Before we start, we will need to make sure we have a few things ready:

1. USB (2.0) stick >16GB (>32GB USB 3.0 is recommended for seamless performance)
2. Windows 8 ISO (or at least the install.wim file from inside the ISO)
3. A system with the Windows Automated Installation Kit (WAIK) installed

The first thing we will need to do is make sure that the partitions on the disk are set up correctly. For this, we will need to run “diskpart” from a command prompt. When you see the diskpart command prompt, enter the following command:

list disk

This will show all the disks currently attached to the system. Identify your USB disk. (Make sure you do this correctly. We don’t want to trash the system disk!) Once identified, enter the following command, substituting X with the disk number of your USB disk:

sel disk X

Now that we have the correct disk selected, we can partition and format it with the following sequence of commands:

clean

create partition pri

format fs=ntfs quick

active

exit

Windows To Go – Format USB stick

At this stage, you should be able to see your empty USB drive in Windows Explorer. If you can’t, you may need to assign the disk a drive letter. You can do this by running computer management (compmgmt.msc) and then selecting the disk management node, right-clicking your partition on the USB drive, and selecting the “Assign drive letter” option.

Now we need to get our hands on the install.wim image file, which is located inside the Windows 8 ISO. If you are running Windows 8, you can just double-click the ISO file and access the files via Windows Explorer (similar to how ZIP files are handled). If you’re running a previous version of Windows, you may need a third-party tool to open the ISO, such as 7-Zip.

Once you’re able to access the files in the Windows 8 ISO, you will find install.wim in the “sources” folder. Now that we have the WIM file, we can apply it to our USB disk. Start the Deployment Tools command prompt. (This is just a regular command prompt, but it loads extra locations into the path when it starts.) Then, run the following command:

imagex.exe /apply c:\path\to\install.wim 1 X:\

You will need to replace the path to install.wim and also substitute X: with the letter assigned to your USB drive. This stage may take quite a while, but we’re almost there.

Once the image has applied, we just need to set up a boot record on our USB disk. To do this, issue the following command from a regular Windows 8 command prompt:

bcdboot.exe X:\windows /s X: /f ALL

Again, make sure you substitute X: with the letter assigned to your USB disk.

Windows To Go – Startup Options

Our basic Windows To Go workspace is now complete. Reboot your system and press F12 (or whatever key is required to get the boot menu), and then select the USB device. Windows should load from your USB drive!

• Windows To Go introduction (0)
• Windows 8 new features – The complete list (0)
• Windows 8 Hyper-V (0)
• Windows 8 Metro – Disable in Windows Server 2012? (0)
• Domain join behavior in Windows Server 8 (0)

Remember that first time you tried to fire up a virtual test machine in Windows 7 Virtual PC only to discover that 64-bit operating systems were not supported? How disappointing!

Enable Hyper-V in Windows 8

Fret no more. Windows 8 desktop includes Hyper-V 3.0. I’ve spent some time checking it out and I’m quite impressed. The reason I’m so impressed is that the new feature looks and feels just like the Hyper-V Manager we all grew accustomed to in Windows Server 2008 R1 and R2. It is in fact the exact same tool available in Windows Server 2012.

Please note that you will need Windows 8 Professional to run Client Hyper-V (see edition features). Windows 8 (standard edition) and Windows 8 RT (for ARM processors) won’t support Client Hyper-V. You can try Client Hyper-V by downloading the current Consumer Preview.

Client Hyper-V hardware requirements and Limitations

The added capability also includes new hardware requirements. The good thing is that your typical modern desktop system should support them.

• 4GB of RAM is a requirement. You will probably have at least 4GB if you’re going to be running virtual machines.
• A 64-bit Second Level Address Translation (SLAT) capable system is also required. Intel’s Desktop i-series (i3, i5, i7) supports SLAT. For AMD support see AMD Processors with Rapid Virtualization Indexing Required to Run Hyper-V in Windows 8. Also see Hyper-V: List of SLAT capable CPUs for Hosts for more information.

Although the Hyper-V Manager tool looks identical to what you see in Windows Server 2012, there are a handful of features that cannot be used in Client Hyper-V.

• Remote FX
• Live VM Migration
• Hyper-V Replica
• SR-IOV networking
• Synthetic Fibre Channel

For additional information please see Microsoft Technet Client Hyper-V Survival Guide.

Enable Hyper-V in Windows 8

Enabling Hyper-V is extremely easy in Windows 8.

1. If you are at the Start screen, begin by clicking Desktop.
2. Now move your mouse to the bottom left corner of the screen and right-click when you see the start icon pop up.
3. Click Programs and Features and then click Turn Windows features on or off.
4. From here you can just enable Hyper-V and all other Hyper-V components will be installed. Included are the GUI Management Tools, Module for Windows Powershell, and the Hyper-V Platform.
5. After clicking OK, you’ll have to restart. Once you get to the logon screen, the machine will restart again.

After logging back in, you may have to scroll in the Metro interface all the way to the right to see a new tile labeled Hyper-V Manager. Click the tile and Hyper-V Manager is opened at the Desktop.

Hyper-V in Windows 8 Metro

If you’ve been using Hyper-V Manager in Windows Server 2008, the GUI in Windows 8 will feel very familiar. What really impresses me is that it doesn’t appear that any features have been stripped out that would make the desktop version a “dumbed-down” version with limited usefulness. For example, an important difference is that Windows 8 Client Hyper-V is a bare metal hypervisor (type 1) as opposed to the Windows 7 Virtual PC hypervisor that is hosted (type 2). Thus you can expect better performance and more reliability with Hyper-V in Windows 8.

Two features that stood out to me were the expanded list of processor and virtual NIC options.

Processor settings

• NUMA – NUMA customizations can now be made for each virtual machine. Previously this could be done in the host settings but not per VM.

Hyper-V Windows 8 – Processor settings

Network adapter

• Bandwidth – Enable Bandwidth Management and control the minimum and maximum bandwidth for a virtual network adapter. The settings are in MBps.

Hyper-V Windows 8 – Network settings

Windows 8 Client Hyper-V is definitely a great improvement over Windows 7 Virtual PC.

• How to install Windows To Go (0)
• Windows To Go introduction (0)
• Windows 8 new features – The complete list (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Windows 8 Metro – Disable in Windows Server 2012? (0)

After implementing this in several organizations, I’ve discovered several issues that may be of interest if you’re planning on implementing Folder Redirection.

Test, test, test

If you’ve read other Group Policy articles I’ve read, I harp on testing. Sorry, but way too many people make a change in a production environment before trying it out on test systems first.

Communicate to end users

If Folder Redirection is new for your users, make sure they know the change is coming. Most users will never notice until they accidentally delete a file or have a machine die and you become their hero.

Slow logons after implementation

One of the things you’ll need to communicate with users if you have pre-Windows 7 computers is that they may see slow logons the first time they log into their computers after Folder Redirection is implemented. Not only are everyone’s files being copied to the file server, but the server’s NIC and the network will probably be saturated with file transfer traffic. (Microsoft improved this in Windows 7 with Fast First Logon.

Broken shortcuts and Recent Documents

If users have created shortcuts to documents or folders inside of folders that you’re redirecting, they may end up with broken shortcuts. The same is true for the Recent Documents feature in applications like Word and Excel.

Which folders to redirect

Decide beforehand what you want to redirect vs. what you really need to redirect. Is it really important to redirect Downloads? How about Saved Games? Everything you redirect is going to have an impact on how much storage you need.

Planning storage

For your shared folder, you’ll want to make sure that the share is on a volume that is large enough to handle the amount of data that your users will be storing. There are a few ways to accomplish this, but most of them depend on your server environment. If your file server is a virtual machine, you can always expand your virtual disk and then expand the volume in Windows if you start to run low on disk space later. In the event you’re using a physical server connected to some kind of Fiber Channel or iSCSI SAN, you can do pretty much do the same thing: Expand the volume on the SAN and then expand the volume in Windows.

The amount of storage you’ll need can vary widely depending on the types of users you’re supporting. I’ve seen administrative users (accountants, HR, etc.) users use as little as a few hundred megabytes and engineers use hundreds of gigs. Plan accordingly!

File server configuration

File server configuration can have an impact on Folder Redirection. Just be aware that things like antivirus or an IDS application can impact your users. Also be aware of whether or not File Screening is being used to block files on your file server since this will impact Folder Redirection also.

Consider using DFS

If you’re already using DFS, seriously consider using DFS for your folder redirections. In the event you need to change servers or create a more redundant file server, everything you need is already built in to DFS.

Stopping Folder Redirection for labs and kiosks

If you have training facilities, kiosks, or other computers where you don’t want user folders being redirected, you’ll need to use loopback processing. In most cases, using Replace will be the easiest since it will just ignore all of the User Configuration. In the event you do decide to use Merge, make sure you set a User policy that redirects all of the folders to the local user profile.

Offline Files

In most circumstances, the default settings for Offline files will probably be adequate. In the event you need to change those settings, Offline Files can be configured for the entire computer in the GPMC at Computer Configuration > Policies > Administrative Templates > Network > Offline Files. On the user side, it is located in User Configuration > Policies > Administrative Templates > Network > Offline Files. By default, Redirected Folders will be made available offline. On both sides, you can disable Offline Files by setting “Prevent use of Offline Files” to Enabled.

Folder Redirection – Prevent use of Offline Files

Disabled Offline Files and server availability

In the event you need to disable Offline Files for security reason, you’ll want to make sure that your file server is as highly available as possible. In the event your file server does need to be offline or reboot, just be aware that any logged in users will immediately lose access to their files until the file server becomes available again.

Folder Redirection – Offline Files disabled and file server unavailable

• Folder Redirection – Part 4: Group Policy configuration (0)
• Folder Redirection – Part 3: Explanation of folder permissions (4)
• Folder Redirection – Part 2: Setting up your file server (0)
• Folder Redirection – Part 1: Introduction (0)
• Microsoft Desktop Optimization Pack (MDOP): Advanced Group Policy Management (AGPM) (0)

Now that we have a server with a share configured, we’re ready to set up the Folder Redirection in Group Policy. Folder Redirection is User configuration. Because of that, you’ll need to either create a new Group Policy Object (GPO) or edit an existing GPO that is linked to an OU for your users. Go to User Configuration > Policies > Windows Settings > Folder Redirection.

GPMC in Windows 7 Showing Folder Redirection

Right-click on one of the folder names and click Properties. In my example, I’ll be using Documents. The first thing you’ll want to set in the Target tab is how you want to redirect folders: Basic or Advanced. If you’re planning on directing every user to your new User share, then Basic will probably do for you. If you have multiple shares for Folder Redirection (possibly for departments or geographical locations), you can choose Advanced and assign specific folders for groups.

Folder Redirection Properties

Next, you’ll need to determine where you want to redirect the user folders. In most circumstances, you’ll probably want to use “Create a folder for each user under the root path.” However, you can also use a user’s home directory (if you have that attribute configured in AD), a specific path (for labs or common area computers where every user should share certain folders), and the local user profile (useful if you don’t want users reconfiguring folder locations).

Target folder location

Type in the name of your server and the path to your Users share. If you used the option to create a folder for each user under the path, you’ll see that your folder structure should be in the format \\fileserver\Users\%username%\redirectefoldername for each Folder Redirection you configure.

Root Path setting

Go to the Settings tab. Uncheck the checkbox by “Grant the user exclusive rights to Documents.” If you don’t uncheck this setting, the permissions will be configured so that even Administrators won’t be able to access the files without changing the folder permissions.

Settings Tab

Choose the settings for the remaining options that work for your environment and click OK.

That’s it! All you need to do is go to your test system, refresh Group Policy, log off, and log back in. Just be aware that when you run gpupdate, you’ll get a reminder that you need to log out and back in for the changes to take place.

In the last post of this Folder Redirection series I will share some best practices tips.

• Folder Redirection – Part 5: Best practices (1)
• Folder Redirection – Part 3: Explanation of folder permissions (4)
• Folder Redirection – Part 2: Setting up your file server (0)
• Folder Redirection – Part 1: Introduction (0)
• Microsoft Desktop Optimization Pack (MDOP): Advanced Group Policy Management (AGPM) (0)

At this point, you may have noticed that we didn’t give our users very many permissions on the Users folder. First and foremost, we made sure that one user can’t see inside of another user’s folder. It’s also pretty obvious that we don’t want to give users the ability to do things like take ownership, delete files/folders, or change permissions, but a few of the other missing permissions take a little more explanation.

First off, you don’t want users to have Create files/write data permissions or they can save files into the root of the shared folder. Since we’re redirecting folders, we only want the users to be able to create folders in the root Users folder, but not individual files. Once the user creates a folder named %username%, the CREATOR OWNER permission will take over (since it is a sub-folder of Users) and will give the account full control over the %username% folder and everything inside of it.

Second, List folder/read data is also missing because we don’t want users to be able to enumerate folders in the share. Here’s what it will look like to the end user if they try to go to \\fileserver\Users:

User can’t enumerate folders

However, if the user tries to go to \\fileserver\Users\%username%, he can see all of his folders:

User CAN see inside username folder

To the Administrator, you’ll still be able to see everything on the server:

Redirected folders on server

Why would you want to do it this way? The biggest reason is that we’re giving the user the ability to create folders in the Users share. That means that there is nothing to stop a user from creating a few hundred folders and then saving files into those folders inside of Users. By removing the ability to enumerate folders in the Users share, you eliminate the ability of the user to see what is in the folder. It doesn’t stop the user from being able to create other folders or copy data into them, but it makes is much more difficult to use should they decide to try.

The other big benefit you get is that users can’t see the other user account folders that are stored in the Users share. Can’t I do that with Access Based Enumeration? Yes… Access Based Enumeration will essentially hide any files/folders to a user that he/she doesn’t have permissions to see; but, it doesn’t solve the problem of the user being able to create new folders in your Users share. If you enable Access Based Enumeration and allow users to enumerate the contents of the share, they’ll just see their %username% folder and all of the other folders they’ve created there.

In the next post I will show you how to configure folder redirection in Group Policy.

• Folder Redirection – Part 5: Best practices (1)
• Folder Redirection – Part 4: Group Policy configuration (0)
• Folder Redirection – Part 2: Setting up your file server (0)
• Folder Redirection – Part 1: Introduction (0)
• Microsoft Desktop Optimization Pack (MDOP): Advanced Group Policy Management (AGPM) (0)

Before you set up Group Policy for Folder Redirection, you need a properly configured file server. In my examples, I’ll be using Windows Server 2008 R2, but earlier versions will have the same settings, more or less.

The first decision you’ll need to make is on the share name. My preference is typically to use “Users” since we’ll be redirecting user folders. As an added step, you can make this a hidden share (by adding a $ to the end of the share name) if you think that is necessary for your file server. It is fairly easy for users to discover where their folders are being redirected. Personally, I’m not a big fan of hiding shares unless they are being used in DFS or there is another good reason to hide them; but, that is typically a personal (or organizational) preference.

Starting with the Sharing tab, you’ll want to share the folder by clicking the Advanced Sharing button. Click the “Share this folder” checkbox and the share name should fill in automatically. Caching should default to “Only the files and programs that users specify are available offline.” Click the Permissions tab. In Permissions, you can probably check the Full Control checkbox and OK, but make sure that works for your environment. If you provision Guest accounts or have users that don’t need access to the Folder Redirection share, consider limiting the share to Domain Users or smaller groups of users.

Share permissions

The easiest method for provisioning new folders for users is to allow the logon process to create all of the folders automatically as they are redirected to the file server. To do this, you’ll need to set the file permissions so that users can create folders, but not access the folders of other users. This can all be done in the GUI, but I prefer using the icacls.exe utility to set the file permissions for something like this so I can be sure I don’t miss something. Here are the commands you’ll need:

icacls.exe C:\Shares\Users /inheritance:d

This removes inheritance on the folder and copies the existing permissions. We want to do this for two reasons: first off, any permission changes to the volume or top-level folder will propagate down to your shared folder which we don’t want. Second, the default file permissions will give “Users” access to read everything in the folder… we don’t want that either.

icacls.exe C:\Shares\Users /remove:g Users

Remove “Users” access to the folder so that users can’t get nosey and go through other users’ files.

icacls.exe C:\Shares\Users /grant Everyone:(x,ra,ad)

• Give “Everyone” execute/traverse (x), read attributes (ra), and append data/add subdirectory (ad). After running the command, your permissions should look like this:
• Administrators (Full Control) – This folder, sub-folders, and files
• SYSTEM (Full Control) – This folder, sub-folders, and files
• CREATOR OWNER (Full Control) – Sub-folders, and files
• Everyone (Special – Traverse Folder/Execute File, Read Attributes, Create Folders/Append Data) – This folder only

File permissions

In my next post I will discuss folder permissions.

• Folder Redirection – Part 5: Best practices (1)
• Folder Redirection – Part 4: Group Policy configuration (0)
• Folder Redirection – Part 3: Explanation of folder permissions (4)
• Folder Redirection – Part 1: Introduction (0)
• Microsoft Desktop Optimization Pack (MDOP): Advanced Group Policy Management (AGPM) (0)

If you’re like me, you’ve probably gotten a frantic call from a customer because they have a computer that won’t boot and they have irreplaceable files on their local hard drive. Try adding clicking or grinding sounds coming from that computer along with no recent backup to the mixture. Sound familiar? That combination can add up to a very upset customer and possibly a very expensive bill if you have to get data restored from that failed hard drive.

The good news is that there is something you can start doing today to start combatting that problem: Folder Redirection in Group Policy. To get started with Folder Redirection, you’ll need to be running Active Directory (any functional level), have an available file server, and a management station running the Group Policy Management Console. As with most Group Policy, the latest version of the GPMC is preferred, but most of these settings are available in older versions.

So what exactly does Folder Redirection do? Folder Redirection takes common user profile folders from C:\Users (or C:\Documents and Settings\ in Windows XP) like the Desktop or Documents and puts them on a UNC path instead of the local hard drive of the computer. I

In addition to the immediate benefit of having that data on a file server that is much easier to keep backed up, the user also gets the benefit of being able to go to multiple computers in your organization and still have access to their data. Using the default Windows settings and the default share settings on your file server, these redirections will be even made available offline automatically for your users. (Don’t worry, this can be controlled separately in Group Policy, which we’ll cover in a later article.)

Documents Redirected in Windows 7

In the GPMC, the Folder Redirection settings can be found in User Configuration > Policies > Windows Settings > Folder Redirection. If you’re using the GPMC in Windows XP, you can redirect Application Data, Desktop, My Documents, and the Start Menu. In addition, folders in Windows XP that are inside the My Documents folder like My Music and My Pictures will follow My Documents when it is redirected.

GPMC in Windows XP Showing Folder Redirection

If you’re using the GPMC in either Windows 7 or Windows Server 2008 R2, you’ll see that the list of folders that can be redirected is much longer. AppData (Roaming), Desktop, Start Menu, Documents, Pictures, Music, Videos, Favorites, Contacts, Downloads, Links, Searches, and Saved Games can all be redirected in Vista, 7, Server 2008, and Server 2008 R2.

GPMC in Windows 7 Showing Folder Redirection

In the next post of this series I will explain how to set up Folder Redirection.

• Folder Redirection – Part 5: Best practices (1)
• Folder Redirection – Part 4: Group Policy configuration (0)
• Folder Redirection – Part 3: Explanation of folder permissions (4)
• Folder Redirection – Part 2: Setting up your file server (0)
• Microsoft Desktop Optimization Pack (MDOP): Advanced Group Policy Management (AGPM) (0)

Cluster Shared Volume setup

We’re almost ready to make virtual machines highly available. The last step is to enable Cluster Shared Volumes and assign a volume as a cluster shared volume. With the cluster object selected, click the link in the main pane Enable Cluster Shared Volumes. You will receive an informational message indicating that the storage is only meant to be used for virtual machines.

Hyper-V Cluster – CSV Warning

Now that cluster shared volumes are enabled, let’s make the disk we called cluster shared volume 1 into an actual cluster shared volume.

• Right-click Cluster Shared Volumes in the left pane and select Add Storage.
• Select the disk called cluster shared volume and click OK.
• The disk will now be displayed in both Cluster Shared Volumes and Storage.

With the cluster share volume created, all virtual machine files will be saved to the new directory C:\ClusterStorage\volume1.

Add virtual machines to the cluster

Now that everything is in place, we can add virtual machines to our cluster. There a couple ways you can do this.

• Existing virtual machines should be shut down, vhd files moved to C:\ClusterStorage\volume1, and then have the properties updated.
• With that finished right-click the cluster object in the left pane of Failover Cluster Manager and select Configure a Service or Application.
• Select Virtual Machine and click next.
• Select virtual machines from the list that should be clustered and click Next.
• Click Next and/or Finish until the wizard is finished.

Choose Virtual Machine  – Select the virtual machine(s) you want to cluster

New virtual machines can be created in a much more direct manner.

• Using Failover Cluster Manager, right-click Services and Applications in the left pane, hover Virtual Machines, and select which host the virtual machine should be created on. Although you are picking one host, the VM will automatically be clustered and could be moved to any host in the cluster without need for any further configuration once the creation wizard has finished.
• From here on out the wizard is essentially identical to the wizard you would access from Hyper-V Manager. The only important thing to keep in mind is to make sure the machine location and vhd files is modified to C:\ClusterStorage\volume1. For example, for an IIS server, I might change the location to C:\ClusterStorage\volume1\IIS.

Create new VMs in Failover Cluster Manager – Modify location to cluster shared volume

The final step is to test moving a virtual machine between hosts. With Services and Applications selected in the left pane, right-click a running VM hover Live migrate virtual machine to another node, and select Live migrate to node Host2. After a few moments, FCM will update and show that the current owner is Host 2.

In this final post in the Hyper-V Clustering for Beginner’s series, we enabled and setup cluster shared volumes, added existing and new virtual machines, and tested migration between hosts.

• Windows 8 Hyper-V (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Hyper-V cluster – Part 6: Create a cluster (0)
• Hyper-V cluster – Part 5: Quorums and disk configuration (0)
• Hyper-V cluster – Part 4: Host setup, and cluster shared volumes (0)

Verify Cluster Components in place

The Failover Clustering management console provides a list of links in the main display area. One of those is Validate a Configuration. This will give a nice report to assist with tying up any loose ends you may not have thought of. This step is not required, but I highly recommend completing it. A good rule of thumb is to address every error and warning until running the validation wizard yields a green check mark indicating success. One of the more common items to address is matching service packs and updates on each host.

Begin by validating your configuration

Create cluster

1. Now that validation has passed to ensure our environment is ready, the cluster can be created.
2. Open Failover Clustering and click Create Cluster.
3. Add the nodes that will be participating in the cluster.
4. When prompted for a name and IP address, provide an IP for the client network. This will be the IP address of the cluster object. The cluster name you input will become the name of the computer object in Active Directory that represents the cluster. For this example, I’ll call it VMCluster.

Create Cluster Wizard: Specify IP address for cluster

One of the final screens in the wizard will display a summary of results. If you’ve been following along with my instructions and have an even number of nodes, you’ll see a warning stating ‘No appropriate disk could be found for the quorum disk.’. No need for alarm here as the Node and Disk Majority quorum type simply hasn’t been setup yet.

Create Cluster Wizard warning regarding no quorum disk found

Add Disks to Cluster

1. Now let’s get the disks added that will be used for our quorum and cluster shared volume.
2. Expand your new cluster in the left pane of the Failover Cluster Manager.
3. Right-click Storage and select Add Disk. Select the two disks and click OK.
4. Right-click and select Properties for each disk. Customize the name to something more meaningful. For my example, my quorum disk is 256MB and I renamed that to VMQuorum. The disk I’ll be using in this example is 100GB and I renamed it to Cluster Shared Volume 1.

Without Storage Adding Storage Updating Disk Name

Configure Node and Disk Majority Quorum

After initial creation, the cluster will default to the Node Majority quorum type. If you have an odd number of nodes, this option will work for you. If you have an even number of nodes than the quorum type should be changed to Node and Disk Majority.

We change the quorum type by right-clicking the cluster object in the left pane, hovering More Actions, and then click Configure Cluster Quorum Settings.

1. Select Node and Disk Majority and click Next.
2. Available storage will be displayed. Choose the volume called VMQuorum.
3. Another Next and Finish and the main pane of Failover Cluster Manager will display the updated status of your cluster.

Right-click cluster object to modify quorum Choose quorum type

Select a disk to use as Storage Witness Updated summary showing new quorum configuration

In this post, we validated that our configuration was correct and ready for us to configure clustering. We also added disks and modified the quorum type. In the next and final post in this series, we’ll enable cluster shared volumes and add existing and new virtual machines.

• Windows 8 Hyper-V (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Hyper-V cluster – Part 7: Custer Shared Volume and manage virtual machines (0)
• Hyper-V cluster – Part 5: Quorums and disk configuration (0)
• Hyper-V cluster – Part 4: Host setup, and cluster shared volumes (0)

Quorum

Quorum is an important concept to understand in clustering. For a cluster to be active, it needs some method of keeping track of which node is the current owner of the cluster object. How this is achieved depends on the number of nodes that will be in your cluster. If you have an odd number of nodes, the default quorum configuration Node Majority will work just fine. If you have an even number of nodes, quorum configuration Node and Disk Majority should be used.

For a cluster to be up, it has to have quorum. Quorum can only be achieved when greater than 50% of the quorum members are actively participating.

Node Majority – Let’s say you have only two nodes. With Node Majority, when both servers are active, everything will work fine. But as soon as one server goes offline, the percentage of participants is not greater than 50% and the cluster will then become unavailable.

In contrast, what if you have three nodes? In that case, if one host is down, you still would have 66% of the participants and the cluster is still available.

Node and Disk Majority – Let’s make the same comparison as before. In a two node cluster, when one host goes down, you still have one host and the disk participant so you still have 66% of the participants.

What about three nodes and the added disk participant? Having the disk participate here is not necessary. With the loss of one node, the other two nodes are still providing 66%.

The overall purpose of quorum is to maintain availability of the cluster even when half the nodes are offline. For further quorum documentation seeUnderstandingQuorumConfigurationinaFailoverCluster and AppendixA: DetailsofHowQuorumWorksinaFailoverCluster..

Configure disks

Now you need to get the disks connected to your host. Use an iSCSI intiator to connect to the SAN iSCSI targets. Windows Server 2008 and later includes iSCSI Initiator. Network cards that include iSCSI offloading may have their own connection client. Your list of connections should also include any CSV disks.

In Windows Server 2008 R2, the iSCSI Initiator allows you to quickly connect to the virtual disks on the SAN by typing in the IP address of the SAN and clicking Quick Connect. This will display a list of targets and allow you to select each one and click Connect.

a

Adding IP to host  – iSCSI Initiator connection for csv1 and vmquorum

Disk Management

With targets connected, the disks will display in Disk Management as offline. The disk that will be used for quorum can now be brought online and assigned a drive letter. Any disks that will be used as cluster shared volumes should be formatted but should not be assigned a drive letter or mount point. This is important to be aware of as it is a requirement for a CSV. In my example, I have a 256MB disk with drive letter Q for my quorum. I have another 100GB disk that I’ll use as a cluster shared volume.

Cluster Shared Volume 1 and Quorum disk for Hyper-V host cluster

This post covered the two different quorum types that you should use in Hyper-V clustering. Setting up your disks was also covered. The next post in this series will be covering the creation and configuration of your cluster and the cluster shared volume.

• Windows 8 Hyper-V (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Hyper-V cluster – Part 7: Custer Shared Volume and manage virtual machines (0)
• Hyper-V cluster – Part 6: Create a cluster (0)
• Hyper-V cluster – Part 4: Host setup, and cluster shared volumes (0)

Windows Server 2008 version

The first item to consider is which Windows Server 2008 licensing to use. If you take a look at Microsoft ’s comparison of editions for R2, you’ll see that Standard, Enterprise, and Datacenter editions each come with a different number of virtual machine instances included. Standard edition does not support Failover Clustering, so make sure you have Enterprise or Datacenter. Enterprise includes rights to run up to 4 virtual machines. Datacenter includes rights to run an unlimited number of virtual machines.

Basic Host Setup

Preparing the hosts to support clustered virtual machines involves a few basic steps.

1. Add hosts to your domain – Other Hyper-V configurations do not require that the host be a domain member. However, to support clustering, the hosts must be domain members.
2. Install Hyper-V Role – At this point, the hosts could run virtual machines. However, they cannot yet be made highly available.
3. Install Failover Clustering Feature – This enables clustering on your server. One of the cluster objects that can be created is a clustered virtual machine.

Server Manager with Hyper-V and Failover Clustering installed

Network Connections

Now you should make sure that all network connections are in place are ready to go.

1. Client Connectivity – this connection should be on a subnet that is accessible by client computers and will also have access to Active Directory. For discussion, let’s say the host will connect to Active Directory using subnet 10.10.10.0 with subnet mask 255.255.255.0.
2. Heartbeat – In a two-node cluster, this could be a direct connection. If you have more nodes, or want to build with scalability in mind, a switch should be used. For this one, let’s use 192.168.1.0 with subnet mask 255.255.255.0.
3. SAN Connection – This connection needs to provide Gigabit speed or faster between the hosts and the SAN. For this one, let’s use 172.16.1.0 with subnet mask 255.255.255.0.

Cluster Shared Volumes

Before R2, Windows Server 2008 required a separate disk instance for each virtual disk that virtual machines used. If you had a total of ten servers using 16 virtual disks, then you would end up with 16 disks being used. Since the operating system drive for each of those had to use a drive letter, pretty soon you had alphabet soup in Windows Explorer and Disk Management. Cluster Shared Volumes (CSV) has been added to streamline administration in R2 (aka Hyper-V 2.0). A CSV can now support the files and access for more than one VM. In a small environment, this could mean that all VMs use one CSV total or one CSV per host.

When you enable Cluster Shared Volumes in the Failover Clustering console, the C:\ClusterStorage directory is created which will contain a folder for each CSV in the cluster. This takes care of the alphabet soup I mentioned earlier. Using cluster shared volumes is not a requirement but I would highly recommend its use. There are some special requirements for using cluster shared volumes that are well documented at Requirements for Using Cluster Shared Volumes.

In this article I covered which versions of Windows Server you should use for clustering. I also covered getting the hosts ready and cluster shared volumes. In the next article in this series, I’ll be covering quorum and disk configuration.

• Windows 8 Hyper-V (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Hyper-V cluster – Part 7: Custer Shared Volume and manage virtual machines (0)
• Hyper-V cluster – Part 6: Create a cluster (0)
• Hyper-V cluster – Part 5: Quorums and disk configuration (0)

Host servers that will be clustered need to meet all of the same base requirements as Hyper-V hosts that will not be clustered. There are also some additional hardware and software considerations.

Dynamic Memory

Windows Server 2008 R2 (Hyper-V version 2) introduced dynamic memory. This allows an admin to assign a startup and maximum memory allocation for a virtual machine rather than a static number. When the VM is started, the minimum amount of memory is allocated and reserved. Anytime the amount of memory used by the VM encroaches upon the currently allocated memory, additional memory is added to the VM. At a later time, this memory could then be returned to the pool for dynamic assignment to another VM.

Hyper-V – Dynamic Memory Configuration

As mentioned in my series about upgrading from Hyper-V version 1.0 to 2.0, one big advantage with dynamic memory is that all memory on a host can be utilized under normal circumstances. If a host fails and VMs fail-over, memory can be reassigned. Before dynamic memory, host memory in a cluster environment would often sit unused so that VMs would have memory available in the case of failover.

Network Cards

At least 3 network cards should be in each host. One should be used to allow clients to connect and needs to be able to communicate with Active Directory. Another high performance NIC, or SAN NIC, should be used exclusively for SAN traffic. The SAN NIC needs at least Gigabit speeds to perform well. A third NIC should be used for heartbeat traffic. Depending on your environment and expected server load, separate physical network cards may not be necessary. A small setup could get away with using onboard NICs and one additional two-port NIC.

Live Migration is also an important feature to keep in mind when determining the number of network cards (or ports needed). Whether or not you need to plan for an extra NIC or port for Live Migration also depends on your setup. Fortunately; Microsoft has provided some guidelines for NIC configuration depending on the number available. See Hyper-V: Live Migration Network Configuration Guide for more information.

Motherboard

Special consideration should be taken to assure you don’t have any bottlenecks at the hardware level. There is going to be an immense amount of traffic going through a NIC between the Hosts and the SAN. It’s important to make sure that the SAN traffic coming in the NIC isn’t hampered a motherboard that isn’t designed to accommodate large amounts of throughput between a PCI-Express port and other hardware components. It might be helpful to obtain a diagram of the motherboard to assure that pathways from the NIC are optimized.

Note that there also is one software requirement: If you need to use the Failover Clustering feature of Windows Server 2008, you must be running either Enterprise or Datacenter edition.

In this post I covered some of the additional host server hardware considerations for clustering Hyper-V. My next post will cover how to begin getting Hyper-V clustering setup now that all the pieces are in place.

• Windows 8 Hyper-V (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Hyper-V cluster – Part 7: Custer Shared Volume and manage virtual machines (0)
• Hyper-V cluster – Part 6: Create a cluster (0)
• Hyper-V cluster – Part 5: Quorums and disk configuration (0)

Let’s face facts: the Apple iPhone, iPod touch, and iPad were not designed for enterprise networks. The devices certainly were not intended to be integrated in Active Directory networks.

Nevertheless, Apple hardware is growing increasingly ubiquitous these days. The bottom line is that many Active Directory administrators carry iPhones instead of Android- or Windows Phone-based mobile phones.

Thus, we encounter the question: what iOS apps exist that can facilitate our management of Active Directory from our iPhones or iPads?

Before we list those apps, we need to understand some relevant Apple terminology. In Apple development nomenclature, an iOS device is a piece of Apple hardware that runs the iOS operating system. Examples of iOS-based devices include the iPhone, the iPod touch, and the iPad.

Furthermore, iOS applications can take one of three distinct forms:

• iPhone (pretty rare these days)
• iPad (these apps often have HD attached to their names and are designed to take advantage of the additional screen real estate offered by the iPad)
• Universal (an app that runs natively on either an iPhone, an iPod touch, or an iPad)

Newcomers to iOS development ask the reasonable question, “How in the world can a Universal app dynamically change its appearance depending upon whether the host hardware is an iPhone or an iPad?” If you are interested, the answer can be found in the article “Creating a Universal App” at the Apple iOS Developer Library.

In this article we will approach our app overview by examining these tools from three different perspectives:

• VNC, RDP, or SSH remote access clients
• VM remote access clients
• Dedicated admin tools

NOTE: All of the following iOS apps presume that your Apple device is connected to the same Wi-Fi network as the servers in your Active Directory environment.

VNC, RDP, or SSH remote access clients

Perhaps the most straightforward method for administering a Windows Server 2008 domain controller is to connect directly to the box by using a remote access protocol such as Virtual Network Computing (VNC), Remote Desktop Protocol (RDP), or Secure Shell (SSH).

iTap RDP client for iPad

• iTap Mobile RDP (Universal, $11.99): RDP client
• Jump Desktop (Universal, $14.99): RDP client
• iRemoteWin (iPad, $1.99): RDP client
• WinAdmin (Universal, $7.99): RDP client
• pTerm (Universal, $4.99): SSH and Telnet client
• iSSH (Univeral, $9.99): SSH and VNC client
• Screens (Universal, $19.99): VNC client
• VNC Viewer (Universal, $9.99): VNC client
• Mocha VNC (Universal, $5.99): VNC client
• Ignition (Universal, $99.99): Multi-protocol remote access client

VM remote access clients

Your Active Directory forest may be virtualized either partially or fully. The good news is that the major virtualization vendors have published iOS apps that facilitate remote connection to those devices and infrastructures.

• Citrix Receiver (Universal, Free): Citrix client
• VMware vSphere Client (iPad, Free): VMware client
• iVMControl (Universal, $9.99): VMware client

Dedicated Admin Tools

Now we turn our attention to iOS apps that were designed expressly for performing one or more specific Active Directory and/or server management tasks.

AD Manager Mobile for iPhone

• AD HelpDesk (Universal, $7.99): Domain user account password reset tool
• AD Manager Mobile (Universal, $4.99): Provides much of the functionality of Active Directory Users and Computers
• Smash! User Manager (Universal, Free): Domain user account management
• PC Monitor (Universal, Free): Hardware/software inventory management

Conclusion

Today we presented a summary of the most popular iOS apps for managing Active Directory from your Apple device. Have you used any of these tools to good effect in your environment? Have we missed an essential app? Please let us know in the comments portion of this post.

• Windows-to-Mac remote management with VNC and SSH (1)
• Mac-to-Windows Remote Desktop (RDP) and remote command connection (5)
• Speed up slow Windows file sharing in Mac OS X (1)
• How to share a folder in Mac OS X for Windows users (2)
• Troubleshooting the “Network accounts are unavailable” error in Mac OS X Lion (3)

Gigabit or faster SAN switching

The choice of which switch to use relies on which SAN solution was used as well as the number of hosts and virtual machines the switching solution will support.

Hyper-V cluster – Switch diagram

Here are two scenarios:

Scenario 1: Small to Medium business with a small budget

• A small business might have two clustered Hyper-V servers with a total of 4-8 virtual machines split between them. In this case, a relatively low budget Gigabit switch could suffice to support SAN traffic. It might also double as a device to support heartbeat traffic on a different VLAN. Any solution should be as thoroughly tested prior to use in production as possible.

Scenario 2: Large business with a large budget

• A larger business might have switching integrated as part of the SAN hardware. In this case, switching would likely be 10Gb/s or faster to accommodate very large bandwidth needs. If switches are not integrated, great care should be taken to assure switches meet the throughput requirements for the workload. Switch vendors have specific products that are designed for virtualization in the data center. Larger environments also introduce the possibility of virtualnetworking.

Switches that will carry SAN traffic should have the ability to enable jumboframes, TCP/IPoffload, and receivesidescaling. Jumbo frames allow the use of 9000 byte frames as opposed to the typical 1500 bytes. This can drastically reduce overhead for the SAN. TCP/IP offload features will help offload some of the work from the processor. Receive side scaling will allow processor use to be spread to more than one core.

A word of caution, enabling these features does not always lead to better performance. As mentioned previously, test with different combinations of these features enabled until you find the one that provides the best performance.

Heartbeat switching

Regardless of the size, a Windows cluster will require a reliable means of maintaining a heartbeat. Heartbeat traffic should be isolated from potential bottlenecks at all times. If the cluster cannot retain a reliable heartbeat, the cluster does not live.

Switching for the heartbeat does not have to be Gigabit. The only major requirement for the heartbeat is that latency is very minimal. So even an older 10Mb switch could do the job. For more info see Recommendedprivate “Heartbeat” configurationonaclusterserver. When cluster nodes are separated by a WANtheheartbeatintervalmayneedtobeadjusted. By default the heartbeat is every 1.2 seconds. When two beats are missed, clustering will attempt to failover resources from the node it deems is missing. When you will only have two hosts, a crossover cable could be used instead of a switch.

Client access switching

Client access to the virtual machines running on the hosts should be isolated from SAN and heartbeat traffic. This is important because you don’t want peaks in user activity to affect the operation of the virtual machine. Remember, the host will see the iSCSI connected hard drive as a local hard drive and expect it to act like one. If client access traffic is competing, you could be asking for trouble. I’ve seen this cause problems in a test environment. The result of all that competition for bandwidth results in virtual machines that break.

In the next article, we’ll start looking at requirements on the host servers and then the actual steps involved in getting the pieces all working together.

• Windows 8 Hyper-V (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Hyper-V cluster – Part 7: Custer Shared Volume and manage virtual machines (0)
• Hyper-V cluster – Part 6: Create a cluster (0)
• Hyper-V cluster – Part 5: Quorums and disk configuration (0)

Pieces of the puzzle – Hyper-V hosts, switching, and a SAN

At a very high level, Hyper-V clustering is fairly straightforward. You have two host servers that form a Hyper-V cluster. Host servers store and access virtual machine files located on a SAN. Connection to the SAN is done using iSCSI protocol to make drives on the SAN appear as local drives to Windows Server. Because the virtual machines (VMs) are clustered, they can be moved between servers and provide high availability.

The SAN

The storage area network, or SAN, is a centralized location for storage of virtual machine files. The SAN is needed because Hyper-V hosts require a place to store virtual machine files that can be shared between multiple hosts. In the event of a host server failure, another Hyper-V host, utilizing cluster technology, can resume operation of virtual machines by assuming control of the virtual drive where the virtual machine’s files are stored. The SAN has to be setup and fully functional before creation of clustered virtual machines.

There are seemingly endless options when it comes to SAN solutions. The solution you choose will likely be dictated more by budget constraints than by system requirements. To illustrate, here are a couple scenarios:

Scenario 1: Software SAN for Small to Medium business with a small budget

A small business might host their SAN on a single server and share some network hardware with the rest of the network. The SAN server might run Windows Server 2008 R2 with a free iSCSI target solution like Microsofti SCS ISoftware Target or Starwind iSCSI SAN. Linux based Openfiler is another option.

Loss of this single server could cause the Hyper-V virtual machines to stop responding. (NOTE: Some vendors, like Starwind Software for example, may have the option of providing highly available storage though by having more than one SAN server).

Scenario 2: Hardware SAN for Large business with a large budget

A large business might host their SAN on server hardware from a vendor such as EMC or NetApp who specializes in building SAN hardware. The solution might also provide virtual drive replication and high availability. Loss of a single server would not prevent Hyper-V virtual machines from functioning normally.

Starwind Software management console

iSCSI Initiators and targets

Regardless of vendor and complexity, the SAN needs to provide iSCSI targets. An iSCSI initiator on the Windows Server 2008 host is used to connect to an iSCSI target on the SAN. Once the connection is established, specific virtual drives are added. In iSCSI, virtual drives are identified by logical unit number (LUN). Each connected LUN is seen by the Windows Hyper-V host as a local drive. The drive can then be formatted for storage of virtual machine configuration and hard drive files.

iSCSI Initiator in Windows Server 2008 R2

In the next posts I’ll be covering switching and additional host requirements for a Hyper-V cluster.

• Windows 8 Hyper-V (0)
• FREE: Veeam ONE Free Edition – Real-time Hyper-V and VMware monitoring (0)
• Hyper-V cluster – Part 7: Custer Shared Volume and manage virtual machines (0)
• Hyper-V cluster – Part 6: Create a cluster (0)
• Hyper-V cluster – Part 5: Quorums and disk configuration (0)

Who among the 4sysops readership remembers the Windows NT Server 4.0 installation process? Ah, the good old days. You’ll recall that we began the installation three 1.44-inch floppy startup disks. After bootup we then spent indeterminate time intervals installing undetected device drivers. Finally, with our fingers crossed and with a lot f luck, we might actually proceed to the actual OS installation.

Windows Server 8 Beta Metro UI

It wasn’t until Microsoft released Windows Server 2008 that we received full support for the mouse, enhanced video, and the network interface card all the way through installation; this was thanks to the nifty Windows Preinstallation Environment (PE).

This bit of negative historical background sets the stage for today’s subject. In my opinion, Microsoft has done some amazing work in streamlining the installation of their server operating system over successive product versions. If you haven’t yet downloaded the Windows Server 8 Beta ISO image yet, then please do yourselves a favor and nab it while it is still available.

In this blog post we will cover the Windows Server 8 installation process, touching on the high points, the low points, and most importantly the points of departure from Windows Server 2008 R2 installation.

Let’s mount the Windows Server 8 DVD in a physical or virtual computer and get to work!

NOTE: The Microsoft TechNet Evaluation Center includes all the usual preinstallation details, including Windows Server 8 release notes, system requirements, and marketing copy.

Enhanced Recovery Environment

After we boot our target machine from the Windows Server 8 Beta DVD, let’s begin our tour of Windows Server 8 Beta installation by clicking Repair your computer in the initial Windows Setup dialog.

Booting into Windows PE

As you see in the screenshot below, we can click Troubleshoot to “refresh or reset your PC, or use advanced tools.” Let’s click that button to see where the option takes us.

Windows Server 8 Beta enhanced recovery tools

The Advanced options screen gives us access to an elevated command prompt, which is nothing surprising. We also see the System Image Recovery option that exists in Windows Server 2008 R2 and Windows 7. With only a few mouse clicks, you can load a previously created operating system image from a local or remote location and restore the server as it existed on the system image creation date.

Windows Server 8 – Advanced recovery options

While the recovery tools as such really haven’t changed over the past couple of editions of Windows Server, the way in which we access them certainly has evolved.

Where is Features on Demand?

If you experimented with the Windows Server 8 Developer Preview that Microsoft released in late 2011, you probably noticed an installation option called “Features on Demand.”

The idea behind Features on Demand is that if a server role or feature is not in use on that server, then the installation binaries themselves should not exist on the local file system at all. This is the IT security principle of least service.

With Features on Demand, we not only reduce the attack surface of the server, but we also decrease the disk space usage footprint of the operating system itself.

However, you might be shocked to observe, as I was, that the Features on Demand installation option is not included in the Windows Server 8 Beta release. As you can see in the following screen capture, we have just two options:

• Server Core Installation: No GUI, managed either remotely or with PowerShell
• Server with a GUI: Full installation that includes Windows Explorer and Metro shell interfaces

Windows Server 8 – Selecting an OS install option

Quite honestly, I am completely baffled as to where the Features on Demand installation option went. Perhaps it will reappear in a future release. Perhaps its functionality will be integrated into the two existing installation options (both of which we are familiar with from Windows Server 2008 R2).

Regardless, the coolest Windows Server 8 Beta feature that I’ve seen is the ability to dynamically switch between the Server Core and Server with a GUI installation modes; we will learn how to do that later in this blog post.

No Microsoft accounts

If you have played around with the Windows 8 Consumer Preview, then you know how strongly Microsoft feels about your logging into Windows with a so-called “Microsoft Account.”

NOTE: Microsoft Accounts were previously known as Windows Live IDs.

The cool thing about Microsoft accounts is that they provide a Windows 8 user with transparent access to Microsoft online services, most notably their SkyDrive cloud storage service.

However, we domain administrators need full control over our security principals. Thus, we are relieved to find no trace of Microsoft Accounts in the Windows Server 8 Beta logon process. We instead use the familiar, garden variety local Administrator account.

Logging into Windows Server 8 Beta

Heavy PowerShell integration

Upon successful logon, you are presented not with the flashy, touch-centric Metro user interface, but instead with what looks at first like a traditional Windows 7 desktop.

Windows Server 8 Beta Desktop

Don’t be fooled—there are much more intense changes to the “traditional” Desktop interface than meet the eye. One significant difference between the Windows Server 8 Beta and Windows Server 2008 R2 desktops is the absence of a Start menu system. Instead, the button in the lower-left location of the Taskbar is simply a shortcut that launches the Server Manager console.

Microsoft clearly wants us administrators to center all of our server management around the Server Manager PowerShell host application. That’s right—when you issue commands by using the Server Manager control surface, you are actually running Windows PowerShell cmdlets in the background.

We can (and will) cover the ins-and-outs of the new Server Manager in a future 4Sysops blog post.

Windows Server 8 Metro user interface

At this point you might also have thought to yourself, “Cool! There is no Metro interface in Windows Server 8 Beta!” Not so fast—if you move your mouse to the lower-right corner of the Desktop, expose the Charm bar, and select Start, then you find yourself magically transported to the “you either love it or you hate it” Metro UI.

The Charm bar in Windows Server 8 Beta

Windows Server 8 Beta Metro UI

I must admit that I remain confused at Microsoft’s inclusion of the Metro UI in its Windows Server product. However, I must concede the possibility that perhaps one day in the near future we will manage all of our Windows servers from a tablet device. In that case, having a touch-centric UI would be eminently intuitive.

Hot server UI switching

As I stated earlier, I believe that hot user interface switching is the coolest new feature in Windows Server 8 Beta. Here is a typical use case: You need to install a Windows Server 8 box with the Server Core configuration to enhance the system’s security and to comply with IT department policy.

However, you aren’t yet up to speed on PowerShell and instead want to configure the server by using graphical tools. One option (with remote access obviously being another one) is to use the trusty Deployment Image Servicing and Management (Dism) tool to make a temporary switch.

For instance, to switch from a Server with a GUI (full) installation to Server Core, issue the following command from an elevated command prompt:

OS:> dism /online /disable-feature /featurename:ServerCore-FullServer

Conversely, to switch from Server Core to the Server with a GUI installation, issue the following command from an elevated command prompt:

OS:> dism /online /enable-feature /featurename:ServerCore-FullServer
/featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt

The installation option switching process may take several minutes, after which you will need to reboot:

OS:>shutdown –r -f

Conclusion

Today we performed a quick overview of the Windows Server 8 Beta installation process. Were you impressed with the speed and intuitive nature of the installation? Yes, it is true that we Windows systems administrators have a learning curve ahead of us, not only in terms of navigating Windows Server 8 UI, but also with respect to managing fleets of Windows 8 desktop systems. However, we became IT professionals in the first place because we love learning, growth, and change, correct?

• How to install Windows To Go (0)
• Windows To Go introduction (0)
• Windows 8 new features – The complete list (0)
• Windows 8 Hyper-V (0)
• Windows 8 Metro – Disable in Windows Server 2012? (0)

Here is the situation: you are the systems administrator of a mixed Windows/Mac OS X network environment. Your administrative laptop runs Windows 7, and you realize that you need to establish a remote connection to one of your Mac OS X Server computers to tweak a setting. What do you do?

The good news is that Mac OS X (both the server and desktop varieties) include built-in File Transfer Protocol (FTP), Secure Shell (SSH), and Virtual Network Computing (VNC) servers. Thus, we have immediate, “out of the box” remote connectivity to our Mac boxes.

Enable VNC and SSH in Mac OS X

On your Mac OS X computer, open the Sharing System Preferences pane. To turn on the SSH server, enable Remote Login. The status area at right helpfully informs us of our SSH connection string. In the screenshot below, “uwarnti” refers to the currently logged on Mac user, and the IP address is, well, the IP address.

Enabling inbound SSH connections in Mac OS X

To enable the VNC server, select Remote Management and then press Computer Settings….A drop-down pane appears in which we can select VNC viewers may control screen with password. Supply a strong password and click OK to complete the configuration.

Enabling incoming VNC connections in Mac OS X

That’s all there is to it!

NOTE: VNC uses TCP port 5900 and SSH uses TCP port 22 by default. You may need to take this information into account when firewalls and Internet connections are involved.

Remote Terminal with SSH

We can use a Secure Shell (SSH) client in Windows to establish a secure remote Terminal connection to our target Mac OS X computer. Unfortunately, Microsoft has never (repeat: never) included built-in support for this vendor-neutral, open-source protocol in its operating systems. Thus, we will have to download an SSH client.

I would suggest that you try either OpenSSH or PuTTY. Both are easy to use, and accomplish the same goal.

NOTE: Technically, we could use the built-in Telnet client in Windows to establish to the Mac OS X Telnet server, but as we both know, this protocol is hideously unsecure.

The following image shows a PuTTY-based SSH connection to a remote Mac OS X computer. In the screen output you see (a) the connection and authentication process; (b) a run of pwd to test that we are in fact connected to a Mac; and (c) authentication as the root superuser.

Remote Mac OS X Terminal session from Windows

Of course, once we have authenticated to the Mac, we can issue shell commands as if we had a local Terminal session open on the computer.

Remote Desktop with VNC

If we want to establish a remote desktop session to a Mac OS X computer, the VNC protocol is probably our best option. Several quality VNC clients for Windows are available:

• TightVNC
• RealVNC
• UltraVNC

I myself use TightVNC because of its robust support for add-ons. The following screenshot shows a VNC session between a Windows XP workstation and a Mac OS X Lion computer:

Remote Mac OS X desktop session from Windows

Conclusion

Today we learned a couple solid, reliable mechanisms for establishing a remote administration connection to a Mac OS X computer. I hope that you found this article useful. Please feel free to leave your comments and questions in the comments portion of this post.

Also read: Mac-to-Windows Remote Desktop (RDP) and remote command connection

• Raffle: SolarWinds DameWare NT Utilities – Remote administration tools (3)
• How to administer Active Directory from your iPhone or iPad (1)
• Mac-to-Windows Remote Desktop (RDP) and remote command connection (5)
• FREE: PAExec – Run programs on remote Windows servers (0)
• Query free disk space details of remote computers using PowerShell (3)

Here is the scenario: you are the systems administrator of a mixed Windows/Mac OS X network environment. Your administrative laptop runs Mac OS X 10.7 Lion, and you realize that you need to establish a remote connection to one of your Windows Server 2008 computers to tweak a setting. What do you do?

In this blog post I will share with you reliable methods for establishing both remote desktop and remote command-prompt sessions to a target a Windows computers.

Windows back-end setup

In this tutorial we will use the vendor-neutral Secure Shell (SSH) protocol to establish command-line-based remote access from Mac to Windows. We will also leverage Microsoft’s own Remote Desktop Protocol (RDP) to obtain a Windows desktop session from the Mac.

As you probably already know, we can enable Remote Desktop Connection in Windows Server 2008 by opening the System Control Panel item, navigating to the Remote tab, and selecting one of the two options for enabling remote connections. The System Properties dialog box is shown in the following screenshot:

Enabling RDP remote connections in Windows Server 2008

Please see the Microsoft documentation if you want more background on Network Level Authentication.

Microsoft includes no built-in support for SSH, unfortunately. At any rate, we have some choices in the matter for free SSH server/client packages for Windows:

• FreeSSHd (easy to configure)
• OpenSSH for Windows (quite tricky to configure)

In this exercise I downloaded and installed FreeSSHd. One point of confusion: after installation you might want to double-click the FreeSSHd desktop icon to open the administration panel. This does NOTHING. Instead, right-click the FreeSSHd system tray icon and select Settings… from the shortcut menu. This is shown in the following screenshot.

Administering the FreeSSHd server

After you’ve installed FreeSSHd and ensured that the service is running in the Windows Service Control Manager, our next (and final) configuration task is to create an SSH user. The User properties dialog box is shown in the next figure. In this example, we are enabling the 4Sysopslab domain administrator account to connect to the server by using SSH. Note that FreeSSHd includes secure FTP and Tunneling options as well.

Creating an SSH user

NOTE: By default, SSH operates on TCP port 22, and RDP operates on TCP port 3389. Keep this in mind when you are configuring firewall exceptions.

Command-Line Remote Access

If we need to open a Windows Server 2008 or Windows 7 command prompt from a Mac OS X computer, we don’t need to worry about WinRM or all that jazz. Remember that Mac OS X includes native support for SSH. Thus, we can simply fire up a Terminal session and type our SSH command string.

For instance, to connect to a Windows SSH server at 192.168.1.108 as a user named administrator, we can send the following command:

MAC>ssh administrator@192.168.1.108

Once we accept the Windows host’s private key and authenticate, we are in business. This process is shown in the following screen shot:

A Windows command prompt from a Mac OS X computer

Remote Desktop Access

As far as I am personally concerned, Microsoft’s Remote Desktop Protocol (RDP) is more secure, efficient, and robust than the Remote Frame Buffer (RFB) protocol that is used with Virtual Network Computing (VNC) technology. The good news here is that Microsoft actually makes their Remote Desktop Connection client available for the Mac:

• Download the Microsoft Remote Desktop Connection Client for Mac 2.1.1

Once you have the software installed, click RDC > Preferences to set preferences, and thereafter use RDC exactly as you would use the Windows version.

Remote Desktop Connection for the Mac

Remote Windows Server 2008 session from Mac OS X

Conclusion

Today we learned a couple of different methods for establishing a remote administration session with a Windows-based computer from Mac OS X. I hope that you found this article useful. Hey, while we are on the subject of Mac/Windows integration, what “pain points” do you have in your environment? I am more than happy to write on particular subjects, specific issues you are experiencing, etc. Just leave a note in the comments portion of this post; I am happy to help!

Also read: Windows-to-Mac remote management with VNC and SSH

• How to administer Active Directory from your iPhone or iPad (1)
• Windows-to-Mac remote management with VNC and SSH (1)
• Speed up slow Windows file sharing in Mac OS X (1)
• How to share a folder in Mac OS X for Windows users (2)
• Troubleshooting the “Network accounts are unavailable” error in Mac OS X Lion (3)

As expected, there is lots of buzz about Windows 8. Not surprisingly, many are complaining about the huge changes in the user interface. Considering the large user base of Windows, there are always some people who don’t like the changes and some who do like them. The ones who don’t are usually louder.

Windows 8 Lock Screen

Before reading the reviews and making up your mind, I recommend testing Windows 8 yourself. If you have problems in finding your way, don’t condemn Windows 8 prematurely. It usually takes some time until one gets used to a new user interface, especially if you have been working with a system for so many years. Suddenly many of your practiced habits and shortcuts no longer work. Of course, the first reaction is to wonder why all those changes were necessary. Is it just because Microsoft wants to appear as an innovative company, making changes just for the sake of changing things? And is it really necessary to completely change a successful operating system because of a handful of iPad sales?

I feel you should suppress your anger and seriously give the new user interface a chance. Once you are sure that you really know all about Windows 8, you can then proudly tell the world that you downgraded again to Windows XP.

The purpose of this post is to help you a little with your first steps in the first 8 minutes or so. The list of tips here is by no means complete. In my experience, it takes weeks, sometimes months, of daily work with an operating system (and the willingness to learn) to appreciate a new OS user interface.

Testing Windows 8

The best way to test Windows 8 is on a dedicated machine and, if possible, on a tablet. But if this testing gear is not available, you can try Windows 8 with virtualization software. For this post, I assume that you are trying Windows 8 with an old-fashioned mouse and a keyboard in a VirtualBox VM.

Windows 8 works with Windows Server 2008 R2 Hyper-V, VMware Workstation 8.0, or Oracle VirtualBox 4.1.2 (or greater). VirtualBox is free and very easy to use. Thus, if you don’t already work with one of the other two virtualization products, I suggest you follow Tim Warner’s guide for how to install Windows 8 on VirtualBox. The guide was written for the Developer Preview, but it is still correct.

I’d just like to add that you should select the Intel PRO/1000 MT Desktop (82540EM) network interface instead of the default PCNet nic. When I tested the Consumer Preview on VirtualBox 4.1.7, Windows 8 wasn’t able to install the driver for the virtual PCNet interface. You can find the corresponding settings under the Advanced tab of the virtual machine’s network settings.

Windows 8 VirtualBox network interface

Log on to Windows 8

After Windows 8 boots up for the first time, you will see this beautiful tree with no hint on how to proceed. You just have to hit the space bar and the logon screen will appear. After you log in with the password you configured during the installation procedure, the new Metro start screen appears. This is the point where you will wonder if you accidentally installed Windows Phone. To assure you that you are really working with Windows 8, I suggest you immediately switch to Windows Desktop mode by clicking the “Desktop tile” in the lower left corner.

Windows 8 Logon screen

You can also use the key combination WIN+D or hover the mouse over the upper left or lower left corner of the desktop. To switch back to Metro mode, you just have to hit the WIN key. The strange thing is that you can now switch back and forth between Desktop mode and Metro mode by only hitting the WIN key (without D). If you do this right after you logged in, you will open the so-called Charms Bar. Is this a bug or perhaps a VirtualBox issue?

Windows 8 Metro mode | Windows 8 Desktop mode

Windows 8 Start button

Anyway, since I already mentioned the Charms Bar, you can always open it with WIN+C or by hovering the mouse over the lower right desktop corner. The Charms Bar contains the Search, Share, Start, Devices, and Settings charms. As you can see, all rumors that Windows 8 no longer features a Start button were hopelessly exaggerated. Click the Start charm, et voilà, you are at the Metro start screen which is the new Start menu.

Windows 8 Start Menu

You see, this is one of the things you have to figure out first before you start whining about missing features. There is even the old Start Search field that allows you to find applications quickly. If you ask me, Start Search was the only thing that was helpful in the old Windows Start menu. You don’t want to tell me that you really started applications by clicking your way through the Programs menu, do you?

So what is the first Windows 8 application you want to start? Notepad, of course! Just start typing “n…”. Ah, you see, not so difficult, right? And you know what? Notepad didn’t change at all. This is good news, isn’t it? Yeah, now we all feel at home again.

By the way, you don’t even need to switch to the Metro Start screen to invoke Start Search. You can just start typing when you are in Metro mode. Note that this doesn’t work in Desktop mode. However, the key combination WIN+R still allows you to run programs in Desktop mode and Metro mode.

8 useful Windows 8 shortcuts

Windows 8 offers myriad keyboard shortcuts, and you probably will know many of them from Windows 7. I noticed that keyboard shortcuts are quite popular in Windows 8 beginner’s guides. The reason is that Windows 8 was partly designed for touch. But if your old LCD screen is somewhat insensitive to your patting approaches, you are often faster with a keyboard shortcut than with the mouse.

Below are the shortcuts you might need during your first 8-minute tour of Windows 8. I already mentioned some of them above, but rehearsal is everything when it comes to learning how to deal with a new user interface.

WIN: Switch between Metro and Desktop mode

WIN+M: Show Desktop (minimize all windows in Desktop mode)

WIN+C: Show Charms Bar

WIN+R: Run programs

WIN+E: Start Windows Explorer

WIN+F: Search file

Alt+Tab: Switch between Metro apps and desktop apps

Alt+F4: Close an app

Shut down Windows 8

The last combination (Alt+F4) might be the most important one in your first 8 minutes with Windows 8. After you start your first Metro app, you will most certainly wonder how to get rid of it because Metro apps have no close button. You can also close a Metro app by dragging the app from the top of the screen to the bottom (see Jack’s comment).  Again, reports that you can’t shut down Metro apps were exaggerated.

I also read that Windows 8 can’t be shut down. Don’t think that Microsoft steals every so-called innovation from Apple. They just hid the shutdown button to prevent you from stopping to use of Windows 8. You are lucky that you are reading a Windows 8 guide from a PC veteran with 30 years of experience. So I know the fastest way to shut down a PC: Press Ctrl+Alt+Del and then click the power button. If you are testing with VirtualBox, you have to press Right-Ctrl+Del instead of Ctrl+Alt-Del.

Shut down Windows 8

The official way appears to be to open the Charms Bar (WIN+C), click “Settings,” and then click the power button. It makes sense somehow. Turning off a computer is just changing the “On” setting to “Off,” right? Well, okay, I’m just trying my best to give you a good “user experience” during your first 8 minutes with Windows 8.

• How to install Windows To Go (0)
• Windows To Go introduction (0)
• Windows 8 new features – The complete list (0)
• Windows 8 Hyper-V (0)
• Windows 8 Metro – Disable in Windows Server 2012? (0)

Disk space monitoring is an important system administration task because disk space shortage can impact system stability and application functionality.

I wrote a PowerShell script that allows you to query the disk space details of any drive connected to a remote Windows computer. Moreover, the script can get the disk space details of multiple computers in a single shot. You can also use it with other cmdlets, such as Get-QADComputer and Get-ADComputer, and pass the output of these commands to the script.

Using the parameters ValueFromPipelineByPropertyName and ValueFromPipeline, the script reads the inputs from the pipeline (output of the previous command). You can learn more details about these parameters by executing the command below in a PowerShell console.

Get-help about_functions_advanced_parameters

The -ComputerName parameter accepts a single computer name or a list of computers. The script then verifies the reachability of each computer before executing a WMI query. If the computer is not reachable, it proceeds to the next computer account.

I used the Win32_Volume WMI class to fetch the disk space details. A computer can have different drive types, such as local disks, removable disks, CD drives, or network drives. I am only interested in knowing the disk space details of local disks and removable disks, so I am tuning the command to return only the drive types 2 and 3. The PowerShell code below shows the WMI query and filtering I used in the script.

Get-WmiObject -ComputerName $Computer -Class Win32_Volume | ? {$_.DriveType -eq 2 
  -or $_.DriveType -eq 3 }

Once I get the list of drives, I go through each volume and read the total capacity and free space attributes. These attributes provide the disk information in bytes. I then divide the value by 1GB (PowerShell supports this) to convert the bytes to GBs. The Round method in the System.Math class adjusts the value to two decimals. Based on these two values, I then calculate the total percentage free space.

$Capacity = [System.Math]::Round(($Volume.Capacity/1GB),2)

$FreeSpace = [System.Math]::Round(($Volume.FreeSpace/1GB),2)

$PctFreeSpace = [System.Math]::Round(($Volume.FreeSpace/$Volume.Capacity)
 *100,2)

The next step is to format the output in a way that it can be passed to other scripts as input and can be used in filters to get the data we need. For this purpose, I am using PSObject to output the values.

$OutputObj = New-Object -TypeName PSobject

$OutputObj | Add-Member -MemberType NoteProperty -Name ComputerName 
 -Value $Computer

$OutputObj | Add-Member -MemberType NoteProperty -Name DriveName 
 -Value $Volume.Caption

$OutputObj | Add-Member -MemberType NoteProperty -Name DriveType 
 -Value $Volume.DriveType

$OutputObj | Add-Member -MemberType NoteProperty -Name "Capacity `(GB`)" 
 -Value $Capacity

$OutputObj | Add-Member -MemberType NoteProperty -Name "FreeSpace `(GB`)" 
 -Value $FreeSpace

$OutputObj | Add-Member -MemberType NoteProperty -Name "`%FreeSpace `(GB`)" 
 -Value $PctFreeSpace

$OutputObj# | Select ComputerName, DriveName, DriveType, Capacity, FreeSpace, 
 PctFreespace | ft -auto

A few tips for using the script:

• Use “Get-Help .\Get-DiskSpaceDetails.ps1” if you want to display usage information.
• Use “Get-Content c:\comps.txt | .\Get-DiskSpaceDetails.ps1” to get the disk space details of computers listed in comps.txt.
• Use the “-Verbose” switch if the output is not displayed for a computer.
• Use “Get-DiskSpaceDetails.ps1 -ComputerName Comp1, Comp2, Comp3” if you want to pass the computer names as parameters.
• Execute the script without any parameters (.\Get-DiskSpaceDetails.ps1) to return the disk space details of the local computer.
• Use “Get-DiskspaceDetails.ps1 -ComputerName Comp1 | ? {$_.”`%FreeSpace `(GB`)” -lt 5}” if you want to get a list of drives that have less than 5% free space.

You can download the script here. Feel free to adjust it to your liking.

• Raffle: SolarWinds DameWare NT Utilities – Remote administration tools (3)
• Windows-to-Mac remote management with VNC and SSH (1)
• FREE: PAExec – Run programs on remote Windows servers (0)
• Change the local administrator password on multiple computers with PowerShell (4)
• Query and kill a process on a remote computer using PowerShell and WMI (0)