Lukas Beeler’s IT Blog

This weekend, my plan was to upgrade our internet connection from an aging ADSL-Line to a new ADSL2+ line from Cablecom. At the same time, i also replaced our aging, self built Linux Firewall/Reverse-Proxy/etc. with a SonicWALL NSA3500.

Up until now, we’ve been using PPTP for our VPN needs. PPTP is easy and painless to setup, but can cause several problems on customers site because it needs GRE. Many overzealous firewalls block GRE.

In the future, we are intending to use SonicWALLs Global VPN Client, that uses IPsec with it’s NAT-Traversal over UDP. Also, the SonicWALL GVC solution is able to plug directly into Active Directory for central authentication.

I intended to keep PPTP running for some time after the migration, in order to ease the transition. But as it looks now, Cablecom blocks OUTBOUND GRE packets. Mighty strange, because inbound GRE-Packets work.

Here’s how this looks in tcpdump:

10:58:13.927888 IP 77.59.216.227 > 194.88.212.200: off 0×5858 [|gre]
10:58:13.947131 IP 77.59.216.225 > 77.59.216.227: icmp 52: host 194.88.212.200 unreachable

.225 is the Cablecom CPE, and .227 is the Linux machine running the PPTP server.

I’ve already opened a support case with Cablecom, in the hope of having this issue sorted out quickly. So far, i haven’t heard back from them, even though i reported the issue almost a day ago. It’s not like we pay 180 CHF a month for 24/7 support.

Update: Cablecom was able to resolve the issue today. Apparently, it was a config issue on the router.

I’ve written a bit about ESXi before in a comparison to other free virtualization products from an SMB perspective.

I’ve seen the “big” ESX in a few places and worked a bit with it, but i decided to refresh my knowledge on VMware a bit. For this, i first had to scrounge up a machine that was able to pass the rigorous HCL from VMware.

Unfortunately i didn’t find something that was really a Small Business machine - i used a HS21 Blade from my BladeCenter S testing environment.

The HS21 blade has 4GB RAM, a 2.66 Ghz QuadCore CPU and two 500GB SATA Harddisks attached to an LSI1064 SAS Controller. Fortunately, this configuration is supported.

Installing ESXi

Similar to the installation of Windows Server 2008 or Windows Vista, the ESXi installation is extremely streamlined. All you have to do is pop the CD in, select the disk where you want to install ESXi and then let it continue. The whole setup took around 15 minutes, most of the delay owed to the extremely slow Laptop CD Drive installed in the BladeCenter S.

After installation, the Blade rebooted and you will be greeted by an extremely simplistic interface that allows you to change basics like the password of ESXi and reconfigure the management network interface and also display a few logfiles. On first startup, it also showed my a Web address where i can download the VI Client that is used to manage ESXi.

A very pleasant experience.

Installing the VI Client

After accessing the ESXi host through HTTP, i could then download the VI Client. Installation on another Blade running WS2008 was smooth. It also installed an Update Service that allows me to upgrade ESXi.

Configuring ESXi for the first time

After logging on using the VI Client to ESXi, i was greeted with a nicely detailed instructions that i would need to create a datastore. After few clicks i had a datastore created on the RAID1 that ESXi was installed.

The VI Client looks very impressive and neat. It looks like ESXi can read diagnostic information from the Blade, and can monitor RAID, Fan and other stati easily. One of the things i really like about this is that you get a standardized interface for monitoring your hardware - on Windows you usually have to use tools like IBM Director that are just one big mess to handle. Here, i didn’t have to configure anything - it just worked.

After entering licensing information, configurating a static IP Address, changing hostname and DNS information, i rebooted the blade.

Creating the first Virtual Machine

I decided to create a first virtual machine - the blade i killed for running ESXi was previously running Exchange 2007. As this is just a demonstration setup, i decided to recover the preexisting Exchange server into a VM, in order continue having a full featured demo setup.

So i created a new Virtual Machine, configured for running Windows Server 2008 x64. Now, i didn’t have WDS setup in the Demo Environment, so i had to find a way to boot the Blade from an ISO. Previously i used scp to copy the ISO to the ESX Management Partition, but that didn’t work on ESXi. Luckily, the VI Client has a “Datastore Browser” that allowed me to upload files to the vmfs3 filesystem.

After uploading the ISO, i booted from it. The installation was pretty slow, but comparisons to my Hyper-V hosts aren’t fair as those run 10kRPM 147GB SAS Disks in a RAID5 configuration instead of the slow-as-molasses 500GB 7.2kRPM SATA Disks.

After OS installation, i immediately installed the VMware tools. One reboot later, i had a working Windows Server 2008 machine.

One of the things i noticed: When running WS08 virtualized on Hyper-V with 4 virtual CPUs on a Quadcore machine, WS08 thinks i have on Quadcore. On VMware, WS08 thinks i have 4 real CPUs (Sockets). This can bite you if you want to give a WS08 Std Machine more than 4 Cores - as WS08 Std is only licensed to four sockets.

The next step obviously is restoring the Exchange server, but that doesn’t really have to do all that much with ESXi.

Conclusion

ESXi is great. One of the biggest advantages over Hyper-V is the VI Client that consolidates a lot of information that is all strewn about in Windows. For example, it has built-in performance metrics, raid status monitors, etc. You can get all the same information with a machine running Hyper-V, but you’ll have to use other tools for that (of course you can customize a MMC do include Perfmon, but it’s not exactly the same).

VMware shows that they have gained long term experience with Virtual Machines, and the VI Client clearly shows the maturity of their product.

Permission management seems much better than Hyper-V, but i didn’t find a way to use Active Directory integration. Maybe Virtual Center is required to this, or i just wasn’t able to find it in ESXi - it exists, because there are numerous references on the Web.

I’ll certainly consider using Hyper-V when i have to run non-Windows guests. For Windows guests, Hyper-V with it’s VMbus architecture seems better suited. For non-Windows guests, VMware can’t be beaten right now.

Disclaimer: I work for a Microsoft Partner. So i’m probably biased.

Virtualization has always been a topic with a lot of hype, but as of today we have a single customer that is using it (out of 150).

Why? Because virtualization is still expensive. For larger companies, it was possible to save money by using virtualization, for smaller companies that wasn’t really the case. You’ll still need to license the guest OS. You’ll still need to maintain it.

Most customers decided to just buy a Windows Small Business Server, and run all apps from that machine. Though that usually required a technician that knew what he was doing to get all the apps running together on a single machine, it saved money in licensing cost and hardware - and the most important application ran on a separate machine anyway (our ERP software on the IBM i).

With the release of Hyper-V and it’s inclusion in SBS 2008 Premium (on the second machine), Virtualization will probably get picked up even in small businesses. But is it the right way?

I’ve started gearing up my knowledge on virtualization as it will become a topic for our customers. For that, the most important other factor is VMware. VMware offers virtualization products for longer than Microsoft, and i’ve been using their Workstation product for a long time.

Microsofts Desktop product Virtual PC is lackluster at best. The performance is awful and it doesn’t offer many features. There was also Virtual Server 2005, which we’ve used internally since mid-2005 (when you still had to purchase GSX Server and we got VS2005 through the MSPP for free).

Now VMware has an offering that is free, Microsoft has an offering that is included into most Windows Server licenses and Citrix offers a very limited edition of their product for free (Max 4GB RAM, Max 4 VM).

And the big question would be - what product should a small business use today, and why?

I’ve found a few good blog posts on ESXi:

What’s the difference between free ESXi and licensed ESXi?

And on Xen:

Citrix XenServer for the ESX Engineer

And on Hyper-V:

Hyper-V for the ESX Engineer
More on Hyper-V for the ESX Engineer

On ESXi

ESXi Installable Edition Free (short: ESXi) only runs on certain certified systems. Of course you can still build a whitebox machine that runs ESXi, but that would be a rather stupid decision. Running supported hardware is important even in a small business.

ESXi doesn’t support many systems, especially our bestseller system, the IBM x3650 is not supported with ESXi installable edition. I expect the list of machines supported by ESXi to grow steadily, though.

On the other hand, ESXi supports a wide variety of guest operating systems that are supported by VMware. This is one of the main advantages VMware has over Hyper-V. However, most Small Businesses struggle with the complexity of using one operating system. They are unlikely to use multiple ones. On the other hand, VMware offers preconfigured appliances, which sounds like a good use. Important to know: Microsoft does not directly support running Windows on VMware unless you pay big for a Premium support contract.

ESXi can be managed by the VMware “VI Client”. This allows you to do all the everyday tasks of configuring and setting up virtual machines.

ESXi doesn’t have any restrictions that would prohibit production usage, but the management features are a bit limited - you can’t monitor it using SNMP, you can’t script it using the RCLI. If you want those features, you’ll have to pay.

VirtualCenter, which is VMware’s variant of System Center Virtual Machine Manager, is quite expensive. Of course, SCVMM is also quite expensive. So i doubt that either will be used in a Small Business. The disadvantage i see here over Hyper-V is the fact that it can’t be scripted or automated. While not a showstopper, it’s important to consider this.

On XEN

The free XEN version supports a maximum of 4 VMs and 4GB of RAM. With that, i think everything is said and done. These restrictions do not allow production usage. It’s more like a demo version for the full products.

On Hyper-V

Hyper-V only works on 64bit installations of Windows Server 2008 Standard, Enterprise or Datacenter. In SBS 2008 Premium, one license for Windows Server 2008 Standard is included. This allows small businesses to get started with Hyper-V. WS2008 Standard x64 supports up to 32GB RAM. If you use “just” Hyper-V on a WS2008 Standard installation, you can also install a single guest VM with WS2008 Standard without having to purchase an additional license. Be aware that it does not work this way if you run any other software like SQL Server on the Hyper-V host.

Hyper-V can run on a lot of hardware, as described in the Windows Server Catalog. It is also a lot more flexible when it comes to storage configurations, as Windows supports more disk controllers than ESXi.

Hyper-V can be automated using WMI, there is no direct PowerShell support (though you can use PowerShells WMI support).

You can deploy Hyper-V on Windows Server Core, as a dedicated VM host. Managing Hyper-V in this scenario requires a machine running Windows Server 2008 or Windows Vista with the Hyper-V management tools installed. This is the recommended deployment mode.

You can also install Hyper-V on a full Windows installation. Though not recommended, this allows you to logon to the machine using RDP and manage the VMs directly on the server using the same Hyper-V management tools.

Here is one of the biggest advantages Hyper-V has over ESXi. For example, if you setup the WS2008 Standard Server as a SQL Server, you can install Hyper-V after the fact with a simple reboot. Though this is not what Microsoft recommends, the reality is that most Small Businesses have to achieve a lot with less equipment. Running such a configuration can help fix business problems without having to reinstall a machine.

System Center Virtual Machine Manager allows you to manage Hyper-V centrally. It’s quite expensive, so i doubt many small businesses will start using it. Maybe the next version of System Center Essentials will include a subset of SCVMM functionality.

Conclusion

Hyper-V supports more hardware, and is more flexible when it comes to it’s deployment. For me, this makes Hyper-V the better choice for a Small Business than ESXi. XEN Express is absolutely unusuable in a production deployment.

Now, Enterprise admins will probably slap me for the “flexible” deployment of Hyper-V, and they are right. But for most small businesses, being able to cut corners in IT is more important than running “recommended” configurations.

I’m using Hyper-V standalone on a machine in a hosting center to run my private infrastructure (where i plan on moving this blog to), and it’s also a full Windows installation. Hyper-V runs flawlessly in such a scenario.

I also didn’t talk about Vmotion, HA, DRS and all the other fancy features that VMware has and Hyper-V doesn’t have yet - simply because they do not matter to a small business.

In our branch office in Lyss, BE i run an RODC - not because it’s needed, but a production environment is always better to gain experience than a few VMs.

As almost all data from that RODC is replicated through DFS-R, backing it up wasn’t that important, we had a few more business needs that couldn’t be solved by using DFS-R to backup in our HQ in Horgen.

So we purchased a BackupExec Media Server license, and i tried installing BackupExec. It reminded me that installing on an RODC requires a seperate Windows installation that runs SQL Server. Well, we have Hyper-V and enough Windows licenses to do this, so i didn’t think of this as a big deal.

I’ve setup a VM with WS08, installed SQL Server Express with an Instance called “BKUPEXEC” and tried installing BackupExec, pointing it at the remote SQL Server Express (that was configured to allow remote connections).

The RODC is called LYS-RODC-01. The SQL Server Express VM is called LYS-SQLE-01, with a SQL Server Instance called BKUPEXEC.

It didn’t work:

08-08-2008,23:22:58 : There is no MSSQL$BKUPEXEC Service
08-08-2008,23:22:58 : V-225-212: Unable to connect to SQL Server. ***To search for information about this error, click here
08-08-2008,23:22:58 : Failed to configure SQL instance LYS-RODC-01\BKUPEXEC SQL instance to allow updates.
08-08-2008,23:22:58 : Action ended 23:22:58: InstallFinalize. Return value 2.
08-08-2008,23:22:59 : Action 23:22:59: Rollback. Rolling back action:

The error message seems strange. Why does it connect to the RODC - there is no SQL Server on the RODC, and i configured it correctly in the setup.

I read through the logfile multiple times. Didn’t find a mistake. Reinstalled the SQL Server VM a few times using a variety of SQL Server and OS combinations.

I contacted Symantec Support (which was a bit of a letdown, first i had to talk someone in one of the Eastern European countries who could barely speak German, and next i had to talk to someone from India who could barely speak English, much less German). After almost a month, i still wasn’t anywhere near a solution.

I’ve spent a few more days playing around until i finally tried something that worked.

I changed the name of the SQL Server instance from BKUPEXEC to SQLEXPRESS.

This fixed the problem.

I’m still baffled by this.

As our Microsoft Partner Program Renewal Date is coming up, i decided to do some work to get everything together and go Gold Certified.

With just a bit of work, this has worked out (the number of sales we made also played into that).

If you’re wondering how we got 120 points with us being a rather small company, it’s quite easy:

• Get two competencies - for this you’ll need:
  • Two MCPs with relevant certs
  • The Information Worker & Network Infrastructure competencies are the easiest
  • Three customer references per competency minimum - 10 customer references total to get full points
• A total of 10 customer references - you’ll need only 6 if you have 18 points for Sales Performance
• Microsoft Small Business Specialist for 5 extra Points - for this you’ll need 70-282 and an online exam.
• A minimum of 7 points through MCPs - two MCITP/MCSE and one MCP will give you that
• A minimum of 10 points of Sales Performance

This should give you a total of 122 points - more than enough for a Gold Certified Partner!

As a side note, my current employer Acommit AG also has a job opening in a Systems Engineer position. If you have strong Windows, Exchange and IBM i skills and thinking of working for a company near Lake Zurich, apply now!