If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#21
|
|||
|
|||
Windows server 2003 licencing
"Guy Macon" http://www.guymacon.com/ wrote in message
... How is WebX going to allow a user at home to login to a system in the office? The WebX thin client runs on Internet Explorer. A ClearSCADA-specific ActiveX control is downloaded from the WebX server. Data is displayed to the users as secure XML and HTML pages on standard web ports with 128-bit SSL encryption. All that is required is a bog-standard installation of Windows, a firewall that allows web access, and a local user willing to click the button giving the remote user control of his desktop. So my requirement is for access to a remote machine without any manual intervention. And why in the name of security would I ever allow a third party computer that I do not administer to have access through our firewall to our most sensitive infrastructure? Unless you are blocking web access or blocking all ActiveX (really blocking it, not just requiring the user to click on a permission dialog box), you already are allowing a third party computer that you do not administer to have access through your firewall to whatever the logged in user can access. On DMZ hosts, we certainly do block outgoing access to just about everything. If you are allowing ordinary users access to your "most sensitive infrastructure", that's another problem. I will assume that is hyperbole. We allow the people who need access to services access to those services, not more and not less. Your mileage may vary, and I am the first to understand that the software RAID approach has many shortcomings. But for low importance end user computers, they have proven themselves over and over. In my opinion. you should set up a system that cannot lose data no matter what the failure mode is. Back up the configuration, operating system and apps -- the things that don't change from day to day -- and keep your data on redundant network storage. You mean put end users directly onto the SAN and have them boot from it? That's something I have always wanted to do but have misgivings about how reliable it might be, and of course we would have to wire fibre everywhere. I keep waiting for iSCSI to get cheap and easy, and it's getting close to the witching hour on that one. -- Will -- Guy Macon http://www.guymacon.com/ |
#22
|
|||
|
|||
Windows server 2003 licencing
In my opinion. you should set up a system that cannot lose data no matter what the failure mode is. Back up the configuration, operating system and apps -- the things that don't change from day to day -- and keep your data on redundant network storage. You mean put end users directly onto the SAN and have them boot from it? That's something I have always wanted to do but have misgivings about how reliable it might be, and of course we would have to wire fibre everywhere. I keep waiting for iSCSI to get cheap and easy, and it's getting close to the witching hour on that one. -- Will you are totally missing the point of Guys feedback. |
#23
|
|||
|
|||
Windows server 2003 licencing
"Nut Cracker" wrote in message
t... In my opinion. you should set up a system that cannot lose data no matter what the failure mode is. Back up the configuration, operating system and apps -- the things that don't change from day to day -- and keep your data on redundant network storage. You mean put end users directly onto the SAN and have them boot from it? That's something I have always wanted to do but have misgivings about how reliable it might be, and of course we would have to wire fibre everywhere. I keep waiting for iSCSI to get cheap and easy, and it's getting close to the witching hour on that one. -- Will you are totally missing the point of Guys feedback. So make his point? If his point is make backups, then sure of course we make backups. But backups take time and backups don't actually always guarantee a recovery. Hardware RAID is fine, but it has failure modes as well, and for simple end user machines can be problematic to effect recoveries that are software based corruption and not hardware failures. Software RAID has for us worked well for such machines. It's not the only recovery method we use. And I may indeed have missed his point so I would appreciate someone elaborating it. -- Will |
#24
|
|||
|
|||
Windows server 2003 licencing
Nut Cracker wrote: The more i think about it, the less suited WebX is for this guy. He says he needs multiple independent sessions on his desktops. Yes, this baffles me too. WebX gives secure sharing of a desktop session, but does not setup or make available independent sessions on systems that dont normally support them (like XP). So, WebX is out. I mentioned it in the beginning of this thread because i wrongly assumed he wanted to shadow his users via RDP sessions for support and whatnot. Ah. I had the same impression. It sounds to me like what he needs is a bunch of XP workstations, and a proper terminal server solution for all these sessions. That would be the conventional, and supported approach. Whatever it is that needs to be run by several people at the same time should be in stalled on a server, and the users can TS to that and have all the sessions they want. Yes, there is a marginal cost per TS CAL, but when compared to licensing a large number of server OS's for the desktop, the cost of the CAL's should be viewed as a savings. Sounds reasonable. At this point I would like to see a list of applications and tasks before commenting further based on possibly wrong assumptions. -- Guy Macon http://www.guymacon.com/ |
#25
|
|||
|
|||
Data on server, OS and apps backed up
Will wrote: Nut Cracker wrote Will wrote: Guy Macon http://www.guymacon.com/ In my opinion. you should set up a system that cannot lose data no matter what the failure mode is. Back up the configuration, operating system and apps -- the things that don't change from day to day -- and keep your data on redundant network storage. You mean put end users directly onto the SAN and have them boot from it? you are totally missing the point of Guys feedback. So make his point? If his point is make backups, then sure of course we make backups. But backups take time and backups don't actually always guarantee a recovery. Hardware RAID is fine, but it has failure modes as well, and for simple end user machines can be problematic to effect recoveries that are software based corruption and not hardware failures. Software RAID has for us worked well for such machines. It's not the only recovery method we use. And I may indeed have missed his point so I would appreciate someone elaborating it. Will, please don't trim the "X wrote" lines when you reply. It makes it hard to see who wrote what, and I have to go back and manually recreate them every time I reply to you. Let's look at your comments one at a time: You mean put end users directly onto the SAN and have them boot from it? No. That's another technique with it's own advantages and disadvantages. I am saying keep DATA on a server. When the user composes an email, writes a document, crates a spreadsheet, etc., save it on a fileserver, not on his local hard disk. Design the system so that no single failure of the fileserver system will result in any data loss. Back up the OPERATING SYSTEM and APPLICATIONS -- the things that don't change. If designed properly, you can set the user's PC on fire, buy him a replacement, do a restore, and he will be exactly where he was before the fire without having lost one single byte of data. If his point is make backups, then sure of course we make backups. But backups take time They don't take time on my network. They happen automatically every night. and backups don't actually always guarantee a recovery. The come a heck of a lot closer to guaranteeing a recovery than software RAID does! I run a nightly backup and once a month I do a test restore to a spare PC I keep on the shelf and then swap it with the PC on one of the user's desktops, making his old system a spare on the shelf. What are the odds that this well-tested system will suddenly not work when there is an actual failure? Hardware RAID is fine, but it has failure modes as well, and for simple end user machines can be problematic to effect recoveries that are software based corruption and not hardware failures. And software RAID allows recovery in that situation...how? Software RAID has for us worked well for such machines. It's not the only recovery method we use. It's not a recovery method at all. RAID does two things and does them well: it lets you keep running after a hard disk failure, and it increases I/O performance if the speed of the drives is the bottleneck. A proper backup/recovery method lets you recover from a hard disk crash, a fire, a stolen computer, malware deleting all your data, a windows update that leaves the computer unbootable, someone booting from a DOS diskette and formatting the drives -- in short, from any data loss. RAID -- hardware or software -- only protects you from the hard disk crash. Again I say, your best bet is to back up the configuration, operating system and apps -- the things that don't change from day to day -- and to keep your data on redundant network storage. And don't be too much in love with something just because it has worked for you in the past. -- Guy Macon http://www.guymacon.com/ |
#26
|
|||
|
|||
Data on server, OS and apps backed up
"Guy Macon" http://www.guymacon.com/ wrote in message ... I am saying keep DATA on a server. When the user composes an email, writes a document, crates a spreadsheet, etc., save it on a fileserver, not on his local hard disk. Design the system so that no single failure of the fileserver system will result in any data loss. I agree with this. I would go a step further and say that someday I dream of keeping both the applications and data on servers, and going to a pure thin client architecture for access from the end user's workstations. It's nirvana, and with very limited human and financial resources we crawl in that direction, and I think we will get there. Back up the OPERATING SYSTEM and APPLICATIONS -- the things that don't change. If designed properly, you can set the user's PC on fire, buy him a replacement, do a restore, and he will be exactly where he was before the fire without having lost one single byte of data. Sure, but I've seen full machine restores from tape fail to work (inevitably some critical open file was locked, or if you had an open file agent it caught the file in a transition state, etc). My ideal backup product would let me do exactly what software RAID 1 does, but the target would be a file instead of a drive. You could create the mirror image with all files open, break the mirror, then backup the mirror to tape. Once Symantec releases the free version of its wonderful StorageFoundation product later this year, I'm tempted to use that to break the mirror each night, backup the broken disk (which would have no open files because it is no longer the system drive in use), then recreate the mirror after the backup finishes. If his point is make backups, then sure of course we make backups. But backups take time They don't take time on my network. They happen automatically every night. My bad. I meant restores take time, not backups. The point is a system disk failure when you have a duplicate drive can be recovered quickly, in the background, while the user works. All of our end user workstations use hotswap drives. Restores from tape can take one plus hour, and inevitably when they are done sometimes the system won't boot, or will boot with a corrupted configuration. and backups don't actually always guarantee a recovery. The come a heck of a lot closer to guaranteeing a recovery than software RAID does! I run a nightly backup and once a month I do a test restore to a spare PC I keep on the shelf and then swap it with the PC on one of the user's desktops, making his old system a spare on the shelf. What are the odds that this well-tested system will suddenly not work when there is an actual failure? I commend you for doing regular test restores. It's all about time and resources. However, I wasn't saying software RAID was a replacement for backups. I was saying software RAID gives an additional restore capability beyond what backups give. Hardware RAID is fine, but it has failure modes as well, and for simple end user machines can be problematic to effect recoveries that are software based corruption and not hardware failures. And software RAID allows recovery in that situation...how? Let's take an example like you a bad software install that altered your registry and corrupted something in system32 and you cannot even boot: We keep seven backups of the registry on the hard drive, made nightly by a scheduled task. We remove the Windows boot drive from the system, and take it to any server where you can mount the drive and import its configuration. We manually backup the old (corrupt) c:\windows\system32\config directory, then overwrite it with the last known good working registry files. If needed, we backup the (corrupted) system32, then we can then restore from tape (or on disk system state backups) the last known good image of system32. Since the drive we operate on in this case is not the active system drive, none of these critical files are locked. Being able to work with the system drive in this offline state has saved so many systems so many times I am just sold on its value. It does not replace backups. It complements them. -- Will |
#27
|
|||
|
|||
Data on server, OS and apps backed up
("Guy Macon wrote" added by hand. Again. Please don't delete the attributions. Without them it is hard to figure out who wrote what.) Will wrote: However, I wasn't saying software RAID was a replacement for backups. I was saying software RAID gives an additional restore capability beyond what backups give. I agree. Sure, but I've seen full machine restores from tape fail to work (inevitably some critical open file was locked, or if you had an open file agent it caught the file in a transition state, etc). Read about Volume Shadow Copy Service he http://en.wikipedia.org/wiki/Volume_Shadow_Copy_Service http://technet2.microsoft.com/Window...w+Copy+Service Do practice restores. After seeing the resore happen without a problem a couple of hundred ties, you will be assured that the backup/restore process doesn't suffer from the problem described above. Hardware RAID is fine, but it has failure modes as well, and for simple end user machines can be problematic to effect recoveries that are software based corruption and not hardware failures. (Guy Macon http://www.guymacon.com/ wrote And software RAID allows recovery in that situation...how? Let's take an example like you a bad software install that altered your registry and corrupted something in system32 and you cannot even boot: We keep seven backups of the registry on the hard drive, made nightly by a scheduled task. We remove the Windows boot drive from the system, and take it to any server where you can mount the drive and import its configuration. We manually backup the old (corrupt) c:\windows\system32\config directory, then overwrite it with the last known good working registry files. If needed, we backup the (corrupted) system32, then we can then restore from tape (or on disk system state backups) the last known good image of system32. Since the drive we operate on in this case is not the active system drive, none of these critical files are locked. Being able to work with the system drive in this offline state has saved so many systems so many times I am just sold on its value. It does not replace backups. It complements them. You appear to be under the false impression that for some reason you can do the above with software RAID 1 but cannot do the above with hardware RAID 1. If so, I believe that you are mistaken. If not, I don't understand what you mean when you write "For simple end user machines [Hardware RAID] can be problematic to effect recoveries that are software based corruption and not hardware failures." I am also having trouble understanding this bit: "We remove the Windows boot drive from the system, and take it to any server where you can mount the drive [...] Since the drive we operate on in this case is not the active system drive, none of these critical files are locked." Again, the behavior of software RAID 1 and hardware RAID 1 are identical in the situation you describe. Also, I don't see how any file on the newly-mounted drive can possibly be locked. Read more about file locking he http://en.wikipedia.org/wiki/File_locking http://technet2.microsoft.com/Window...ile+Locking%22 (When you reply, please don't delete the attributions. Doing that makes it hard to figure out who wrote what.) -- Guy Macon http://www.guymacon.com/ |
#28
|
|||
|
|||
Windows server 2003 licencing
"Will" wrote Software RAID has for us worked well for such machines. It's not the only recovery method we use. Software RAID is NOT a recovery method AT ALL. It is redundancy to improve uptime. If a sysadmin is telling you that RAID is a disaster recovery method, then you ought to look at replacing the sysadmin. |
#29
|
|||
|
|||
Data on server, OS and apps backed up
"Guy Macon" http://www.guymacon.com/ wrote ("Guy Macon wrote" added by hand. Again. Please don't delete the attributions. Without them it is hard to figure out who wrote what.) I guessed from the writing styles... Will wrote: However, I wasn't saying software RAID was a replacement for backups. I was saying software RAID gives an additional restore capability beyond what backups give. I agree. I don't. RAID gives you redundancy through uptime. Not "restore capability" Sure, but I've seen full machine restores from tape fail to work (inevitably some critical open file was locked, or if you had an open file agent it caught the file in a transition state, etc). So have I. Invariably because the people assume that their backup is good because they do it. You need to TEST your bckup and make sure that you can use it to recover a machine if needs be. Otherwise, there's not much point in doing it. Reminds me of the story of a guy who wiped a machine, then rang us up to ask how to restore from backup. He had a tape, but he didn't know what backup software they used to create the tape with. Do practice restores. After seeing the resore happen without a problem a couple of hundred ties, you will be assured that the backup/restore process doesn't suffer from the problem described above. Indeed. There speaks the voice of experience. "For simple end user machines [Hardware RAID] can be problematic to effect recoveries that are software based corruption and not hardware failures." RAID is not appropriate at all for simple end user machines. By the time you've put RAID into 5 PCs, you could have better spent the money on a 6th PC. Then you ALWAYS have a spare that you can swap out at the drop of a hat to work on the PC that has a problem. I am also having trouble understanding this bit: "We remove the Windows boot drive from the system, and take it to any server where you can mount the drive [...] Since the drive we operate on in this case is not the active system drive, none of these critical files are locked." WTF??? Have you ever heard of OBDR? Google it and see what comes up. ODBR is good for servers in small environments (few servers). For PCs, you backup any data to a server and reimage / reinstall the PC if necessary. |
#30
|
|||
|
|||
Data on server, OS and apps backed up
"Guy Macon" http://www.guymacon.com/ wrote in message news Read about Volume Shadow Copy Service he http://en.wikipedia.org/wiki/Volume_Shadow_Copy_Service http://technet2.microsoft.com/Window...w+Copy+Service I read through that and it's great technology. How can you enable Volume Shadow Copies of entire volumes on Windows XP Professional SP2? I see the service installed under Windows XP, but I don't see any properties tab to support it on any Windows XP volume. Perhaps it is used silently only by the backup utility and there is no opportunity to control features like the volume on which the shadow copy is placed? You appear to be under the false impression that for some reason you can do the above with software RAID 1 but cannot do the above with hardware RAID 1. If so, I believe that you are mistaken. If not, I don't understand what you mean when you write "For simple end user machines [Hardware RAID] can be problematic to effect recoveries that are software based corruption and not hardware failures." Let's say I have a mirrored hardware RAID volume. How can I work with it in the case it does not boot. There are a variety of ways, all of them more painful and sometimes destructive of data: - I can install a parallel OS. That takes time. Sometimes there is not enough space left on the drive as well. - I can remove the drive and install to an identical hardware RAID controller on another machine. However sometimes you don't have an identical controller. It takes time to set up the environment and use it. I have also had cases where importing a foreign drive to a RAID controller simply erased the volume. Finally, I find that many junior administrators simply don't "get it" when dealing with many different BIOS level control interfaces for hardware RAID controllers. It means special training for each kind of hardware RAID. So while possible, it is rarely convenient, and it is not without some risk. I am also having trouble understanding this bit: "We remove the Windows boot drive from the system, and take it to any server where you can mount the drive [...] Since the drive we operate on in this case is not the active system drive, none of these critical files are locked." Again, the behavior of software RAID 1 and hardware RAID 1 are identical in the situation you describe. Not identical at all. A volume prepared by one make and model of hardware RAID controller cannot be read by another make and model of hardware RAID controller. With software RAID, I can take the volume to any Windows server and mount it, and I simply don't care whose SCSI or SATA controller is installed on that server. It's JBOD at that point. 90% of the hardware RAID solutions I have used do not allow their disks to be read by a JBOD SCSI controller of a different make/model. Also, I don't see how any file on the newly-mounted drive can possibly be locked. Read more about file locking he http://en.wikipedia.org/wiki/File_locking http://technet2.microsoft.com/Window...ile+Locking%22 You forgot to read the words "none of" in front of "these critical files are locked." I was saying that you do NOT deal with locked files when you mount the drive on a foreign system, and you read it as the inverse. -- Will |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WARNING LONG - Brian Livingston's take on Windows Genuine Advantage | Sparky Spartacus | Dell Computers | 12 | June 20th 06 12:09 PM |
Windows 2003 Server | [email protected] | Nvidia Videocards | 2 | April 18th 06 01:39 PM |
P4C800-DELUXE XP Install Problems --- Hanging | bubbadawg | Asus Motherboards | 2 | April 12th 06 02:39 AM |
Lexmark x83 & Windows Server 2003 | xelon | Printers | 0 | January 28th 04 04:32 AM |
Windows Server 2003 and GeForce 256 Direct3D | BeyerIII | Nvidia Videocards | 0 | December 15th 03 05:57 AM |