cisco.waas.kvm.hypervisor.revealed.100708.txt

Disregard XenSource as the hypervisor (only looking at OUI gets you nowhere).. (updated)

Apparently OUI has little relevance.. 00:16:3E is used by KVM/QEMU as well.

Figure 14-3 on the following documentation page: http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v411/configuration/guide/virtual.html#wp1052098
Screenshots show a virtual interface with the MAC of: 00:16:3E:54:B6:23
and with a quick OUI lookup at:
http://www.wireshark.org/tools/oui-lookup.html

we'll see that 00:16:3E is: Xensource, Inc. (irrelavent, sorry)

- quick note on this.. what is the point of having a standard if everyone is going to canabilize it! I can understand MAC spoofing from a hackers point of view, but just disregarding it from a vendor level makes it even worse.. I was upset when I couldn't copy the existing MAC from a physical NIC to one under VMware, but I understood their point (and rightly so, they did put a switch to allow an override via the .vmx config)

Other notable points:

- virtio is a selectible disk emulation type, used by KVM.
- KVM uses .img file formats and that is discussed as the backup option (file.img)
- kvm.tar.gz exists in WAAS41.bin (not going any further than that)

retrospect time..

- Cisco works with Microsoft to be one of the first vendors to be certified on the new SVVP program.. people shake there heads and say what??

- Cisco announces a new virtual switch designed to run under the new VMware ESX platform based on the Nexus product line running a Linux kernel.

- Cisco releases a new WAAS product with 4.1 allowing for virtual-blades utilizing the open-source KVM hypervisor. (PV drivers yet to be determined.)

So, I would say this is a very smart move for Cisco in the virtualization space.. they have no allegiance to anyone and are able to capitalize from everyone! Great job!

citrix.pvs.large.ad.slow.console.hotfix.092908.txt

quick note - http://support.citrix.com/article/CTX118566

this hotfix along with it's rudimentary installation method of manually stopping a service and then copying in files and restarting a service does work to dramatically increase the speed of the management console when working with any size PVS farm with a large AD environment.

if you are looking to deploy PVS 5.0 and/or demo some of the features and it is looking rough with the response times to change device properties this patch is for you! the bad thing is that it doesn't show up in a small demo vm lab since you usually don't have a large AD environment to deal with, then you go and rebuild in production and everything slows to a crawl.

I'm just curious how many PVS hotfixes will have to be deployed like this.. I think there are a few application packagers out there under GPL.. you know, Citrix being an "Application Delivery" company any all...

silly.vendors.ft.is.for.everyone.092408.txt

From Mike D's blog entry: Time for Some Real Names Stratus

It is only advantageous to the end user for you guys to duke it out in order to weed out the marketing fluff.. not sure you should "ban" a user from posting comments because he may have lied about his site being down. He did say "my site" and not necessarily that of the company that his ARIN ip lookup shows. I think people have many facets, and the fact that a Stratus employee is running VMware and updating it to the latest code should be a good sign.
I was affected by the time bomb bug as well, and I do feel VMware should have had a bigger hit.. it was a grave mistake and you guys got off pretty easily. Congrats, when yahoo or blackberry has an outage, people start getting skeptical.. just remember it was your loyal customers that wanted to make sure your product looked good that kept you afloat during this.
As for FT, everyone is on this bandwagon.. I don't care so much for the super-high Stratus tax and the fact the even the $40k servers run 80gb SATA drives, or that Marathon has teamed up with Xen only, or that you guys haven't released the product and that it will only support 1 core. The bottom line is that it is a race, and there is going to be pushing and shoving... All I can say is supply your engineers plenty of energy drinks, and may the best vendor reach the market first with a FT product that is semi-affordable for the masses.

Until then, we will continue to rely on the software manufacturers to develop active-passive and active-active configurations.. oh wait! That is what they should be doing and you shouldn't even be worried about FT anyway! Unfortunately that will never happen.. so you guys are still in luck.

thinlaunch.quick.take.092008.txt

after reading Michael Keen's post at: http://www.brianmadden.com/blog/MichaelKeen/Have-you-heard-of-ThinLaunch I headed over to http://www.thinlaunch.com/ for the eval since repurposing existing winxp clients is something I am interested in..

first thing is that it requires .net 2.0 framework.. this shouldn't be an issue but just another hurdle and for whatever reason I don't have snapshot for my winxp sp2 vm with .net 2.0 already installed.. atleast not on this laptop.

quick install and at the end it asks you for what executable you want to run at startup.. browse and select something.

now for the guts.. it's is scary!!

it creates a local user that is a member of Local Users AND Administrators called:
ThinDesktopUser with a password of: test!123abc!!@#

then proceeds to modify the registry to autologin and run C:\Program Files\Thin Desktop\ThinDesktop.exe /s, via the UserInit key.

ThinDesktop.exe then reads: HKLM\SOFTWARE\ThinLaunch\Thin Desktop\LaunchCommand (which has the full path to the exe you defined earlier)

so... my quick and dirty lockdown that is going to set me back $20-26 per workstation has created a local admin account with a standard password and is still running explorer.exe as the shell..

good news is there is an alternative and Microsoft was so kind to provide it for free.. regedit.exe

simply browse to: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and change the Shell key to the full path of the executable of your VDI client, XenApp full client or better yet, frontend a web-portal with Public Web Browser from TeamSoftware Solutions

PWB will set you back $125 per year for a site license so you'll need atleast 5 clients to repurpose to realize your ROI versus ThinLaunch. This is only if you want to do the web portal, setting the Shell key to any other .exe is free and requires a keyboard, but PWB does give you alot of other neat features.

The above solution works as a local or domain USER not admin, and won't expose you to the vulnerabilities that appear very obvious with ThinLaunch.

Sorry, throwing together a quick .NET 2.0 app that modifies the registry and perform a ShellExec API command (possibly more, don't want to understate it) isn't worth $26 per client when there is alot of hard work and engineering that goes into many other client licensed products around that price range such as appvirt, antivirus, device control, and full disk encryption.

kayo.fs.aka.crippled.melio.fs.091808.txt

(enter rant mode - you've been warned)

- bear in mind I am looking at using one of the Sanbolic products for a HA solution, but with all of the potential announcements with vmworld and the new release of Sanbolic Kayo FS, I have to stop and wonder where it is all going..

Kayo FS is priced at $299/physical server designed to run on a Windows 2008 Hyper-V machine to give VMware ESX and Citrix XenServer a run for their money. After all, after 20 some odd years of existance our operating system vendor of choice has never made a true multi-host aware filesystem.. nothing new here, I think they just now gained the concept of a multi-user system. meanwhile the *nix world has their clustered filesystems and have pretty much commoditized them.

enter Sanbolic, filling the niche and making their money.. if you thought VMware ESX was expensive, wait until you see the pricing to patch up NTFS.. I'm wondering if it wouldn't be cheaper to pay premier support to MS and have them rewrite NTFS.. I seem to recall that you could pay a onetime fee for them to program the DST changes for unsupported OSes... maybe they'll do the same for Windows 2008 since they just launched it..

my problem is that I'm not sure how long Microsoft will let them continue.. and at $299/server I wouldn't mind Kayo.. but I want to run it under vmware esx for Citrix Provisioning Server and that is a no no.. the setup.exe pops up a dialog and immediately tells you that is unsupported uner a virtual machine and exits. after quite a few right clicks, double-clicks and drag and drops, kayo_fs looks to have the capability to run under vmware, there is just a nice DetectVirtualMachines.dll that is being called.. that and the combination of HKLM registry keys with per_process keys of vmware.exe, vmserverdWin32.exe, vmserverdWin32.exe set to report_ntfs..

I would come to the assumption that this is clearly a crippled version of melio_fs that is set not to run under any virtualization platform and only to make Hyper-V look good until MS can enhance NTFS.

(end rant mode)

UPDATE - after speaking with Sanbolic, I felt bad and removed the post since it was after a long day of work and school, but after re-reading it, I don't feel there is anything geniunely wrong with my first assumption. I will most likely be utilizing Melio FS Enterprise (since standard isn't supported under ESX).. but it all works out and will only end up being a $30-35/per wks cost.. a few tests next week will help determine this figure.

cisco.virtual.office.redesign.time.091708.txt

- time to stop ordering the cisco 871w and move to the 881w

- consolildate the current rollout of the 871 with an LWAPP and inmotion or junxion box with one device.

looks like the 3G option will be later as there in no sku currently at:
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_459542.html
but instead of using the proprietary wic modules it will be based off of standard express cards. this will be nice since they are easily to replace/upgrade.

thoughts on this would be that the end user would carry the 3g sprint/verizon/at&t card with them (using a pcmcia to express card tray) then unplug the device and place it in their 881w when the are at home "docked" not sure how well the ios will handle hot-insertion and removal of the express card if that is the primary link.. seems doable.

the managed built-in lwapp will be perfect to replace the extra ap that we are currently using.
bumping up to (8) vlans will be great since 4 really never existed since you couldn't get rid of vlan 1.

IP SLA is great and works wonderfully with the voip monitor for IPSwitch Whatsup Gold.
There are plently of other really good products that can read the SLA stats now as well but for straight-forward MOS scoring and the detailed history charts it will accomplish what you need to troubleshoot and trend problems with slow and flaky dsl and cable circuits.

Quick cost run down (street range).. not considering msrp or the typical 35-42% off:

CISCO881W-GN-A-K9 $700 - everything in a box (be nice if they already had express card slots)
800-IL-PM-2 $110 - 2 port PoE module if you have a VoIP phone or IP camera
SL-880-AIS $100 - need this for advanced ip - eigrp and dmvpn back to the 28xx/38xx headends.

So, we are still under $1000 for a fully functional box at a remote site and then I can pull back the lwapp AP and reuse at fiber connected sites so this it an internal discount of $450 per site!

I guess I wil find out tomorrow whether the distribution warehouses have these in stock or not.

The content filtering option is pretty nice and could be used for public lab use - looks like they have a 30-day trial sku but the 1yr is right around $100 so this would be good for split-tunnel use as well.. no reason to backhaul their internet traffic if the policy could atleast be applied at the edge.

datacenter.cisco.vmware.091408.txt

in reference to the link between cisco/microsoft server virtualization validation and upcoming announcements, it clearly look like cisco wants to work with vmware in the datacenter environment and have the full support from microsoft.

this whitepaper @ cisco.com contains more acronyms than you can shake a stick at, but clearly paints the picture of what their vision is in a microsoft shop running exchange 2007. now after reading that article, I would boil it down, to wow, that is alot of infrastructure for email! why not just get a gmail account :)

putting everything together, the following paragraph from that whitepaper sums up why they went for the SVVP:

Solutions built using VMware HA and VMware DRS combined with EMC and Cisco technologies provide out-of-the-box high availability for the entire Exchange environment without requiring any Microsoft or other third-party clustering software. A critical weakness in most clustered Exchange architectures is their coverage of mailbox servers only, leaving critical supporting server roles (DNS, domain controllers, Exchange Hub, CAS servers, etc.) vulnerable to outages due to hardware failure. Cisco provided the necessary redundancy through the Cisco Nexus® 1000v.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/emcinfra_wp_master.html

since the nx-os is based on linux it makes good sense for this to plug into the vmware environment.

so now you'll have a good reason virtualize all of your critical infrastructure servers (microsoft or not) and feel comfortable that your in good hands.. combine that with the vn-link services that appear to be a service offering from a combination vmware and cisco certified team and you can figure out how to migrate to a completely virtualized datacenter running exchange 2007.

the combination appears to be very powerful.. only next week will tell us if we have to wait for vmware esx 4.0 for this to happen!

this document also gives insight to the ironport purchase and how that fits in.. hopefully that will become a vmware virtual appliance in the near future as well. otherwise it's just another point of failure that would down this really nice virtual exchange infrastructure they just designed.. that and it runs on linux with oem dell hardware so it can't be that hard to build an OVF from..

there has already been some talk of the WAAS having it's own hypervisor and being able to run Windows "blades" so it will be interesting to see how that fits in.. maybe the WAAS itself should just be virtual under vmware..

ASA code can already be virtualized so it shouldn't be too much longer before that should become a VM.. maybe then I would get rid of ISA server.. until then I'll settle for both.