The Lone Sysadmin

“No one wants to learn by mistakes, but we cannot learn enough from successes to go beyond the state of the art.” – Henry Petroski, “To Engineer is Human: The Role of Failure in Successful Design”

My friend Jon has a script to randomize quotes in his email signature, and this came through yesterday. I’ve always enjoyed Henry Petroski’s books, and though he’s a civil engineer most of the lessons are ones IT professionals can learn from, too.

Luckily, most of our mistakes don’t involve buildings collapsing, though.[0]

——————-

[0] Which reminds me of another thing a former boss of mine used to say during crisis situations: “Calm down, nobody is dying here.”

“How big is your virtual environment?”

I love that question. Find a virtual environment and ask ten people who work on it, and they’ll give you ten different answers. “It’s pretty big,” one person will say. The next person will say “oh, we’re small.” The next two people asked will argue with each other until you shake your head and walk away. It’s all relative, too. If most guys you know have 50 virtual machines, and you have 200, you’re big, relatively-speaking. You’ve got problems they don’t have, and you’d probably like to talk with others that have had those same problems. Talking to a guy who has 2000 VMs isn’t going to help you much, though. He’s operating at a whole different scale, size, and budget level.

I spent some time this morning answering questions for a fellow who wants to build a large virtual environment. He didn’t have a lot of specifics to start with, but was really balking at what I was suggesting he look into for storage, servers, etc. As it turns out, “large” to him was really only 50 virtual machines in the next three years. That’s a big difference from what I perceive as large, which means many thousands of dollars, different storage and software strategies, completely different P2V approaches, etc.

As such, I propose some simple terminology, based on a logarithmic scale, to help sort out sizing:

I have 300 virtual machines, so I consider myself to be medium-sized. When I get to 1000 VMs I’ll be large.

Complexity is a whole different problem. From a complexity perspective my environment is pretty simple. The thing is, someone can take a small environment and make it really complex. And some of the biggest environments I’ve seen have been pretty simple, overall. It’s only scale I’m proposing labels for.

At any rate at least I have a graph to point to when I’m talking about this stuff. :-)

Some friends of mine and I have been following Alice Peacock for years. I’m not quite sure anymore how we got started listening to her, but she’s great. You may have heard her songs on the radio, or on a Hershey’s chocolate commercial. I saw her in Madison, WI last Friday. I didn’t have her newest CD so I bought one. Being me, I decided I didn’t want her to sign it in the same way every artist signs a CD, and so:

Nice!

It’s cool what happens when you ask people to do something a little bit differently.

At least once a day I have this conversation, usually with one of the same four people:

“Hey Bob, do you know what ‘pam_tally(sshd:setcred): unknown option: no_magic_root’ means?”

“Have you tried searching for the answer yourself?”

“No. Why?”

<uncomfortable pause goes here>

As such, I adore the creators of “Let Me Google That For You.”

http://lmgtfy.com/

(hat tip to my friend Terry Bradshaw for finding this one).

For months now my Windows Vista, and now Windows Server 2008 desktop has been losing its default printer every night. I haven’t been able to figure it out until now: it’s the Remote Desktop Client remapping my printers when I connect from home.

There are three fixes for this:

1. You can tell your RDP client to not map printers, in the “Local Resources” options tab. This is easy but you have to remember to do it.

2. On the host side on Windows Server 2008 you can go into Administrative Tools->Terminal Services->Terminal Services Configuration, right click the RDP-TCP connection, pick “Properties,” and disable it under the “Client Settings” tab.

3. On the host side on Windows Vista you can follow Microsoft KB article 268065 and add a registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd.

Now you know, and as they say in G.I. Joe, knowing is half the battle.

Q: What’s the easiest way to get rid of malware on Windows[0]?

A: Not to get it in the first place.

A couple of other observations I made while cleaning a friend’s computer:

1. The malware was detected by my friend because it was closing windows. Any window that could be used to fix the infection was closed by the malware. That doesn’t seem to be a very productive strategy for staying installed.

2. The Avast BARTPE CD creator rocks. Luckily, a part of my organization that does more desktop support for customers has a license for it. It’s really nice to boot off a CD to fix everything.

3. I started with the Avira free antivirus scanner. It is worth what you pay for it. I couldn’t get it to switch to the right screen resolution so I could see the buttons to trigger a scan, the English edition is in German, and there are no command-line utilities that work (or documentation to indicate what I should be doing). In the immortal words of Maddox: Terrible. F.

4. I really like how malware authors are taking out ads for antivirus products on Google. Search for “avast” or “avira” and the sponsored links at the top of the results are not reputable sources…

—————-

[0] Pre-emptive snarky comment: “Windows sux!” or “Linux wouldn’t have this problem” or “Apple r00lz!” — yes, we know, in a perfect world you’d be the benevolent emperor and would require everyone to use some other far-superior OS.[1]

[1] All OSes suck.

Hey, what’s this? It’s a blog… and I seem to have a login to it. :-)

Some of you have emailed me, wondering where in the heck I’ve gone. It’s not a long story:

1. Work has been nutty lately. I can safely summarize it by saying “be careful what you wish for.” For a long time I’ve wanted to get more involved with project management and higher-level decision making in my organization. Now I long for the days when it was just me, vi, and a dark room.

2. My hobbies have been nutty lately. I decided about a year ago that I’d like to try producing a play with my theater company, Strollers Theatre. I’ve done that now. There’s really no way to describe how difficult it is to start from nothing and build a show that people will want to attend. I can say that it’s a lot easier when you get the right people on your team. Someone who is on top of their game makes everything more enjoyable. It’s finding those people that’s tough (and then not burning them out).

On top of it all, where I’ve had some personal time it’s been consumed with weddings, funerals, births, emergencies, illnesses, my desire to sleep, and occasionally some escape back into World of Warcraft (yeah, I started playing again — a guy needs at least one fun hobby). :-) At any rate, this week is different. I’m getting back on the horse here, catching up on my blog reading, and going to start writing again. Yeehah!

Yet another frequently asked question: My company is getting more serious about virtualization. Should we keep using our fibre channel SAN or switch to iSCSI or NFS?

My usual answer is a series of questions: What technology do you know best? How big is your SAN? Why are you thinking about switching? What’s your performance like? What will it cost?

The thing is, I never have an answer. Whereas some common virtualization questions have easy answers this one depends heavily on what you’re trying to do. iSCSI is a great way for small- and medium-sized organizations to get into cluster filesystems. With 10 Gbps Ethernet you can get SAN-like performance, too, but 10 Gbps NICs are as costly as fibre channel HBAs. If you already have a fibre channel SAN you may already have a lot of what you need. There are large iSCSI-based virtualization implementations, there are large NFS-based ones, and obviously large FC-based ones, and a lot of good reasons to choose any of them.

Sometimes there’s a massive savings with one of the technologies, or there’s a particular storage vendor that you like that only does iSCSI, NFS, or fibre channel. If there is not a compelling reason to go one direction or another, and everything you’re evaluating is on the Hardware Compatibility List, I’d make the call based on what I know and limit the number of new things I’m trying to do at once.

Update: Commenters are chiding me for not mentioning NFS, and the chiding is a good thing. I don’t use NFS, but a lot of people do, and they love it. The problem I’ve had with NFS is that VMware doesn’t seem to think it’s as cool as other options, because their certification of NFS-based arrays seems to lag or not exist in a number of cases (like for SRM). As such I tend not to suggest it, because I don’t want to see someone get trapped with it. However, with Storage VMotion, migration to a new storage technology is easy, so it’s not a problem anymore. As such I’ve updated the post. Thanks guys!

——————————–

This is the fourth post in my series of “what VMware questions do I hear most often?” The first three questions were:

1. How much capacity should I have for VMware?
2. Should I convert my old servers to ESX?
3. What kind of servers should I buy for VMware?

If you think of a question you’d like me to answer please put it in the comments. Thanks!