J Wolfgang Goerlich's thoughts on Information Security
Hyper-V RC Tip -- Installing and Setting IP

By wolfgang. 28 March 2008 11:54

The release candidate for Hyper-V is now out. I am doing some performance and feature testing. Meantime, here are some times on installing Hyper-V on a Windows Server 2008 Enterprise 64-bit core build.

Name the computer:

  • netdom renamecomputer %computername% /newname:<your server name>

Enable remote management:

  • On the core server: WinRM quickconfig
  • On the client: winrs -r:<your server name> cmd

Set the IP address:

  • netsh interface IPv4 show interfaces
  • netsh interface ipv4 set address name="Interface" source=static address=192.168.1.10 mask=255.255.255.0 gateway=192.168.1.1
  • netsh interface ipv4 add dnsserver name="Interface" address=192.168.1.50 index=1

Install Hyper-V:

  • Download the Hyper-V RC and copy it onto the server
  • wusa.exe Windows6.0-KB950050-x64.msu
  • start /w ocsetup.exe Microsoft-Hyper-V

Tags:

Hyper-V

Out and About: Xerox next Week

By wolfgang. 27 March 2008 16:51

Event information:
2008 Office Roadshow
6-May-08
Time: 9:00AM - 11:30AM Eastern Time (US & Canada)
The Inn at St. John's - Detroit (Plymouth)
44045 Five Mile Road
Detroit (Plymouth), Michigan 48170

Tags:

Out and About

Inside the Twisted Mind of the Security Professional (Wired)

By wolfgang. 20 March 2008 22:24

Inside the Twisted Mind of the Security Professional:

"Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it."

 

Tags:

Security

Selecting backup data centers for DR

By wolfgang. 18 March 2008 15:20

Business continuity and disaster recovery have been on my mind a lot lately. The SNW conference is fast approaching and I am putting the final touches on my slide deck. One question is when and where a company should open a backup data center.

First, and I cannot stress this enough, do an impact analysis. Do you really need another data center? The text book example is the company, in an earthquake zone, which determines that bolting server racks down and buying additional insurance provides the same level of protection at significantly less cost. Your organization does not operate in a textbook, of course, and you may very well need another data center.

Having made the business case and established the budget, the next question is where to locate the facility. The following should be researched and considered:

  • Access – road, rail, and air, telecommunications
  • Proximity to current data center (under 30 miles makes real-time fail-over possible)
  • Local crime rates (history of protests, strikes, or riots)
  • Municipal services (police, fire, ambulance, power)
  • Wind patterns (is this downwind from nuclear power plants or military targets?
  • Weather patterns (hurricanes, tornadoes, et cetera)
  • Geophysical conditions (fault lines and earth quakes)

Gather all of this information and begin looking possible sites. Look for sites that are within budget and near high speed Internet backbone links. Narrow these down to those with redundant power distribution points. Then consider such things as wind and weather. This should narrow the possible sites down quite a bit. Then begin considering how your organization will transport people to this location. Airlines are best, but flights may be grounded in a widespread disaster, so also look for wide accessible highways.

In the end, come up with the punch list of three to five ideal sites. Go out for a site visit and confirm your assumptions. Some sites might not make the cut upon visiting, as your information may be out of date. At the end of this process, you will have done the homework and due diligence to make the recommendation to senior management.

Tags:

Business Continuity

XenServer hangs on Himem.sys when booting DOS

By wolfgang. 12 March 2008 04:12

I am testing out XenServer for server virtualization, and Acronis for physical-to-virtual conversions. When booting on the Acronis restore CD, the vm displays:

cirrus-compatible VGA is detected
Processor 1: Xen(R) Virtual CPU
XS Virtual IDE Controller  Hard Drive (16384MB)
Unknown device
Unknown device
XS Virtual ATAPI-4  CD-Rom/DVD-Rom

Boot device: CD-Rom - success.
Starting Caldera DR-DOS...
HIMEM.SYS: Cannot control address line A20.

Caldera DR-DOS 7.03
Copyright (c) 1976, 1998 Caldera, Inc. All rights reserved.

It then hangs with the processor consuming 100% of the resources. I notice the same behavior when booting from a DOS 6.22 disk with Himem.sys loading, even if I specify /a20control:off.  I found an article from Microsoft that describes the problem. Submitted it to Acronis to get a fix. They wrote back “We have confirmed this behavior with the Xen Virtualization platform with the DR process. Right now it has been logged as a defect in our bugtracker. Right now I do not have an ETA on this being resolved.”

 The "Unable to control A20 Line" error message
http://support.microsoft.com/kb/73713

There are two workarounds for this problem:

Add the /M:x switch to the HIMEM.SYS line in the CONFIG.SYS file, where x is number from the valid range of 1-14 and 16, and then restart your computer. For example: DEVICE=C:\DOS\HIMEM.SYS /M:1

Upgrade your computer's BIOS or contact your computer vendor for help with the modification of your CMOS settings. You may need to disable a FastGate (or similar) option.

The A20 line is the start of the first 64K of extended memory, known as the high memory area (HMA). The HIMEM.SYS device driver must control the A20 line to manage extended memory. The HIMEM.SYS driver reports the error if it incorrectly identifies the extended memory handling mechanism of the computer or if the handling method of the computer's BIOS is unknown.

Tags:

Troubleshooting | Virtualization

    Log in