November 2009 - Posts
The week Windows 7 released Microsoft was slated to sponsor a portion of the Fox TV animated(and rather colourful) show Family Guy. At the last minute they pulled the plug because someone realized that the show did not quite … well frankly it is crude and tasteless. Nonetheless the original clip has made it to YouTube, and here it is!
http://www.youtube.com/user/WindowsVideos
Of course although the sentence is true, I still think my Launch Party video (put together by Sean ‘Energized Funny Guy’ Kearney) is still a better video!
I can hardly believe it has been nearly a year since I sat down to speak with Stephen Ibaraki. Stephen is a very well respected professional, a past-president of the Canadian Information Processing Society (CIPS), Advisor to Chair of Culminis (now GITCA), and a 44-year-veteran of the technology field. Aside from all of that I am proud to call him a friend.
With all of that when Stephen asked me to sit down with him and talk about the industry I gladly got out of bed early in the morning last December to account for the time zones, and spent a good deal of time talking with him. Here is the transcript and podcast:
http://stephenibaraki.com/interviews_general/v19/mitch_garvis_podcast_nb.html
There are two schools of thought when it comes to physical memory over-commitment between virtual machines.
The first school of thought is that it is a great way for virtual machines to leverage more memory than the host server actually has. the memory resources available to the Guest OS machines exceed the available resources of the host. So:
| Host Server | 64 GB RAM |
| 10x VMs | 2GB Reservation, 8GB Limit |
| Memory reserved for powered-on VMs: | 16GB RAM |
| Memory available to each guest OS: | 80GB RAM |
Obviously our virtual machines cannot access what is not there, but most machines do not use all available resources at any given time; so each VM has 2GB permanently (as long as they are powered-on), and there are 44GB left for the VMs to ‘share’. This is called resource over-commitment, and is enabled by what VMware calls their balloon driver which, I must admit, is pretty cool. Because our guest operating systems would crash if the actual available memory constantly changed, a swap file is created on the data store that is equal to the total available memory minus the memory reservation, and when the VM does not have the physical memory available the swap file stands in its place for all or any part of the memory requirements.
(I should mention that I have severely oversimplified this scenario for the sake of simplicity. I am not including factors such as host resource requirements, priorities, and more; they are irrelevant to the point of the article.)
The second school of thought is that memory over-commitment (which obviously implies physical memory being shared or ‘traded’ between virtual machines) is a great and blaring security hole. For this reason Microsoft’s Hyper-V (including the original and the 2008 R2) do not support over-commitment. So:
| Host Server | 64 GB RAM |
| 10x VMs | Maximum 6.4 GB RAM each |
In Hyper-V all allocated memory is protected from the others by virtual buses.
In VMware many workloads present opportunities for sharing memory across virtual machines. For example, several virtual machines may be running instances of the same guest OS, have the same applications or components loaded, or contain common data.
According to one Microsoft virtualization security expert, Microsoft’s position is that by sharing resources there is a potential that hackers could inject code into a driver or common application that would be used by multiple VMs, thus passing the malicious code from the [initially infected] virtual machine into others.
The expert goes on to say that this is all theoretical to this point, because to date there have been no known instances of hackers exploiting this hole in the wild.
The next layer to this issue is that there are applications that allow you to patch VMware guest machines ‘on the fly’ in memory. In other words a hacker who breaches the initial security now has a tool to inject malicious code into running VMs.
I have always said that the level of security of any system should take into account all reasonable threats, with a strong consideration for what the security system is protecting. In other words while both need a firewall, the solution I implement for my mother’s laptop will look nothing like the solution I implement for an enterprise client with sensitive data.
I think that both Microsoft’s Hyper-V and VMware’s Virtual Infrastructure are excellent virtualization solutions. While you can’t beat the price of Hyper-V, I would never tell a client that they should not implement an ESX 4.0 Server because of a hypothetical potential security flaw inherent in over-committing resources.
I will continue to keep my eyes open for this exploit. Ralph Waldo Emerson said that ‘if you build a better mousetrap the world will beat a path to your door*;’ I do not believe that, and if one were to look at IT security as a baseline the phrase would be ‘Build a better mouse trap, and the world will make a better mouse.’ One of the unfortunate results of improvements in systems security over the years has been how much smarter hackers have become, and I suspect it is only a matter of time before this vulnerability is exploited.
ADDITION
Although memory over-commitment is a great way of maximizing and even extending past your actual available resources, it should be mentioned that even VMware does not recommend that it be used in a production environment. According to a document on their website entitled ‘Performance Tuning Best Practices for ESX Server 3’ (I have not been able to find a similar document for ESX Server 4, but this technology is similar):
Avoid frequent memory reclamation. Make sure the host has more physical memory than the total amount of memory that will be used by ESX plus the sum of the working set sizes that will be used by all the virtual machines running at any one time. (Note: ESX does, however, allow some memory overcommitment without impacting performance by using the memory management mechanisms described in “Resource Management Best Practices” on page 12 [of this document].
One colleague of mine, an employee of Microsoft, concedes that resource overcommitment is a great tool for a test/dev environment, but is adamant that he would not use it in production. I would not disagree with this. However like so many questions in our field the real answer is what I refer to as the Universal Consultants Answer (UCA): It depends.
-
*This phrase is apparently a misquote; the true quote is ‘If a man has good corn or wood, or boards, or pigs, to sell, or can make better chairs or knives, crucibles or church organs, than anybody else, you will find a broad hard-beaten path to his house, though it be in the woods’
I have seen a lot of contests recently… some promise cash, others cool prizes. This contest will actually help you to grow your business!
Microsoft Canada has a great contest for IT professionals and implementers. Do you have a story about how Windows 7 is helping you to expand your customer base? Have you developed an innovative Windows 7 application? How about a great customer deployment story? Tell Microsoft about it and you can win… big!
The Wild for Windows 7 contest winner will receive Seven Thousand Dollars (CDN$7,000) in professional marketing services from one of Microsoft’s most trusted marketing agencies. This could include anything from direct marketing campaigns to event planning.
You have to enter by December 11, 2009 so make sure you visit the site (http://www.microsoft.com/canada/partner/windows-7-partner-contest/default.aspx?lang=en-CA&wt.mc_id=can_win7-partnercontest-en_bulletin_sbsc) and sign up. Tell your friends about it too… and don’t forget to let me know that you entered! :)
On October 28 I was invited to present a STEP (Springboard Technical Experts Panel) Event for the Sarnia Computer Users Group in Sarnia, Ontario. Steve Syfuhs and I drove out there and had a great time, even though we were in for a surprise! I have to say that this group of retired hobbyists were every bit as knowledgeable, enthusiastic, and interested as many professional groups I have spoken to! Check out their site to see some of the pictures… http://scug.ca/michgarvis1028.html
When Microsoft announced that rather than throwing large launch events in select cities they would enable Influencers to throw ‘House Parties’ there was a lot of ridicule; many said it wouldn’t work, others poked fun and even shot mocumentaries about them. Cameron McKay and I set out to prove that not only COULD they work, but we wanted to set the bar for what one of these parties should look like.
Some of our colleagues across the country (and around the globe) invited people into their homes; others leveraged their pull with local businesses (including Microsoft offices) to make the event look a lot like a user group meeting. We wanted to do something different.
We reserved Artisano’s Bakery Cafe in Oakville; they would cater hors d’oeuvres and deserts and we supplied drink tickets to everyone. At 4pm we starting setting up… five machines in all running Windows 7, a VERY powerful hi-def wide screen projector, a few KVM switch boxes, and a really powerful set of desktop speakers with sub-woofer. Thankfully the duct tape kept the wires down, and nobody got hurt!
We had five computers set up and running… two relatively new ones (my production laptop and my netbook – these would be for demos and PowerPoint respectively), a two year old laptop for people to play with, as well as what we called the Clunker Corner… machines that were previously thought to be ready for the junk heap, but that Windows 7 runs nicely on! One of those machines acted as the sound system, the other was another demo box for people to try out… and they did, in droves!
In total we had 52 guests show up. Most were local to the west end of the GTA but we also had a few people take the train from downtown, Scarborough, and Oshawa; we even had a couple of out-of-towners – from Montreal and Chicago!
The kit that Microsoft supplied included a jigsaw puzzle; As I set up the computers my beautiful wife Theresa put the puzzle together, and I had an idea; why not use the puzzle as a fundraiser? We sold pieces of the puzzle; for $2 each people could choose their piece and write their name on the back; the pieces then went into a wicker basket (borrowed from the restaurant). Not only did the puzzle pieces sell out, but one very generous attendee asked for 50 pieces. Rather than giving him the individual pieces I thanked him for his generosity and gave him two of our 15 prize bags. All in all we raised $250 for the Meadow Green Academy Gymnasium Fund! For the winners we handed out prize bags containing Windows 7 Ultimate (NFR) licenses, pens, stickers, and more.
People started coming in at 6:30 but we kicked off the formal presentation at 7:15. For the next hour Cam and I demonstrated many of the cool new features of Windows 7, ranging from the GUI and Aero Peek, new Windows key combinations, and more, BitLocker to Go, Location-aware devices, security (including the much improved UAC!), Windows XP Mode, and much more. As the saying goes, a good time was had by all.
After the official presentation someone asked if it was really an easier and faster install than Windows Vista and XP; I could have explained to him that it was but I decided to show him instead, popping my USB Deployment Stick into the 2-year-old laptop and redeploying Windows 7, Microsoft Security Essentials, and Microsoft Office 2007 from scratch in about 20 minutes. Everyone was amazed!
In the ‘Fireplace Corner’ we set up a video camera so that our team (Steve Syfuhs and Sean Kearney) could interview the attendees about the party, Windows 7, and asked them about what they hoped to see in Windows 7 (or what their experience was already) and what they were excited about; a few of the popular answers to that were XP Mode and BitLocker to Go, along with the faster interface and GUI functionality.
In case you missed it – or if you would like to reminisce about the great evening, our camera team had the video cameras rolling the whole evening. Sean ‘Friday Funny’ Kearney took all of that footage and did an incredible job compiling the event video, which you can see here!
I would like to take a moment to thank all of the people who made this event happen: First and foremost my beautiful wife Theresa, without whom I am not allowed to do anything! Despite being seven months pregnant she helped with the set-up, brought our son down for dinner, then took him to Tae Kwon Do and then back, where my boy was amazed that his dad really is a public speaker (every time I had tried to help him with that aspect of schoolwork he refused… I suspect that might change now!). My partner in crime, Cameron McKay, who joined in making it an incredible evening, and also picked up half of the bill (don’t forget that we paid for the food and drinks out of our own pockets!). Sean Kearney and Steve Syfuhs not only helped with setting up and breaking down, but also were our cameramen and videographers throughout the evening. Additionally Sean went above and beyond by taking the video footage and creating the incredible video you see here! Also I have to thank Sue and the crew at Artisano’s who not only make a mean pizza (PEPERONI!!) but went out of their way to make everything just right for the night. From Microsoft (and Microsoft Canada!) I want to thank Stephen Rose (STEP… absolute genius!) and the whole STEP program, Mark R. who showed me a few W7 tricks early on, Rob Gellar who contributed some of the prizes, Simran Chaudhry and the MVP Crew (LJUPCO!!), the DPE guys (Rodney came but Rick and Damir helped as ‘advisors’). I am probably forgetting a bunch of people because when an event goes this well and this smoothly there are so many people behind it. THANKS TO EVERYONE WHO CAME! Without them Cam, Sean, Steve, and I would have had a lot of celery and cookies!