Microsoft: password policy limitations

I sometimes get asked what the limitations are for the default password policy in a Windows AD domain. Here goes:

• You can only enforce one password policy per domain
• Password Never Expires: If selected, the password for this account never expires. This setting overrides the domain account policy. Generally, it's not a good idea to set a password so it doesn't expire because this defeats the purpose of having passwords in the first place. But it is useful in combination with service accounts
• Should be applied on the ROOT domain container

VMware: VMworld 2006 presentations

The presentations & audio recordings from VMworld are available at http://www.vmware.com/vmtn/vmworld

Microsoft: Windows Virtualization Session

Baeke had a sneak preview on the new Longhorn virtualization ESX wannabee. All in all, it looks very promising! Check his post here

General: To Virtualize Applications or not

Ruben Spruijt has written an excellent article (in dutch) on application virtualization. He compares Softgrid, SVS and Citrix Streaming and their (dis)advantages. Download the article here (in pdf format).

Citrix: Web Interface 4.5 available now

As mentioned in the title: the all-new Web Interface for Citrix has been released. You can download it on http://www.mycitrix.com

Version 4.5 of WI introduces the following new features:

• Web-based Self-Service Password Reset support for Password Manager 4.5
• Password expiration notification
• Application streaming support for the soon-to-be-released streaming product (Project Tarpon)
• Built-in support for Active Directory Federation Services
• Published application URLs – drag and drop app icons from the web page to your desktop, or add applications to your IE Favorites list!
• Enhanced rebranding support from within the Access Management Console
• Supports SSL encryption of Configuration Manager traffic


• Based on .NET 2.0

VMware: how big can VM snapshots grow?

Ever wondered how big a VM snapshot (redo file) could grow? It seems that snapshots can only grow to a max of the size of the original VMDK, and never larger. Multiple changes to the same block are only stored once. So the snapshot for a 30GB VMDK could ultimately grow as big as 30GB if every block changes needing a total of 30GB.

VMware: VMotion Info tool

I found a very interesting & easy to use tool to check CPU compatibility of your ESX hosts via VirtualCenter.

Interested in knowing if all your physical ESX servers are the same? VMotion Info will help you find out. The application gathers the important system information from your hosts and puts this in one single overview.

Check it out on Run-Virtual. Install, connect to your VirtualCenter & enjoy! .NET Framework 2.0 is required to run!

HP hardware: c-class blades & ESX

I recently visited a Citrix conference in Antwerp. There was a very technical session on the new HP c-class blades. I can only imagine the things you could do with this hardware setup in an ESX environment. 16 HH blades in a small 10 U enclosure, in combination with a 2 socket, quad-core CPU blade. A true datacenter-in-a-box. The thing that really did stand out is HP Virtual Connect or the ability to virtualize hardware (say HBAs or NICs) inside the enclosure. Finally, true plug-and-play of a blade can be achieved in this way.Cool!

HP Virtual Connect for the HP BladeSystem c-Class

HP has addressed connectivity as part of an overall virtualization strategy. HP Virtual Connect technology works with other virtualization technologies – such as virtual machines, clients and storage to make a fully virtualized environment a reality.

HP Virtual Connect pools and abstracts the LAN and SAN connections to servers and virtual machines in the HP BladeSystem to provide ultimate server flexibility and eliminate time intensive management processes.

HP Virtual Connect – Breaking down barriers to change

HP Virtual Connect modules for HP BladeSystem make LAN and SAN connections available to a pool of up to 64 servers, allowing administrators to define a server’s I/O connections to independently manage blade servers and their connectivity. Connections and configurations between server blades and the LAN and SAN can then be deployed at the click of a button, and migrated to another server bay instantly – all without disturbing the LAN or the SAN settings or administrators. Provisioning and maintenance time are slashed, productivity is improved, and customers gain the ability to more easily pool server resources.

VMware: physical switch load balancing

One of the most difficult (and almost undocument) features of ESX is to configure your switch for assisted load balancing for a VM Network vswitch with more then 1 pNICs. You should be aware of the fact that ESX supports 802.3ad Static only (EtherChannel).

In essence, you need 2 things:
1. A load balancing schema on your switch port group, based on the switch configuration. The trick here is to setup your vSwitch load balancing policy to be compatible.

• src-mac, dst-mac, src-dst-mac = MAC hash
• src-ip, dst-ip, src-dst-ip = IP hash

For Cisco catalyst switches, issue the show etherchannel load-balance command. This should result in something like src-dst-ip.

2. VLAN trunk port on your switch when using different VLANs (VST mode) for your Virtual Machines

To achive this, you need to configure your switch(example for a catalyst running on IOS creating an etherchannel for 3 pNICs):

----------------------------------------------------------
interface port-channel1
description VMware ESX - Trunk A
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200 (= VLANs to be assigned)
switchport mode trunk
switchport nonegotiate (=ESX does not support DTP (dynamic trunking protocol). So when you configure a trunk port, set it to nonegotiate)
spanning-tree portfast trunk
!
exit
!
interface GigabitEthernet1/1
description VMware ESX - Trunk A - NIC 0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200 (= VLANs to be assigned)
switchport mode trunk
switchport nonegotiate (=ESX does not support DTP (dynamic trunking protocol). So when you configure a trunk port, set it to nonegotiate)
spanning-tree portfast trunk
channel-group 1 mode on
!
exit
!
interface GigabitEthernet1/2
description VMware ESX - Trunk A - NIC 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200 (= VLANs to be assigned)
switchport mode trunk
switchport nonegotiate (=ESX does not support DTP (dynamic trunking protocol). So when you configure a trunk port, set it to nonegotiate)
spanning-tree portfast trunk
channel-group 1 mode on
exit
!
interface GigabitEthernet1/3
description VMware ESX - Trunk A - NIC 2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200 (= VLANs to be assigned)
switchport mode trunk
switchport nonegotiate (=ESX does not support DTP (dynamic trunking protocol). So when you configure a trunk port, set it to nonegotiate)
spanning-tree portfast trunk
channel-group 1 mode on
----------------------------------------------------------

There is however a whitepaper available on the VMware site. Download it here

Citrix: Comparing Longhorn WTS to Citrix PS Application Publishing

Katie Poepke..I mean Koepke has an excellent article on Application Publishing. She compares Longhorn Terminal Services Remote programs to Citrix Presentation Server Published applications. Check it out on the BrianMadden website

Citrix: Session Sharing Explained

Patrick Rouse wrote a very interesting article on Citrix session sharing & how you can enable/disable this feature when publishing desktops or applications. Check it out here!

Visio stencils for hardware

I just discovered a great place to download a lot of hardware-related visio stencils. Check it out: http://www.visiocafe.com

Announcing Process Monitor v1.0

The sysinternal guys released a new tool: Process Monitor.

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 and Windows Vista.

Check it out here

VMware: Setting Regional settings for a template

An annoying thing while deploying a template in VirtualCenter is the fact that the regional settings are always defaulted to English-US. VirtualCenter uses the following files to run a sysprep on a template machine:
1) VMware VirtualCenter 2.0\scripts\gensysprepinf.vbs
2) VMware VirtualCenter 2.0\scripts\autoprep.wsf

These are the steps to follow (this example is for Belgium):

• Make a backup of both files
• Decrypt the files mentioned above. By default, they are encrypted
• Edit gensysprepinf.vbs
• find the following string:
  if mProductID <> "" then
  outStr = outStr _
  & " ProductID=" & mProductID & vbCrLf
  end if
• add the following part AFTER the string just mentioned:
  outStr = outStr _
  &vbCrLf _
  &"[RegionalSettings]" & vbCrLf _
  &amp;" LanguageGroup=1" & vbCrLf _
  &" SystemLocale=00000813" & vbCrLf _
  &" UserLocale=00000813" & vbCrLf _
  &" InputLocale=0813:00000813" & vbCrLf
• Save it in the appropriate directory (VMware VirtualCenter 2.0\scripts\gensysprepinf.vbs)


• Edit autoprep.wsf


• Find the string <script language="VBScript.Encode" src="gensysprepinf.vbs">
• Alter the string to <script language="VBScript" src="gensysprepinf.vbs">
• Save the file in the appropriate directory (VMware VirtualCenter 2.0\scripts\autoprep.wsf)
• Done

You can generate your own country codes by downloading the sysprep tools from http://www.microsoft.com/downloads and running setupmgr.exe

VMware: Extending partitions with GParted

Baeke has an interesting article on extending the Windows system partition with a free tool called GParted (Gnome Partition Editor). It can be downloaded here.