In December I blogged about the new lab but mentioned a customer problem that came up which made having the lab all the better. I said I would document the fix so here goes…

So I ran up my lab machine and jumped right in, that was about fixing an orphaned AVHD file (a Snapshot nobody remembers creating) I’ll blog that process another day because I will need to go back through the steps maybe with screen shots :)

The Hyper-V server lost all of its VMs I think due to an issue with AV exclusions but long story short the Server VHD file was used to create a whole new VM not a great idea but that is what happened. When the files were examined on the fully operational server it was determined that the server had been rolled back to the 15th of December worse it was now having mail delivered and users were using files. What to do?

Well this customer uses our Ahsay service and we backup the local files from the Hyper-V VirtualMachines Volume

So quick restore and all good

Well not all good I still needed to get the files back and maybe exmerge out the mail boxes so off to my Hyper-V lab…

Now I had a new merged VHD which I just mounted in Hyper-V as a new machine which was an SBS 2003 R2 Server exmerged out the mail boxes and Robocopied out the files Happy customer VERY Happy

Fun with Hyper-V Server 2008 R2 - David Mackies Blue Brain

Now before I got play in my lab too much a customer had a problem which I needed to fix.

So I ran up my lab machine and jumped right in, that was about fixing an orphaned AVHD file (a Snapshot nobody remembers creating) I’ll blog that process another day because I will need to go back through the steps maybe with screen shots :)

Because I built the Hyper-V Server R2 boxes in a hurry I needed to get running quickly and of course the Hyper-V Manager for Windows 7 is the best way to configure Guests what if you just need to get some better info from the Host Server.

The management console in Hyper-V Server R2 is so 1990 and not really what GUI guys want to be seeing when in a hurry.

So what is a guy to do except use….

Core Configurator 2.0 from www.Codeplex.com/coreconfig

I thought the ability to Start and Stop Guests from the server it self was a really great feature. You can even see a thumb nail of the Guest 

As you may be aware at Synergistic we really like the Trend Micro product Worry Free Business Security (WFBS) Advanced (WFBSA) and while we may do a walkthrough of the configuration not until WFBSA 5.1 ships later this month.

Here is something that has caused me some concern for a while now and I could not get an easy answer. How do you get the TrendProtect toolbar loaded on all the machines under management in a network using WFBSA?

Even when I asked one of the Trend Micro Presales Engineers at the vmware Virtualization summit, and while he made a very good argument about why I don’t need to use the toolbar, I said it was a week answer and would let him know how to deploy this Automagically.

So I’ve put a little effort into how to do it  because I’ll tell you for nothing there is no way I’m pressing that install button on every client we install.

By the way we don’t do the next > next > next shuffle for installing the client it self either but that will need to wait until after the 18^th of November 2008.

Back to the toolbar.

So first if we don’t need it why do I want it?

Consider wanting to go to Astalavista.com source of some very educational content that I have been know to go to from time to time just not from my Corporate Desktop. So I enter the url into Internet Exploiter and BANG “Dear user Trend Micro says you might want to think twice about this” or something like that ;-D.

Now what if I was going to go there via a search engine? If it were via Google (not Live Search) I could get pre-warned about the sites reputation and make a decision before clicking the like but only with the toolbar installed…

AND the Green TrendProtect icon is for the Google and Live Search sites NOT the search results. Notice the colour coded links in Google and NOTHING in Live Search perhaps this should be a feature request to Trend Micro as I use both engines to be honest.

OK still haven’t said how to do this.

Well I did capture an install Winstall LE and while it worked wasn’t too convinced repackaging in 2008 was the way to go so looked a little deeper…

So I looked at the actual toolbar and went to the about page  which takes you to the TrendSecure product page where you can download Version 1.2 of the client without actually owning Office Scan which is pretty cool and a great community service.

Still no closer to rolling out Automacially OK here it is…

Once I knew the Executable name TrendProtect_IE.exe I looked in my OFCScan share and Bingo \\SMEManaged01ofcscan\Web\ClientUtility\TrendProtect_IE.exe which is several months newer than the free download but the next steps work for both.

• Run \\SMEManaged01ofcscan\Web\ClientUtility\TrendProtect_IE.exe /a to build an administrative installation point. I’d put it in E:\ClientApps\TrendProtect
• Then just use Group Policy to deploy to all workstations if you don’t know how to do that wait until the post 18^th of November post of doing the whole system end to end.

Post 18^th of November means some time after so those who expect it earlier than the beginning of summer might be disappointed.

While I was greeting people at the SMBIT Professionals Sydney Group on Tuesday night one of the guys asked me what I do about some servers not rebooting with a USB Drive connected. Now this guy knows I’m a big fan of STORAGECRAFT™ Shadow Protect so the idea of backups to removable disk storage would have been something I have covered off before.

Now turns out I didn’t say much of anything about the reboot issue, one of the other guys hanging around fielded that. Turns out you can get a Bios Update that lets you move USB Drives down the boot order so issue solved.

Had I answered this question my answer might have been different. My answer goes back to our DR Strategy for SBS 2003 Servers before we started using Shadow Protect. Here is what we did and why…

• Get the biggest hard drive you can afford and insert it into the server as a backup target;
• Use the drive to hold the backups;
• UMMM that’s all.

Why? Because ASR could not see a USB Drive so could see the Backup Files. Why did we use ASR to disk based backup? We would restore to the same hardware so on HIR issues.

Before you scream about offsite data, let me say “I don’t care” the question was how do I stop the reboot hang when my server reboots with a USB drive connected and I just said backup to an internal drive.

Offsite storage for the SBS Server Backup files could be done many ways but I think this one works so let me describe what I do for folk who understand about our desire to provide something strong and reliable.

Offsite Replication over the Internet

Most SME’s in Australia have download capped Internet plans mostly with ADSL, so any kind of medium data change rates would cause traffic shaping in the very first week, lets just say Internet offsite replication is not really efficient or secure so forget I said anything.

Removable USB Drives – Server Connected

Many solutions use USB Drives either as the direct target for the backup or copy target using something like Robocopy of course the Robocopy solution copies the entire file even if there are only small changes in my solutions it just takes longer no really big deal but I would like to make it as efficient as possible.

If the USB Drive is attached to the Server we also have two possible points of mitigation, before we have a good solution:

• If the USB Boot Issue is not solved we have a maintenance and patching remotely issue;
• Users need to logon to the server to effectively change media

Removable USB Drives – Remote connected onsite

There are a number of solutions that could be implemented but the far simpler method in my opinion is attaching the USB Drive to a workstation, that way an unprivileged user has the rights to change the drive and few workstations have the same boot up issue as was described on servers.

I really need a full copy of the Backup Drive in the server and I want to have it complete as quickly as possible, to do this we use Delta Copy which is based on RSync allowing us copy the changed portions of the backup files for rapid replication.

Delta Copy also reports via email on success or failure so we can send the mail to our ticketing system allowing us to rerun backups / offsite copy the next day in accordance with our service levels.

Removable USB Drives – Rotation Best Practice

Of course the drives need to go off site and of course they need to travel so how do you make sure you minimise the risk of data loss due to damage, loss or environmental's? We ensure the client has a minimum of three devices and always have two at rest:

• in office attached to replication PC
• in remote location, often the business owners home office, one client stored it in their PO Box perhaps not the ideal location but they accepted the risk.
• one in transit each way

NOTE: This is Backup for DR Purposes – Archive is a different problem domain.

I have recently done an implementation of Network Access Protection (NAP) for a Mid-Market Client, and we have delivered some benefits which were not part of our original planning.

I won’t go into too much about their specifics but will cover the scenario and some of the side benefits we achieved.

Even Better I’m going to build all this on SBS 2008 so it should be kind of generic and really quite fun for me to extend with the low end kit I may have lying around my Lab.

Oh but to make it into a deployment guide for both SBS 2008 AND EBS 2008, I have spoken with my friends in the Dell Sydney Office to borrow a Switch so I can really hang together a guide for a switch that is affordable but has all the features the big boys expect to see.Not Quite Fully agree’d so when I get it I will replicate the whole thing including the ACLs and Scripts.

Now today I got a notification of an update to the NAP Solution Accelerator, and giving it a quick look this morning without saying too much as it is a Beta Release I see that NAP is seen in the Rationalized to Dynamic area of the Core IO Model.

Mapping NAP technology into the Core IO Model

So given the high end nature of the benefits of NAP to provide Infrastructure Optimisation, I’m going to try to see how far down the cost and complexity stack I can drive.

Now my Lab is a little light on for hardware and most of the Server Infrastructure is Virtualized in WMware Server Version One, so the first steps will be baby ones and you can follow on further as we go.

In the coming days (more likely weeks) we will see what we can do with:

• SBS 2008 RC0
• LINKSYS SLM2008
• Wiretek Unmanaged 24 Port 10/100 Switch
• D-Link DWL-2000AP+ Wireless Access Point

and that is about all the kit hanging around gash in the lab right now so here we go first installation in a day or two … NAP DHCP on SBS 2008 with Windows XP SP3 Client.

What does that have to do with my Mid-Market Customers config or Project? Nothing but I don’t have a 802.1x Switch that supports Dynamic VLANs so you will have to wait until the Dell deal is done and I can get it in releasable documented form.

BTW my Mid-Market Client was using Nortel 5520 switches, and I don’t have one of them either so unless I can find one for a loan we need to wait for the Dell one.

I just picked up an old copy of Information Age (the Australian Computer Society Magazine) which sometimes sits until I get around to it, or it makes it into the recycle bin. Not to worry I'm sure I have read it more than twice as often as the Open Road, where does all my time go? But I digress.

Essentially the article I found very interesting was about how Truck builder Volvo used a flatpack IT solution to build a Single, simple IT platform to unify the global conglomerate. This is kind of what I want to describe in SMEManaged.com

The group used a common IT platform to weld the new enterprise together, learning from another Swedish icon - Ikea - to offer a flatpack DIY information technology and communications solution to its seven business units, each a major international enterprise.

The flatpack prescribes hardware, software, networking and procedures to be implemented by local IT people to create a cohesive global operation.

So what are the interesting things for me in this article, and what parallels are there in customer networks we take on;

IT Environment

• Enterprise wide IT Platform
• At Synergistic we try to build standards across all networks we design, build, deploy and support; we are not there yet but our class of network points form natural boundaries
• Micro Business
• SOHO
• Small Business
• Mid Market and
• Enterprise
• Limit the Number of Vendors, Volvo uses only four (4) vendors
• You can only standardise as the opportunity arises, but it should be the goal, we have inherited sites where there were 4 Versions of Microsoft Office in production Office 97 through Office 2003
• Volvo had many Legacy Systems, "at one stage had more than 1000 different mail clients out there"
• Synergistic is not an outsourcing company and in the Small Business Market Managed Services Providers like to think of them selves that way but as we move more into Mid Market we will be more back to being a Service Provider and the situation Volvo was in will be very similar to how we engage, we won't own the Network but will be trying to help, culturally this will be a great journey.
• Acquisitions bought "a swollen population of IT staff from a host of backgrounds, cultures and levels of expertise", "we couldn't say 'this is how we do things at Volvo and so now will you' and imagine that it would all fall into place."
• Platform Decisions are around the 80% question for us. Too much overlap just for best of breed can cause interoperability issues or just a lack of delivered value. Over the term of our engagements, which we try to make perpetual we aim for simplification and returns through efficiency, so we always propose consolidation and complexity reduction.
• "We are required to maintain the same efficiencies, which essentially means ensuring a 5 per cent productivity improvement each year", "The revenues gained or saved through that improvement are ploughed back into our overall IT investments; as IT people we have to maintain the bottom line business targets of a global IT operation"
• Do your Customers require savings, or do you continue to raise your rates every year? Synergistic tries to identify the value we bring, and the savings are often static rates or our free upgrades services component, on a Platinum Plan held for three years.
• Volvo handled the big issues like this:
• Some wanted to go with PeopleSoft for HR management, but our investment over the years in SAP R/2 and R/3 meant that we had to stay with SAP
• "There was really no question about Microsoft after implementing Active Directory and standardising on Windows, at least across the Volvo truck and bus operations, even though it presented some licensing issues.
• "IBM has been at the centre of our enterprise for years, particularly with our mainframe in Gothenburg and our AS/400 and later iSeries platforms for our global dealer systems
• Controlling the Desktop
• A major component has been the implementation of MyPlace, the delivery of a suite of desktop applications to users according to their work profile, MyPlace controls who has access to which software according to a user's need with applications approved by managers downloaded to the desktop without involving IT staff who had previously to manage installation and support
• Do you offer training? Why don't you? This was a part of the article that really caught my attention and will be the focus of some of our planning because it just makes sense to me.
• Classrooms were configured, external trainers hired and users certified. It took some weeks but cost less than having highly skilled IT staff tied to a help desk. "It stopped the 'this thing isn't working' complaint which really meant 'I don't know how to do this but can't admit it'.

• "Building this simplified, enterprise-wide IT platform has taken more than five years but is nearly complete" and Mid Market shouldn't be expected to be overnight either but these are challenges worth having I suspect.

Centro = Windows Essential Business Server

I really like this graphic it shows the High Level view of the problem Centro Windows Essential Business Server is designed to solve and I see great potential. I am really looking forward to integrating this solution into our offering. I've been looking at this product for a while now, and having recently completed projects for some customers in the 200 seat point I understand better why this Simplified Integration is going to be a really great fit.

Windows Essential Business Server is an integrated server infrastructure solution designed for the unique needs of mid-sized organizations, combining the technologies of Windows Server 2008, Exchange Server 2007, Forefront Security for Exchange, System Center Essentials, the next version of ISA Server and SQL Server 2008 into an “all-in-one” solution.  It will include a Standard and Premium Edition.  Windows Essential Business Server will provide a single Client Access License for all included products and offers new technologies which simplify license management.  Within the administration console, IT professionals can easily ascertain how many licenses they have, who the licenses are assigned to and - when an employee leaves the company - easily re-assign licenses.

So we are a step closer to having a product which so far seems everything that SBS 200x has been for the Small of the SMB market.

Here are some links to other Windows Essential Business Server news today:

• · Kevin Beares, Community Lead, Windows Server Solutions Group (WSSG)
• · Eric Ligman, Microsoft US Senior Manager, Small Business Community Engagement
• · Joel Sider, Windows Server Division

If you are interested in joining the Windows®Essential Business Server upcoming Beta 2 effort;

1. Please go to http://connect.microsoft.com,
2. Click on Invitations and sign in with your Windows Live ID (Passport ID).
3. Enter the following invite ID: EBSE-VKDP-276Y.
4. You will be asked to take a short survey. 
5. Once you complete the survey we will evaluate your application for participation in the Techbeta.
6. Then look for an email from MsftConn@microsoft.com with further details.

*** Oh Yeah Please if you just want a look and don't want to be a real participant then waiting, until the Beta goes Public would be way better ***

When we think of what we are going to offer to the Market where do we start?

Our core competencies of course, so what are competencies that are relevant to this market space...

• Server and Desktop Products
• Anti-Virus
• Storage
• Data Protection
• Virtualization
• Collaboration
• Firewall and Security
  

The Architecture of as SME MANAGED Network would include

• Windows Core Operating Systems
• a centrally managed anti-virus solution
• appropriate Direct Attached, Network Attached or Block Protocol Storage
• appropriate Backup, Disaster Recovery (DR) & Business Continuity (BC) including policy not just the technology solution
• collaboration tools
• traffic control and policy based protection systems
• in support of availability or recoverability requirements Virtualization if appropriate.

As promised I'm going to discuss how I define each and what this means to the entire SME Managed Initiative.

Looking around for a definition I found this "So what is the difference between architecture and design? Architecture casts non-functional decisions and partition functional requirements, whereas design is a principle through which functional requirements are accomplished. Architectural heuristic means that it is necessary to go one level deeper to validate choices, so the architect has to do a high-level design to validate the partitioning."

WHAT THE??

OK an Architecture will define in broad brush strokes the things we want to achieve and the Design is how we get there, Architectures to my mind are the ideas of what functions are required to meet the business need, and the IT Specific requirements to get there.

• An Architecture should describe something with many possible implementation choices open for the designer of the final product.
• A Design should have only one way to obtain the desired result.

 So what does this mean in the overall scheme of what I want to achieve here? I want to get on paper the whole process. So in the Infrastructure, Architecture and Design Sub-Section we will do the whole journey and similarly in the managed section for the management products we will define.

So the reason I killed the standalone Design section is because I can't have Infrastructure without the Design, and no Design without an Architecture. AND I wan't to have it be in one RSS Feed. Right? Everyone OK with that

Many times I have had a conversation about Architecture vs Design with people and how my definition may be different to that of many others.

Now provided you publish your definition and then are always consistent with that, everyone should still be reading from the same sheet of music so I will explain what I think each term means in a post later on.

Right now I want to explain why the Design sub-section bit the dust in this collection of my method for building and supporting the SME Space.

I want to order my thinking while also making it logical for others so I will talk in three main areas

• Infrastructure, Architecture and Design
• Management
• Support

I can't build anything with out a Design and I build Infrastructure so hand in glove, good

I need to manage what I build so far so good.

Things break and stuff happens not so good, but a knowledge base of fixes might make it good.

This will be the most contentious Sub-Section because I will obviously borrow heavily from existing community resources to fill this but will republish because I will want a standard format. Look out for attribution track backs and please if you think I have not given credit where it is due pull me up! Comments for improvements are also very welcome.