about in the resource kit. The other switches are to do with ignoring errors, recreating folder structures etc and verifying files.

So your data's across - all this assumes you're running this when no-ones on the network - I love working at two in the morning - and all you need to do now is point your users to their profiles. Select everyone in your target OU, Right-Click and hit the profile tab. Stick in \\Servername\Sharename\%username%, and you're done. Now all you have to do is wait for the morning and see what else you've broken.