WindowsNetworking.com Monthly Newsletter of March 2009 Sponsored by: PJ Technologies

Welcome to the WindowsNetworking.com newsletter by Thomas W Shinder MD, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: tshinder@windowsnetworking.com

1. The Many Faces of Microsoft Virtualization

Virtualization is hot, really hot. While 8 years ago I remember singing the praises of server virtualization to empty rooms or blank faces, today everyone and his brother wants on board the server virtualization bandwagon. And why not? Server virtualization enables tremendous flexibility in building out new datacenters, enhances both high availability and disaster recovery, and enables you to reverse the painful and expensive side effects of server sprawl. When it comes to server virtualization, it's all good.

But when things are this good, you can bet someone has it in mind to make them even better. That's where Microsoft's fleet of virtualization technologies comes in. That's right. Microsoft is a major player in the virtualization space.

For you home gamers, Microsoft first got on board the virtualization train a few years ago with their desktop virtualization product, Microsoft Virtual PC 2004. Since then there have been two other Virtual PC releases: Virtual PC 2005 and Virtual PC 2007. And while I'm not sure about this, I'd be willing to bet a dollar that there will be a virtual PC 2009.

Check out the following link for some fun information on Virtual PC.

In the server virtualization space, Microsoft first introduced Virtual Server 2005 and then did an almost major upgrade with the release of Service Pack 1 for Virtual Server. However, Virtual Server was not an optimal server virtualization solution because it was a Type 1 hypervisor, which has dependencies on an underlying operating system to work correctly.

In order to become a major player in the server virtualization space, Microsoft had to come up with a Type 2 hypervisor; one that is not dependent on an underlying operating system and could in fact run on bare metal without the aid of Windows. This is what Hyper-V is all about. While Hyper-V will install as a role on a full Windows Server 2008 installation or in a Server Core installation of Windows Server 2008, it will also install as a standalone hypervisor. This is called Windows Hyper-V Server.

However, basic client and server virtualization were just the beginning. While Hyper-V and Virtual PC are great products, they just touch the tip of the Microsoft virtualization iceberg. Today you have a number of Microsoft virtualization options:

• Presentation Virtualization with Windows Terminal Services and with Windows Server 2008 R2 Windows Server Remote Desktop Services
• Virtual Desktop Infrastructure (VDI) with Hyper-V and XenDesktop. Create a static or dynamic server-based virtual desktop infrastructure using a combination of Microsoft and Citrix products. Very cool. You can find more information at the Microsoft VDI website.
• Microsoft Enterprise Virtual Desktop (MED-V). Using MED-V, you can install virtual machines transparently on laptop and desktop systems and have applications run on the VM appear on the laptop or desktop computers screen, appearing as if they were being run from the host operating system. Amazing stuff. For a cool downloadable demo click here.
• Application virtualization with Microsoft App-V. With application virtualization using Microsoft App-V, you can deliver applications by streaming them over the network or even over the Internet. Streamed applications execute on the client machine, not on the server, and can be used when the client is offline.

As you can see, virtualization has come a long way. In future articles we'll talk about these key virtualization technologies in light of Windows networking, as each of these options depends on your Windows networking infrastructure. Stay tuned for the good stuff.

See you next month!

Tom 
tshinder@windowsnetworking.com
For ISA or TMG firewall, as well as other Forefront Consulting Services in the USA, call me at 206-443-1117 or visit Prowess Consulting web site

Got a networking question that you can't find the answer to? Send a note to Dr. Tom at tshinder@windowsnetworking.com and he'll answer your question in next month's newsletter.

=======================
Quote of the Month - "A picture is worth a thousand words. An interface is worth a thousand pictures". - Ben Shneiderman
======================

2. ISA Server 2006 Migration Guide - Order Today!

3. WindowsNetworking.com Articles of Interest

• VNC Enterprise Edition - Voted WindowsNetworking.com Readers’ Choice Award Winner - Remote Control Category
  
• The Arithmetic Logic Unit
  
• Working With the Domain Controller Diagnostic Utility (Part 4)
  
• Deploying Vista - Part 25: Preparing Microsoft Deployment Toolkit for Deploying Vista
  
• SpamTitan Product Review
  
• Deploying Vista - Part 26: Deploying Vista Using Microsoft Deployment Toolkit
  

4. KB Article of the Month

How to troubleshoot Secure Socket Tunneling Protocol (SSTP)-based connection failures in Windows Server 2008

This article describes how to troubleshoot Secure Socket Tunneling Protocol (SSTP)-based connection failures that you may experience in Windows Server 2008.

SSTP is a new kind of Virtual Private Networking (VPN) tunnel that is available in the Routing and Remote Access server role in Windows Server 2008. SSTP allows for Point-to-Point Protocol (PPP) packets to be encapsulated over HTTP. This feature allows for a VPN connection to be more easily established through a firewall or through a Network Address Translation (NAT) device. Also, this feature allows for a VPN connection to be established through an HTTP proxy device.

The information in this article is specific to troubleshooting connection failures that relate to an SSTP-based VPN connection. You may receive other error codes on a remote access client computer. However, these error codes may be common for other kinds of VPN tunnels, such as PPTP, L2TP, and SSTP. For example, this article does not discuss error codes that you may receive if a remote access policy fails, if client authentication fails, or if a server does not support the ports that are required for the particular kind of connection

Check out this helpful troubleshooting KB article.

5. Windows Networking Tip of the Month

Netstat is a useful tool for determining what ports and IP addresses your computer is listening on and has accepted connections to, and also for information on what ports and IP addresses your computer is connected to. The problem is that when reading the output of a netstat print out, you might get lost in the sea of information it provides.

Let's take a look at a trick I use frequently. I often want to find out what IP addresses a computer is connected to over a certain port number. Let's use the example of the Firewall client control channel that's used by the ISA and TMG Firewall Client application (which is a generic Winsock proxy client application). The Firewall client control channel is TCP port 1745. What I might like to do is quickly see the Netstat entries that include the string "1745". To get the desired result, I enter the following at the command prompt:

Netstat -nao | findstr 1745

After doing that, I get what you see below.

Instead of seeing hundreds of lines, I see only those that have the string of interest. The findstr command works for other command line utilities too. Give it a try and see how it works for you!

6. WindowsNetworking Links of the Month

• A Scalable Networking Pack (SNP) hotfix rollup package is available for Windows Server 2003
  
• Description of the Microsoft server applications that are supported on Windows Server 2008
  
• Windows Server 2008 Network Shell (Netsh) Technical Reference
  
• Windows Server 2008 Terminal Services White Paper: Security
  
• Windows Home Server Technical Brief for Home Networking
  

7. Ask Dr. Tom

QUESTION:

Hi Dr. Tom,

I need to get a handle on controlling bandwidth utilization on my network. While we have a gigabit switches, we also have very demanding users who need to frequently copy large files across the network. We also have very heavy e-mail use and SharePoint and database use over the network. Combine that with all the other traffic that networks usually see and things are getting a bit out of hand. Is there anything I can do from the Windows side of the house to get things under more control?

Thanks! - Teddy

ANSWER:

If you are using Windows Server 2008 and Windows Vista or Windows 7 clients, then I have some excellent news for you. You can do something on the Windows side of the house! Windows Server 2008 enables you to create policy based bandwidth controls on connections made by domain member Vista and Windows 7 clients on your Windows Server 2008 Active Directory networks.

Policy based QoS settings allow you to prioritize traffic or control the sending rate for outbound network traffic from managed clients. Decisions are made based on

• Sending application
• Source or destination Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) addresses or address prefixes
• Protocol (Transmission Control Protocol [TCP], User Datagram Protocol [UDP], or both)
• Source or destination ports (TCP or UDP)

As you can see, this gives you a lot of options for controlling application sending rates and setting priorities. The cool thing is that you can control based on the applications themselves, so that if you identify applications that are consuming more bandwidth than you want them to do, you can throttle them down using Group Policy. And for applications that very low latency, you can assign them high priorities that will work with your QoS enabled routers and switches.

To learn more about Windows Server 2008 policy based QoS, check out this link.

Got a question for Dr. Tom? Send it to tshinder@windowsnetworking.com.