Cloud Infrastructure (Networking)

Cloud Infrastructure (Networking) 1

INDEX Sr. No. Particular Page Number 1 Introduction to Cloud Computing 4 2 Web Application 10 3 Cloud Server Virtualisation 14 4 Installing & Configuring Virtual Server 21 5 Virtualisation 39 6 Window Server 2008 Hyper V 46 7 Configuration & Management of Hyper V 53 8 Google App & Microsoft Office 365 61 9 Web Application Security 74 10 Cloud Interoperability and Solution 80 11 Backup and Recovery of cloud data 85 12 Server Performance & Monitoring 91 2

Introduction The boom in cloud computing over the past few years has led to a situation that is common to many innovations and new technologies: many have heard of it, but far fewer actually understand what it is and, more importantly, how it can benefit them. This is an attempt to clarify these issues by offering a comprehensive definition of cloud computing, and the business benefits it can bring. In an attempt to gain a competitive edge, businesses are increasingly looking for new and innovative ways to cut costs while maximizing value especially now, during a global economic downturn. They recognize that they need to grow, but are simultaneously under pressure to save money. This has forced the realization that new ideas and methods may produce better results than the tried and tested formulas of yesteryear. It is the growing acceptance of innovative technologies that has seen cloud computing become the biggest buzzword in IT. However, before an organization decides to make the jump to the cloud, it is important to understand what, why, how and from whom. Not all cloud computing providers are the same. The range and quality of services on offer varies tremendously, so we recommend that you investigate the market thoroughly, with a clearly Defined set of requirements in mind. 3

Chapter 1 Introduction to Cloud Computing What is cloud computing? Many people are confused as to exactly what cloud computing is, especially as the term can be used to mean almost anything. Roughly, it describes highly scalable computing resources provided as an external service via the internet on a pay-as-you-go basis. The cloud is simply a metaphor for the internet, based on the symbol used to represent the worldwide network in computer network diagrams. Economically, the main appeal of cloud computing is that customers only use what they need, and only pay for what they actually use. Resources are available to be accessed from the cloud at any time, and from any location via the internet. There s no need to worry about how things are being maintained behind the scenes you simply purchase the IT service you require as you would any other utility. Because of this, cloud computing has also been called utility computing, or IT on demand. This new, web-based generation of computing utilizes remote servers housed in highly secure data centres for data storage and management, so organizations no longer need to purchase and look after their IT solutions in-house. What does it comprises Cloud computing can be visualized as a pyramid consisting of three sections: Cloud Application This is the apex of the cloud pyramid, where applications are run and interacted with via a web browser, hosted desktop or remote client. A hallmark of commercial cloud computing applications is that users never need to purchase expensive software licenses themselves. Instead, the cost is incorporated into the subscription fee. A cloud application eliminates the need to install and run the application on the customer's own computer, thus removing the burden of software maintenance, ongoing operation and support. Cloud Platform The middle layer of the cloud pyramid, which provides a computing platform or framework as a service. A cloud computing platform dynamically provisions, configures, reconfigures and de-provisions servers as needed to cope with increases or decreases in demand. This in reality is a distributed computing model, where many services pull together to deliver an application or infrastructure request. Cloud Infrastructure The foundation of the cloud pyramid is the delivery of IT infrastructure through virtualisation. Virtualisation allows the splitting of a single physical piece of hardware into independent, self governed environments, which can be scaled in terms of CPU, RAM, Disk and other elements. The infrastructure 4

includes servers, networks and other hardware appliances delivered as either Infrastructure Web Services, farms or "cloud centres". These are then interlinked with others for resilience and additional capacity. Types of Cloud Computing 1. Public Cloud Public cloud (also referred to as external cloud) describes the conventional meaning of cloud computing: scalable, dynamically provisioned, often virtualised resources available over the Internet from an off-site third-party provider, which divides up resources and bills its customers on a utility basis. An example is Think Grid, a company that provides a multi-tenant architecture for supplying services such as Hosted Desktops, Software as a Service and Platform as a Service. Other popular cloud vendors include Salesforce.com, Amazon EC2 and Flexi scale. 2. Private Cloud Private cloud (also referred to as corporate or internal cloud) is a term used to denote a proprietary Computing architecture providing hosted services on private networks. This type of cloud computing is generally used by large companies, and allows their corporate network and data centre administrators to effectively become in-house service providers catering to customers within the corporation. However, it negates many of the benefits of cloud computing, as organizations still need to purchase, set up and manage their own clouds. 3. Hybrid Cloud It has been suggested that a hybrid cloud environment combining resources from both internal and external providers will become the most popular choice for enterprises. For example, a company could choose to use a public cloud service for general computing, but store its business-critical data within its own data centre. This may be because larger organisations are likely to have already invested heavily in the infrastructure required to provide resources in-house or they may be concerned about the security of public clouds. Services used on the cloud There are numerous services that can be delivered through cloud computing, taking advantage of the Distributed cloud model. Here are some brief descriptions of a few of the most popular cloud-based IT Solutions: 1. Hosted Desktops Hosted desktops remove the need for traditional desktop PCs in the office environment, and reduce the cost of providing the services that you need. A hosted desktop looks and behaves like a regular desktop PC, but the software and data customers use are housed in remote, highly secure data centre s, rather than on their own machines. Users can simply access their hosted desktops via an internet connection from anywhere in the world, using either an existing PC or laptop or, for maximum cost efficiency, a specialised device called a thin client. 2. Hosted Email As more organisations look for a secure, reliable email solution that will not cost the earth, they are Increasingly turning to hosted Microsoft Exchange email plans. Using the world s premier email platform, this service lets organisations both large and small reap the benefits of using MS Exchange accounts 5

without having to invest in the costly infrastructure themselves. Email is stored centrally on managed servers, providing redundancy and fast connectivity from any location. This allows users to access their email, calendar, contacts and shared files by a variety of means, including Outlook, Outlook Mobile Access (OMA) and Outlook Web Access (OWA). 3. Hosted Telephony (VOIP) VOIP (Voice Over IP) is a means of carrying phone calls and services across digital internet networks. In terms of basic usage and functionality, VOIP is no different to traditional telephony, and a VOIP-enabled telephone works exactly like a 'normal' one, but it has distinct cost advantages. A hosted VOIP system replaces expensive phone systems, installation, handsets, BT lines and numbers with a simple, costefficient alternative that is available to use on a monthly subscription basis. Typically, a pre-configured handset just needs to be plugged into your broadband or office network to allow you to access features such as voicemail, IVR and more. 4. Cloud Storage Cloud storage is growing in popularity due to the benefits it provides, such as simple, CapEx-free costs, anywhere access and the removal of the burden of in-house maintenance and management. It is basically the delivery of data storage as a service, from a third party provider, with access via the internet and billing calculated on capacity used in a certain period (e.g. per month). 5. Dynamic Servers Dynamic servers are the next generation of server environment, replacing the conventional concept of the dedicated server. A provider like Think Grid gives its customers access to resources that look and feel exactly like a dedicated server, but that are fully scalable. You can directly control the amount of processing power and space you use, meaning you don't have to pay for hardware you don't need. Typically, you can make changes to your dynamic server at any time, on the fly, without the costs associated with moving from one server to another. Why switch from traditional IT to the cloud There are many reasons why organisations of all sizes and types are adopting this model of IT. It provides a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Ultimately, it can save companies a considerable amount of money. 1. Removal / reduction of capital expenditure Customers can avoid spending large amounts of capital on purchasing and installing their IT infrastructure or applications by moving to the cloud model. Capital expenditure on IT reduces available working capital for other critical operations and business investments. Cloud computing offers a simple operational expense that is easier to budget for month-by-month, and prevents money being wasted on depreciating assets. Additionally, customers do not need to pay for excess resource capacity in-house to meet fluctuating demand. 2. Reduced administration costs IT solutions can be deployed extremely quickly and managed, maintained, patched and upgraded remotely by your service provider. Technical support is provided round the clock by reputable providers like ThinkGrid for no extra charge, reducing the burden on IT staff. This means that they are free to focus on business-critical tasks, and businesses can avoid incurring additional manpower and training costs. IT 6

giant IBM has pointed out that cloud computing allows organisations to streamline procurement processes, and eliminates the need to duplicate certain computer administrative skills related to setup, configuration, and support. 3. Improved resource utilisation Combining resources into large clouds reduces costs and maximizes utilisation by delivering resources only when they are needed. Businesses needn t worry about over-provisioning for a service whose use does not meet their predictions, or under-provisioning for one that becomes unexpectedly popular. Moving more and more applications, infrastructure, and even support into the cloud can free up precious time, effort and budgets to concentrate on the real job of exploiting technology to improve the mission of the company. It really comes down to making better use of your time focusing on your business and allowing cloud providers to manage the resources to get you to where you need to go. Sharing computing power among multiple tenants can improve utilisation rates, as servers are not left idle, which can reduce costs significantly while increasing the speed of application development. A side effect of this approach is that computer capacity rises dramatically, as customers do not have to engineer for peak loads. 4. Economies of scale Cloud computing customers can benefit from the economies of scale enjoyed by providers, who typically use very large-scale data centre s operating at much higher efficiency levels, and multi-tenant architecture to share resources between many different customers. This model of IT provision allows them to pass on savings to their customers. 5. Scalability on demand Scalability and flexibility are highly valuable advantages offered by cloud computing, allowing customers to react quickly to changing IT needs, adding or subtracting capacity and users as and when required and responding to real rather than projected requirements. Even better, because cloud-computing follows a utility model in which service costs are based on actual consumption, you only pay for what you use. Customers benefit from greater elasticity of resources, without paying a premium for large scale. 6. Quick and easy implementation Without the need to purchase hardware, software licenses or implementation services, a company can get its cloud-computing arrangement off the ground in minutes. Helps smaller businesses compete historically; there has been a huge disparity between the IT resources available to small businesses and to enterprises. Cloud computing has made it possible for smaller companies to compete on an even playing field with much bigger competitors. Renting IT services instead of investing in hardware and software makes them much more affordable, and means that capital can instead be used for other vital projects. Providers like ThinkGrid take enterprise technology and offer SMBs services that would otherwise cost hundreds of thousands of pounds for a low monthly fee. 7. Quality of service Your selected vendor should offer 24/7 customer support and an immediate response to emergency Situations. 8. Guaranteed uptime, SLAs. Always ask a prospective provider about reliability and guaranteed service levels ensure your applications and/or services are always online and accessible. 7

9. Anywhere Access Cloud-based IT services let you access your applications and data securely from any location via an internet connection. It s easier to collaborate too; with both the application and the data stored in the cloud, multiple users can work together on the same project, share calendars and contacts etc. It has been pointed out that if your internet connection fails, you will not be able to access your data. However, due to the anywhere access nature of the cloud, users can simply connect from a different location so if your office connection fails and you have no redundancy, you can access your data from home or the nearest Wi-Fi enabled point. Because of this, flexible / remote working is easily enabled, allowing you to cut overheads, meet new working regulations and keep your staff happy. 10. Technical Support A good cloud computing provider will offer round the clock technical support. Think Grid customers, for instance, are assigned one of our support pods, and all subsequent contact is then handled by the same small group of skilled engineers, who are available 24/7. This type of support model allows a provider to build a better understanding of your business requirements, effectively becoming an extension of your team. 11. Disaster recovery / backup Recent research has indicated that around 90% of businesses do not have adequate disaster recovery or Business continuity plans, leaving them vulnerable to any disruptions that might occur. Providers like ThinkGrid can provide an array of disaster recovery services, from cloud backup (allowing you to store important files from your desktop or office network within their data centre s) to having ready-to-go desktops and services in case your business is hit by problems. Hosted Desktops (or Hosted VDI) from ThinkGrid, for example, mean you don t have to worry about worry about data backup or disaster recovery, as this is taken care of as part of the service. Files are stored twice at different remote locations to ensure that there's always a copy available 24 hours a day, 7 days per week. Concerned about security Many companies that are considering adopting cloud computing raise concerns over the security of data being stored and accessed via the internet. What a lot of people don t realise is that good vendors adhere to strict privacy policies and sophisticated security measures, with data encryption being one example of this. Companies can choose to encrypt data before even storing it on a third-party provider s servers. As a result, many cloud-computing vendors offer greater data security and confidentiality than companies that choose to store their data in-house. However, not all vendors will offer the same level of security. It is recommended that anyone with concerns over security and access should research vendors' policies before using their services. Technology analyst and consulting firm Gartner lists seven security issues to bear in mind when considering a particular vendor s services: 1. Privileged user access enquire about who has access to data and about the hiring and management of such administrators 2. Regulatory compliance makes sure a vendor is willing to undergo external audits and/or security Certifications. 3. Data location ask if a provider allows for any control over the location of data 4. Data segregation make sure that encryption is available at all stages and that these "encryption Schemes were designed and tested by experienced professionals". 5. Recovery find out what will happen to data in the case of a disaster; do they offer complete 8

Restoration and, if so, how long that would take. 6. Investigative Support inquire whether a vendor has the ability to investigate any inappropriate or illegal activity 7. Long-term viability ask what will happen to data if the company goes out of business; how will data be returned and in what format Generally speaking, however, security is usually improved by keeping data in one centralised location. In high security data centre s like those used by Think Grid, security is typically as good as or better than traditional systems, in part because providers are able to devote resources to solving security issues that many customers cannot afford. 9

Chapter 2 Web Application In earlier computing models, e.g. in client-server, the load for the application was shared between code on the server and code installed on each client locally. In other words, an application had its own client program which served as its user interface and had to be separately installed on each user's personal computer. An upgrade to the server-side code of the application would typically also require an upgrade to the client-side code installed on each user workstation, adding to the support cost and decreasing productivity. A web based application is a software package that can be accessed through the web browser. The software and database reside on a central server rather than being installed on the desktop system and is accessed over a network. Web based applications are the ultimate way to take advantage of today's technology to enhance your organizations productivity & efficiency. Web based application gives you an opportunity to access your business information from anywhere in the world at anytime. It also facilitates you to save time & money and improve the interactivity with your customers and partners. It allow your administration staff to work from any location and sales staff to access information remotely 24 hours a day, 7 days a week. With a computer connected to the Internet, a web browser and the right user name and password you can access the systems from any location. Web-based applications are easy to use and can be implemented without interrupting your existing work process. Whether you need a content managed solution or an e-commerce system, we can develop a customized web application that fulfills your business requirements. The Pros and Cons of Cloud Service Development Why would you choose to develop new applications using the cloud services model? There are several good reasons to do and a few reasons to be, perhaps, a bit more cautious. Advantages of Cloud Development One of the underlying advantages of cloud development is that of economy of scale. By taking advantage of the infrastructure provided by a cloud computing vendor, a developer can offer better, cheaper, and more reliable applications than is possible within a single enterprise. The application can utilize the full resources of the cloud, if needed without requiring a company to invest in similar physical resources. Speaking of cost, because cloud services follow the one-to-many model, cost is significantly reduced over individual desktop program deployment. Instead of purchasing or licensing physical copies of software programs (one for each desktop), cloud applications are typically rented, priced on a per-user basis. It s more of a subscription model than an asset purchase (and subsequent depreciation) model, which means there s less up-front investment and a more predictable monthly expense stream. IT departments like cloud applications because all management activities are managed from a central location rather than from individual sites or workstations. This enables IT staff to access applications remotely via the web. There s also the advantage of quickly outfitting users with the software they need (known as rapid provisioning), and adding more computing resources as more users tax the system (automatic scaling). When you need more storage space or bandwidth, companies can just add another virtual server from the cloud. It s a lot easier than purchasing, installing, and configuring a new server in their data center. 10

For developers, it s also easier to upgrade a cloud application than with traditional desktop software. Application features can be quickly and easily updated by upgrading the centralized application, instead of manually upgrading individual applications located on each and every desktop PC in the organization. With a cloud service, a single change affects every user running the application, which greatly reduces the developer s workload. Disadvantages of Cloud Development Perhaps the biggest perceived disadvantage of cloud development is the same one that plagues all webbased applications: Is it secure? Web-based applications have long been considered potential security risks. For this reason, many businesses prefer to keep their applications, data, and IT operations under their own control. That said, there have been few instances of data loss with cloud-hosted applications and storage. It could even be argued that a large cloud hosting operation is likely to have better data security and redundancy tools than the average enterprise. In any case, however, even the perceived security danger from hosting critical data and services offsite might discourage some companies from going this route. Another potential disadvantage is what happens if the cloud computing host goes offline. Although most companies say this isn t possible, it has happened. Amazon s EC2 service suffered a massive outage on February 15, 2008, that wiped out some customer application data. (The outage was caused by a software deployment that erroneously terminated an unknown number of user instances.) For clients expecting a safe and secure platform, having that platform go down and your data disappear is a somewhat rude awakening. And, if a company relies on a thirdparty cloud platform to host all of its data with no other physical backup, that data can be at risk. Types of Cloud Service Development The concept of cloud services development encompasses several different types of development. Let s look at the different ways a company can use cloud computing to develop its own business applications. Software as a Service Software as a service, or SaaS, is probably the most common type of cloud service development. With SaaS, a single application is delivered to thousands of users from the vendor s servers. Customers don t pay for owning the software; rather, they pay for using it. Users access an application via an API Accessible over the web. Each organization served by the vendor is called a tenant, and this type of arrangement is called a multitenant architecture. The vendor s servers are virtually partitioned so that each organization works with a customized virtual application instance. For customers; SaaS requires no upfront investment in servers or software licensing. For the application developer, there is only one application to maintain for multiple clients. Many different types of companies are developing applications using the SaaS model. Perhaps the bestknown SaaS applications are those offered by Google to its consumer base. 11

Platform as a Service In this variation of SaaS, the development environment is offered as a service. The developer uses the building blocks of the vendor s development environment to create his own custom application. It s kind of like creating an application using Legos; building the app is made easier by use of these predefined blocks of code, even if the resulting app is somewhat constrained by the types of code blocks available. Web Services A web service is an application that operates over a network typically, over the Internet. Most typically, a web service is an API that can be accessed over the Internet. The service is then executed on a remote system that hosts the requested services. This type of web API lets developers exploit shared functionality over the Internet, rather than deliver their own full-blown applications. The result is a customized webbased application where a large hunk of that application is delivered by a third party, thus easing development and bandwidth demands for the custom program. A good example of web services are the mashups created by users of the Google Maps API. With these custom apps, the data that feeds the map is provided by the developer, where the engine that creates the map itself is provided by Google. The developer doesn t have to code or serve a map application; all he has to do is hook into Google s web API. As you might suspect, the advantages of web services include faster (and lower-cost) application development, leaner applications, and reduced storage and bandwidth demands. In essence, web services keep developers from having to reinvent the wheel every time they develop a new application. By reusing code from the web services provider, they get a jump-start on the development of their own applications. On-Demand Computing As the name implies, on-demand computing packages computer resources (processing, storage, and so forth) as a metered service similar to that of a public utility. In this model, customers pay for as much or as little processing and storage as they need. Companies that have large demand peaks followed by much lower normal usage periods particularly benefit from utility computing. The company pays more for their peak usage, of course, but their bills rapidly decline when the peak ends and normal usage patterns resume. Clients of on-demand computing services essentially use these services as offsite virtual servers. Instead of investing in their own physical infrastructure, a company operates on a pay-as-you-go plan with a cloud services provider. On-demand computing itself is not a new concept, but has acquired new life thanks to cloud computing. In previous years, on-demand computing was provided from a single server via some sort of time-sharing arrangement. Today, the service is based on large grids of computers operating as a single cloud. Discovering Cloud Services Development Services and Tools As you re aware, cloud computing is at an early stage of its development. This can be seen by observing the large number of small and start-up companies offering cloud development tools. In a more established industry, the smaller players eventually fall by the wayside as larger companies take center stage. 12

That said, cloud services development services and tools are offered by a variety of companies, both large and small. The most basic offerings provide cloud-based hosting for applications developed from scratch. The more fully featured offerings include development tools and pre-built applications that developers can use as the building blocks for their own unique web-based applications. So let s settle back and take a look at who is offering what in terms of cloud service development. It s an interesting mix of companies and services. Amazon That s right, Amazon, one of the largest retailers on the Internet, is also one of the primary providers of cloud development services. Think of it this way: Amazon has spent a lot of time and money setting up a multitude of servers to service its popular website, and is making those vast hardware resources available for all developers to use. Google App Engine Google is a leader in web-based applications, so it s not surprising that the company also offers cloud development services. These services come in the form of the Google App Engine, which enables developers to build their own web applications utilizing the same infrastructure that powers Google s powerful applications. The Google App Engine provides a fully integrated application environment. Using Google s development tools and computing cloud, App Engine applications are easy to build, easy to maintain, and easy to scale. IBM It s not surprising, given the company s strength in enterprise-level computer hardware, that IBM is offering a cloud computing solution. The company is targeting small- and medium-sized businesses with a suite of cloud-based on demand services via its Blue Cloud initiative. Blue Cloud is a series of cloud computing offerings that enables enterprises to distribute their computing needs across a globally accessible resource grid. One such offering is the Express Advantage suite, which includes data backup and recovery, email continuity and archiving, and data security functionality some of the more data-intensive processes handled by a typical IT department. 13

Chapter 3 Cloud Server Virtualisation Virtualization abstracts the underlying physical structure of various technologies. Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources Server virtualization Creates multiple isolated environments Allows multiple OS s and workloads to run on the same physical hardware Solves the problem of tight coupling between OS s and hardware You Know Virtualization Is Real When It Makes It to delibert The Traditional Server Concept The Virtual Server Concept 14

Virtual Machines Virtual machines provide: Hardware independence Guest VM sees the same hardware regardless of the host hardware Isolation VM s operating system is isolated from the host operating system Encapsulation Entire VM encapsulated into a single file Benefits of Virtualization Simplified administration Software Development Hardware independence/portability Testing / Quality Assurance Increased hardware utilization Product evaluations /demonstrations Server consolidation Training Decreased provisioning times Disaster Recovery Improved security Server Consolidation 15

Top Reasons for Virtualization 1 Reduce Physical Infrastructure Cost (E.g. Power & Cooling) Minimize Lost Revenue Due to downtime Virtualization Reduce Energy Consumption Highest consolidation rates on most secure and reliable virtualization platform Safely improve utilization rates 80% energy reduction Dynamic server and storage migration Power off unneeded servers in real-time Migrate storage dynamically 25% energy reduction Host desktop PCs in the datacenter Use thin clients; double refresh cycle Reduce storage for similar desktop images 70% energy reduction 16

Virtualisation software Available Today VMware VMware released ESX and GSX 1.0 in 2001. Virtual Center released in 2003. Has the most experience Is the farthest along Very mature product suite Focus is on integrating IT process automation around virtualization Citrix Citrix Xenserver acquired Xensource on August 15 th, 2007 Has working low cost server virtualization solution Focus is on client virtualization Microsoft Microsoft Hyper-V (formerly Windows Server Virtualization ) Standalone version released in October 2008 Real solution (one with HA) has been out since August 2009. What is Available from VMware VMware s vsphere Key Features Market Leader Virtualizes 54 Guest OSs Server virtualization solution with HA and load balancing Enhanced vmotion Memory Over commit Transparent Page Sharing Patch Management Fault Tolerance built in Modernizing the Desktop Virtual Desktop Infrastructure Certified on over 450 servers FC, iscsi, NFS Supported Power Management Distributed switch Supports storage management Storage vmotion 17

The Disadvantages of Virtualization Virtualization may not work well for: Resource-intensive applications VMs may have RAM/CPU/SMP limitations Performance testing Hardware compatibility testing Specific hardware requirements Custom hardware devices Some hardware architectures or features are impossible to virtualized Certain registers or state not exposed Unusual devices and device control Clocks, time, and real-time behavior Server Virtualization Techniques There are three ways to create virtual servers: full virtualization, Para - Virtualization and OS-level virtualization. They all share a few common traits. The physical server is called the host. The virtual servers are called guests. The virtual servers behave like physical machines. Each system uses a different approach to allocate physical server resources to virtual server needs. Full virtualization - uses a special kind of software called a hypervisor. The hypervisor interacts directly with the physical server's CPU and disk space. It serves as a platform for the virtual servers' operating systems. The hypervisor keeps each virtual server completely independent and unaware of the other virtual servers running on the physical machine. Each guest server runs on its own OS -- you can even have one guest running on Linux and another on Windows. The hypervisor monitors the physical server's resources. As virtual servers run applications, the hypervisor relays resources from the physical machine to the appropriate virtual server. Hypervisors have their own processing needs, which mean that the physical server must reserve some processing power and resources to run the hypervisor application. This can impact overall server performance and slow down applications. Para-virtualization - Approach is a little different. Unlike the full virtualization technique, the guest servers in a para-virtualization system are aware of one another. A para-virtualization hypervisor doesn't need as much processing power to manage the guest operating systems, because each OS is already aware of the demands the other operating systems are placing on the physical server. The entire system works together as a cohesive unit. OS-level virtualization - Approach doesn't use a hypervisor at all. Instead, the virtualization capability is part of the host OS, which performs all the functions of a fully virtualized hypervisor. The biggest limitation of this approach is that all the guest servers must run the same OS. Each virtual server remains independent from all the others, but you can't mix and match operating systems among them. Because all the guest operating systems must be the same, this is called a homogeneous environment. Which method is best? That largely depends on the network administrator's needs. If the administrator's physical servers all run on the same operating system, then an OS-level approach might work best. OS-level systems tend to be faster and more efficient than other methods. On the other hand, if the administrator is running servers on several different operating systems, para-virtualization might be a better choice. One 18

potential drawback for para-virtualization systems is support -- the technique is relatively new and only a few companies offer para-virtualization software. More companies support full virtualization, but interest in paravirtualization is growing and may replace full virtualization in time. VPS (Virtual Private Server) A VPS, or Virtual Private Server, is a logical segment of a physical machine set aside for the exclusive use of a single business or other type of entity. Although a single server can run several VPS configurations, each segment offers the same functionality that a dedicated server would provide. What is VPS Hosting? Most small to medium-sized businesses prefer to use web hosting services instead of maintaining a proprietary, in-house server room for most, if not all, of their computing needs. Instead of making do with outdated machines or dealing with expensive upgrades, out-sourced hosting allows both individuals and organizations to have the use of state-of-the-art equipment with 24/7 support for a mere fraction of the cost. In the past, interested clients had two choices in the hosting realm: shared or dedicated. Shared hosting is exactly what it sounds like. Multiple clients use a single server to run a variety of applications. While this works well in theory, individual systems were often impacted when another application on the shared server used more than its fair share of bandwidth, storage space, or CPU cycles. A dedicated server eliminates this problem by providing an individual server for each client. However, this option can be very expensive for anyone on a tight budget. Virtualization through VPS hosting bridges the gap between shared and dedicated hosting by providing an affordable solution to allow clients to share a physical machine without the ability to impact neighboring systems. How Does a VPS Work? To create a Virtual Private Server, hosting companies often use the following two methods to partition the machines: Hypervisor Also known as a virtual machine manager, or VMM, the hypervisor manages, or supervises, the resources of the virtual servers to allow multiple OS installations to run on the same physical machine. Popular hypervisor virtualization solutions include VMware ESX, Microsoft Hyper-V, Xen, and KVM. Container This mode is also known as operating system-level virtualization or a kernel-based system. In this method, separate containers, or user spaces, are created for each VPS. Popular container virtualization solutions include Parallels Virtuozzo and OpenVZ. In some cases, a Virtual Private Server is called a VDS, or virtual dedicated server. However, the terms refer to the same concept where one physical machine is configured to function like multiple servers dedicated to meet each customer s individual needs with the same level of privacy and configuration options as a true independent server. 19

VPS is like Your Own Server A Virtual Private Server makes system provisioning quick and easy. When the need arises, simply let your VPS hosting service know that you need to expand or contract the resources allocated for your system. In most cases, the adjustment can be made immediately. Some VPS Hosting providers have self-service features that allow you to make these adjustments yourself for the fastest results possible. Resources that can be expanded or contracted on demand include: RAM / Memory CPU Disk Space / Hard Disk Bandwidth IP Addresses VPS (Virtual Private Server) and the Cloud Cloud hosting involves spreading resources across multiple servers at one or more remote locations. The user doesn t know where or how the information is stored but is fully aware that the system or stored data is easily accessible at any time. Because the typical client is sharing large banks of servers with other customers, the cloud is inherently virtualized, just like a VPS. Using a VPS now will help ease your transition to cloud hosting services in the future as this new technology matures because your logical process will already be separated from the physical hardware needs. 20

Chapter 4 Installing & Configuring Virtual Server Before you left click that mouse to go to that other work related page, wait a few seconds while talking about there is a ton of hyped up, blown out and super hyperventilated information out there about how the cloud makes your life better, reduces your workload and ultimately makes your coffee and butters your toast, not much is said about how the cloud can help your company save or make money. Before starting the explanation, first let s say that there is no such thing as a free lunch and no one gets something for nothing. The cloud, like any other technology or methodology in IT, requires CAPEX investment in order to be effectively utilized and have the desired benefits and ultimately drive OPEX costs down over time (within the ROI horizon) or provide efficiencies that increase revenues. No hocus-pocus, no magic it takes careful thought and some hard work but, yes Virginia, revenue benefits and cost savings do exist in the cloud. Of course you must calculate savings after all implementation expenses are accounted for things like hardware and software acquisition costs, personnel and space requirements, training, etc. Secondly frame this discussion based on an internal, private cloud only (but many of the same characteristics exist for other types of clouds), as I just don t have the space to explicitly differentiate here. Third, compare the costs based on a relatively mature traditional datacenter against the same data center but with a cloud infrastructure implemented and running in a steady-state. A traditional datacenter, in my view, is partially (<30%) virtualized with little to no automation or orchestration and is moderately managed from a holistic perspective. We re all straight now so how we lay out the rest of this post is that we will first describe a couple of scenarios that exist in a traditional datacenter and then explain how they would be done in a cloud infrastructure. Time to Market/Value 1. Traditional: 1. A business owner or LOB owner decides they need an application built that will provide a new revenue stream to the organization so they describe, to a Business Analyst, what they want the application to do in the form of business requirements. 2. The Business Analyst then takes those requirements and translates them to functional requirements (iterating with the Business as to end results required) and then uses those as the basis for the technical requirements which describe the supporting hardware and software (COTS or purpose built). 3. A Technical Analyst or developer uses the technical requirements and produces a series of hardware and software specifications for the procurement of the hardware or software resources required to support the requested application. 4. Once completed, a cost analysis is done to determine the acquisition costs of the hardware, any COTS software, an estimate of in-house developed software, testing and QA of the application, and the eventual rollout. 5. The business analyst then takes that cost analysis and creates an ROI/TCO business case which the Business owner or LOB owner then takes to Senior Management to get the application approved. 6. Upon approval, the application is assigned a project number and the entire package is turned over to Procurement who will then write and farm out an RFP, or, check an approved vendor list, or otherwise go through their processes in order to acquire the hardware and software resources. 21

7. Approximately 8 to 16 weeks from the beginning of the process, the equipment is on the dock and shortly thereafter racked and stacked waiting for the Developer group to begin work on the application. 2. Cloud: 1. A business owner or LOB owner decides they need an application built that will provide a new revenue stream to the organization so they describe, to a Business Analyst, what they want the application to do to in the form of business requirements. 2. The Business Analyst then takes those requirements and translates them to functional requirements (iterating with the Business as to end results required) and then uses those as the basis for the technical requirements which describe the supporting hardware and software. 3. A Technical Analyst or developer uses the technical requirements and produces a series of hardware and software configurations required to support the requested application. 4. Once completed, a cost analysis is done to determine the start-up and monthly utilization costs (chargeback details), an estimate of any in-house developed software, testing/qa, and the eventual rollout of the application. 5. The business analyst then takes that cost analysis and creates an ROI/TCO business case which the business owner or LOB owner then takes to Senior Management to get the application approved. 6. Upon approval notification, the Developer group accesses a self-service portal where they select the required resources from a Service Catalog. The resources are ready within a few hours. 7. Approximately 3 to 6 weeks from the beginning of the process (up to 10 weeks earlier than a traditional datacenter), the computing resources are waiting for the Developer group to begin work on the application. 3. Savings/Benefit: 1. If the potential revenue from the proposed application is $250,000 a week (an arbitrary, round number), then having that application ready up to 10 weeks earlier means an additional $2,500,000 in revenue. NOTE: The greater the disparity of resource availability, traditional versus cloud infrastructure, the greater the potential benefit. Hardware Acquisition 4. Traditional: 1. A business owner or LOB owner decides they need an application built that will provide a new revenue stream to the organization so they describe, to a Business Analyst, what they want the application to do in the form of business requirements. 2. The Business Analyst then takes those requirements and translates them to functional requirements (iterating with the Business as to end results required) and then uses those as the basis for the technical requirements which describe the supporting hardware and software (COTS or purpose built). 3. A Technical Analyst or developer uses the technical requirements and produces a series of hardware and software specifications for the procurement of the hardware or software resources required to support the requested application. The hardware specifications are based on the predicted PEAK load of the application plus a margin of safety (overhead) to ensure application stability over time. 4. That safety margin could be between 15% and 30% which effectively means that the procurement of the equipment is always aligned to the worst case scenario (peak processing/peak bandwidth/peak I/O) so for every application, the most expensive hardware configuration has to be specified. 22

5. Cloud: 1. A business owner or LOB owner decides they need an application built that will provide a new revenue stream to the organization so they describe, to a Business Analyst, what they want the application to do in the form of business requirements. 2. The Business Analyst then takes those requirements and translates them to functional requirements (iterating with the Business as to end results required) and then uses those as the basis for the technical requirements which describe the supporting hardware and software (COTS or purpose built). 3. A Technical Analyst or developer uses the technical requirements and produces a series of hardware and software configurations required to support the requested application. 4. The required configurations for the cloud infrastructure compute resources are documented and given to the developer group. 6. Savings/Benefit: Because the hardware resources within the cloud infrastructure are abstracted and managed apart from the actual hardware, equipment specifications no longer drive procurement decisions. The standard becomes the lowest-cost, highest quality commodity class of server versus the individually specified purpose built (highest cost) class of server thus saving approximately 15%-50 of ongoing server hardware costs. NOTE: I mentioned this earlier but think it needs to be said again: savings become real after all cloud infrastructure implementation costs are recovered. These are just two examples of where an internal cloud can specifically help an organization derive direct revenue benefit or cost savings (there are many more). But, as always, it depends on your environment, what you want to do, how much you want to spend, and how long you want to take to get there. Cloud computing server architecture: Designing for cloud A server is one of those industry terms whose definition is broadly understood yet at the same time ambiguous. Yes, "server" means a computing platform on which software is hosted and from which client access is provided. However, the generalizations end there. Not only are there many different vendors that manufacture servers, but there are also a variety of server architectures, each with its own requirements. A mail server, a content server, a Web server and a transaction server might all need a different mixture of compute, network and storage resources. The question for many providers is: What does a cloud computing server need? The answer will depend on the target market for the cloud service and how that market is reflected in the applications users will run. Servers provide four things: compute power from microprocessor chips, memory for application execution, I/O access for information storage and retrieval, and network access for connecting to other resources. Any given application will likely consume each of these resources to varying degrees, meaning applications can be classified by their resource needs. That classification can be combined with cloud business plans to yield a model for optimum cloud computing server architecture. For a starting point in cloud computing server architectures, it's useful to consider the Facebook Open Compute project's framework. Facebook's social networking service is a fairly typical large-scale Web/cloud application, and so its specific capabilities are a guide for similar applications. We'll also discuss how these capabilities would change for other cloud applications. 23

Cloud computing servers needs may not align with facebook Open Compute The Open Compute baseline is a two- socket design that allows up to 12 cores per socket in the Version 2.x designs. Memory capacity depends on the dual inline memory modules (DIMMs) used, but up to 256 GB is practical. The design uses a taller tower for blades to allow for better cooling with large lower-powered fans. Standard serial advanced technology attachment (SATA) interfaces are provided for storage and Gigabit Ethernet is used for the network interface. Facebook and the Open Compute project claim a 24% cost of ownership advantage over traditional blade servers. Backup power is provided by 48-volt battery systems, familiar for those who have been building to the telco Network Equipment Building System (NEBS) standard. The Open Compute reference has a high CPU density, which is why a higher tower and good fans are important. However, many cloud applications will not benefit from this high of a CPU density for several reasons: Some cloud providers may not want to concentrate too many users, applications or virtual machines onto a single cloud computing server for reliability reasons. The applications running on a cloud computing server may be constrained by the available memory or by disk access, and the full potential of the CPUs might not be realized. The applications might be constrained by network performance and similarly be unable to fully utilize the CPUs/cores that could be installed. If any of these constraints apply, then it may be unnecessary to consider the higher cooling potential of the Open Compute design, and shorter towers may be easier to install to support a higher overall density of cloud computing servers. How storage I/O affects cloud computing server needs The next consideration for cloud computing server architecture is storage. Web applications typically don t require a lot of storage and don't typically make large numbers of storage I/O accesses per second. That's important because applications that are waiting on storage I/O are holding memory capacity while they wait. Consider using larger memory configurations for cloud applications that are more likely to use storage I/O frequently to avoid having to page the application in and out of memory. Also, it may be difficult to justify the maximum number of CPUs/cores for applications that do frequent storage I/O, as CPU usage is normally minimal when an application is waiting for I/O to complete. A specific storage issue cloud operators may have with the Open Compute is the storage interface. Web applications are not heavy users of disk I/O, and SATA is best suited for dedicated local server access rather than storage pool access. Additionally, it is likely that a Fibre Channel interface would be preferable to SATA for applications that demand more data storage than typical Web servers -- including many of the Platforms as a Service (PaaS) offerings that will be tightly coupled with enterprise IT in hybrid clouds. Software as a Service (SaaS) providers must examine the storage usage of their applications to determine whether more sophisticated storage interfaces are justified. Cloud computing server guidelines to consider Here are some summary observations for cloud providers looking for quick guidance on cloud computing server architecture: You will need more sophisticated storage interfaces and more installed memory, but likely fewer CPUs/cores for applications that do considerable storage I/O. This means that business intelligence (BI), report generation and other applications that routinely examine many data records based on a single user 24

request will deviate from the Open Compute model. Cloud providers may also need more memory in these applications to limit application paging overhead. Cloud providers will need more CPUs/cores and memory for applications that use little storage -- particularly simple Web applications -- because only memory and CPU cores will limit the number of users that can be served in these applications. Pricing models that prevail for Infrastructure as a Service (IaaS) offerings tend to discourage applications with high levels of storage, so most IaaS services can likely be hosted on Open Compute model servers with high efficiency. PaaS services are the most difficult to map to optimum server configurations, due to potentially significant variations in how the servers will utilize memory, CPU and especially server resources. For SaaS clouds, the specific nature of the application will determine which server resources are most used and which can be constrained without affecting performance. The gold standard for server design is benchmarking. A typical mix of cloud applications running on a maximum-sized, high-performance configuration can be analyzed for resource utilization. The goal is to avoid having one resource type -- CPU capacity, for example-- become exhausted when other resources are still plentiful. This wastes resources and power, lowering your overall return on investment (ROI). By testing applications where possible and carefully monitoring resource utilization to make adjustments, cloud providers can sustain the best ROI on cloud computing servers and the lowest power consumption. That's key in meeting competitive price points while maximizing profits. How can you use the cloud? The cloud makes it possible for you to access your information from anywhere at any time. While a traditional computer setup requires you to be in the same location as your data storage device, the cloud takes away that step. The cloud removes the need for you to be in the same physical location as the hardware that stores your data. Your cloud provider can both own and house the hardware and software necessary to run your home or business applications. This is especially helpful for businesses that cannot afford the same amount of hardware and storage space as a bigger company. Small companies can store their information in the cloud, removing the cost of purchasing and storing memory devices. Additionally, because you only need to buy the amount of storage space you will use, a business can purchase more space or reduce their subscription as their business grows or as they find they need less storage space. One requirement is that you need to have an internet connection in order to access the cloud. This means that if you want to look at a specific document you have housed in the cloud, you must first establish an internet connection either through a wireless or wired internet or a mobile broadband connection. The benefit is that you can access that same document from wherever you are with any device that can access the internet. These devices could be a desktop, laptop, tablet, or phone. This can also help your business to function more smoothly because anyone who can connect to the internet and your cloud can work on documents, access software, and store data. Imagine picking up your Smartphone and downloading a.pdf document to review instead of having to stop by the office to print it or upload it to your laptop. This is the freedom that the Cloud can provide for you or your organization. Configuring Websites in Windows.NET Server/IIS 6.0 At times there might be situations where you need to host your ASP.NET applications from your corporate server or your own machine. A scenario where this might be needed is when you have large amounts of data on your Web site and you are concerned about the big bucks your hosting provider will charge you for disk space, bandwidth and database maintenance. Internet Information Services 6 (IIS 6) can be used for hosting your Web site. IIS 6 is a powerful platform for hosting Web sites. Creating and configuring Web sites and 25

Virtual Directories using IIS are as easy as 1-2-3. In this section we will see how we can create a Website using IIS 6.0 and configure it. Creating a Website The first thing you need before creating a Web site using IIS 6.0 is a unique IP address that identifies your computer on the network. This address takes the form of a string of four numbers separated by periods (.). For your site to be up and running you also need a connection to the Internet. You need to lease a line from an Internet Service Provider (ISP) or a telephone company. When you open IIS Manager in Administrative Tools and select Web sites in the console tree, and right-click on default Web site and open its properties you will find that the IP address for the default Web site is All Unassigned. This means any IP address not specifically assigned to another Web site on the machine opens the Default Web site instead. A typical use for the Default Web site is to display general information like a corporate logo and contact information. Let's assume that we will use the IP address 169.16.13.211 for creating Startvbdotnet.com and C:\Startvbdotnet is the folder where the homepage for this site is located. To create the Start vbdotnet Web site, right-click on the Web Sites node and select New->Web Site to start the Web Site Creation Wizard as shown in the images below. Click next on the Web site creation wizard dialog and type a description for the site as shown in the image below. 26

After typing the description click next to open the dialog where you need to specify the IP address and port number for your Web site. As mentioned above, type 169.16.13.211 in the IP address textbox and 80 in the TCP port textbox. The dialog looks like the image below. Click Next and specify C:\Startvbdotnet as the home directory for the site. Notice the checkbox that says "Allow anonymous access to this Web site". By default, it is checked, which means the Web site which we are creating is accessible by general public on the Internet. If you are creating an intranet site which will be used only by authenticated users then you need to uncheck this checkbox. The image below displays that. Click Next to get to the Web Site Access Permissions dialog. By default, the Read and Run scripts checkboxes are checked which means that your Web site will run scripts such as ASP and is only a read-only Web site where users can't make changes to it. If you want users to download content from your Web site, modify it and upload the modified content then you need to check the Write checkbox. The image below displays that. 27

Click Next and then Finish to create the new Web site. The image below displays the new Web site which we created in IIS. Virtual Directories A virtual directory is a friendly name, or alias, either for a physical directory on your server hard drive that does not reside in the home directory, or for the home directory on another computer. Because an alias is usually shorter in length than the path of the physical directory, it is more convenient for users to type. The use of aliases is also secure because users do not know where your files are physically located on the server and therefore cannot use that information to modify your files. Aliases also make it easier for you to move directories in your site. Rather than changing the URL for the directory, you change the mapping between the alias and the physical location of the directory. You must create virtual directories if your Web site contains files that are located in a directory other than the home directory, or on other computer's hard drive. To use a directory on another computer, you must specify the directory's Universal Naming Convention (UNC) name, and provide a user name and password for access rights. Also, if you want to publish content from any directory not contained within your home directory, you must create a virtual directory. Creating a Virtual Directory Let's say Start vbdotnet keeps their contacts in a folder called C:\StartvbdotnetContacts on their web server and would like users to be able to use the URL http://169.16.13.211/contacts when they need to access contact information. To do this we need to create a virtual directory that associates the /contacts portion of the URL, the alias for the virtual directory, with the physical directory C:\StartvbdotnetContacts where these documents are actually located. 28

To create a new virtual directory, right-click on Start vbdotnet Web site and select New->Virtual Directory to start the Virtual Directory Creation Wizard. The images below display that. Click Next and type the alias for the virtual directory, say, contacts as shown in the image below. Click Next and specify the physical folder on the local server to map to this alias. The physical folder on the server is C:\StartvbdotnetContacts. The image below shows that. Click Next and specify permissions for this Virtual Directory as shown in the image below. 29

Click next and finish the virtual directory creation wizard. The images below display the result. You can see the new virtual directory, contacts, with a gear symbol in the IIS wizard. When users type http://169.16.13.211/contacts in their browser they will be shown a page with contact information for Start vbdotnet Web site. What actually happens is the content comes from a directory located outside the Web site directory but the address bar in the browser shows that the directory is part of the Web. Controlling Access to Web Site Now that we created a Web site and a virtual directory we will look at some of the administrative tasks that are required to control the Web site. The settings in this article apply only to Start vbdotnet Web site which we created in IIS and not to all Web sites under IIS. The procedure is same if you want to set the properties for all Web sites. If you want to set the following properties for all Web sites under IIS then you need to right-click on Web Sites in IIS and select properties from the menu and follow the steps which are mentioned. When you right-click on the Start vbdotnet Web site in IIS and select properties, the properties window that is displayed looks like the image below. 30

As you might notice from the above image the dialog box displays information as tabs, all of which are discussed below. Web Site Information (Web Site Tab) By defaut, the Web site tab is displayed when you rightclick and select properties for any of the Web sites in IIS. The information under Web site tab is discussed below. Web site identification The Web site identification part displays general information like the description of the Website, IP address and the port number it is using. Connections Connection timeout Connection timeouts are used to reduce the amount of memory resources that are consumed by idle connections. Time-out settings also allow you to specify how long server resources are allocated to specific tasks or clients. The default connection timeout setting set by IIS is 120 seconds which means that when a visitor accesses your site and has no activity on your site for 2 mins his connection will be timed out. Enable HTTP Keep-Alives Most Web browsers request that the server keep the client connection open while the server sends multiple elements like.htm files and.gif or.jpeg files to the client. Keeping the client connection open in this way is referred to as an HTTP Keep-Alive. Keep-Alive is an HTTP specification that improves server performance. HTTP Keep - Alives is enabled by default in IIS. Enable Logging The logging feature allows you to collect information about user activity on your site. Information such as who has visited your site, what the visitor viewed, and when the information was last viewed, etc, can be collected with this feature. The default logging format is the W3C Extended Log File Format. You can also change the logging format based on your preferences. To change the logging format you need to make a selection from the active log format drop-down list. To set how often you want your new log file to be created click the properties button to open the Logging Properties dialog as shown in the image below. The Logging Properties dialog shown in the image above allows you to record log information on an hourly basis or daily or weekly or monthly basis or based on file size. If you select the Weekly option then a log file is created once every week. You can also change the location of the log file on your server in the Logging Properties dialog. 31

Performance (Performance Tab) The Performance tab let's you control the performance of your Web site, like, setting the amount of bandwidth per second and allowing the number of simultaneous connections accessing the Web site at a given time. The dialog looks like the image below. Bandwidth throttling If the network or Internet connection used by our Web server is also used by other services such as e-mail, then we might want to limit the bandwidth used by our Web server so that it is available for those other services. If our Web server hosts more than one Web site, you can individually throttle the bandwidth used by each site. By default, bandwidth throttling is disabled. If you want to enable it, check the checkbox and enter the bandwidth you want in kbps. Web site connections Connection limits restrict the number of simultaneous client connections to our Web site. Limiting connections not only conserves memory but also protects against malicious attacks designed to overload our Web server with thousands of client requests. By default, unlimited connections are allowed. If you want to limit the number of connections then you need to select the "Connections limited to" radio button and enter the number of connections you want to access your site at a given time. Home Directory The Home Directory tab in the properties dialog for the Web site is displayed below. As you can see from the image above, the content for this Web site comes from the local path on the server. If you want the content for this Web site to come from another computer located on a network you need to select the radio button which says "A share located on another computer" and enter the computer on the network. Redirecting Sometimes when your site is experiencing technical difficulties or if you are doing maintenance you need to redirect visitors to another site or to another page informing what is going on. IIS lets you redirect a Web site to a different file or folder on the same machine or to an URL on the Internet. To configure redirection you need to select the "A redirection to a URL" radio button under the home directory and choose the redirection option you want to use and specify the path as shown in the image below. 32

Controlling Access to Web Site Custom Errors You can configure Internet Information Services (IIS) to send default HTTP 1.1 error messages or custom error messages. Custom error messages can be mapped to a file name or to a URL. The image below displays Custom Errors dialog. You can also configure your own custom error messages. To do that, click the HTTP error that you want to change, and then click Edit to open the Edit Custom Error Properties dialog as shown in the image below. 33

To configure your own custom error, in the Message Type list box, click either File to return a custom error file or URL to direct the request to a custom error URL on the local machine. Note that you cannot customize the following errors: 400, 403.9, 411, 414, 500, 500.11, 500.14, 500.15, 501, 503, and 505. Documents (Documents Tab) The Documents dialog is displayed in the image below. Enable default content page The enable default content page lets you designate the default page for your Web site. You can specify names such as index.aspx, default.aspx, login.aspx, etc. To add a new type you need to click the Add button and add the file which you want to be displayed to your users when they first enter your site. Enable document footer The enable document footer option lets you add a HTML formatted footer to each and every document on your site. By default, it is disabled. HTTP Headers (HTTP Headers Tab) The HTTP Headers dialog looks like the image below. 34

Enable content expiration By default, this is disabled. If you enable content expiration and set a date then the content on your site expires after the set date. If you notice from the above image, the content for Start vbdotnet is set to expire on Tuesday, February 23, 2010 at 12 AM. Content rating Content rating allows classifying your site from four predefined values which are Violence, Sex, Nudity and Language. By default, content rating is disabled. To enable content rating, click the edit Ratings button to open the Content Ratings dialog as shown in the image below. 35

In the Content Ratings dialog, enable the checkbox which says Enable ratings for this content and select a category under which your site falls and drag the track bar to indicate the level of the rating. You can also include an email address for contact and set an expiration date for this content as shown in the image above. Directory Security (Directory Security Tab) The Directory Security dialog looks like the image below. Authentication and access control Authentication and access control allows us to setup access to our site using Authentication Methods. If you click the Edit button the Authentication Methods dialog that is displayed looks like the image below. 36

By default, the enable anonymous access checkbox is checked which means that your site will be accessed by everyone using the IUSR_COMPUTERNAME (default IIS account). If you want to enforce restrictions and want users to be authenticated before they access your site you need to set it in this dialog. IP address and domain name restrictions The IP address and domain name restrictions allows us to grant or deny access to users based on their IP address. If you click the Edit button the IP Address and Domain Name Restrictions dialog that is displayed looks like the image below. By default, all computers will be granted access. If you want to deny/block a particular user or a group of computers then you need to select the Denied access radio button and click the Add button to open the Grant Access dialog as shown in the image below. If you want to block a single computer enter the IP address of the machine and click OK. If you want to deny a group of computers then select the Group of computers radio button and enter the network address and Subnet mask number to deny that group. If you want to deny users based on a domain name the select the Domain name option and enter the domain name. Starting and Stopping Web site You can start and stop a Web site in IIS manager. To start a Web site, select the Web site, rightclick on it and from the menu select start/stop as shown below. 37

Application programming interface (API) An application programming interface (API) is a specification intended to be used as an interface by software components to communicate with each other. An API may include specifications for routines, data structures, object classes, and variables. An API specification can take many forms, including an International Standard such as POSIX or vendor documentation such as the Microsoft Windows API, or the libraries of a programming language, e.g. Standard Template Library in C++ or Java API. An API differs from an application binary interface (ABI) in that the former is source code based while the latter is a binary interface. For instance POSIX is an API, while the Linux Standard Base is an ABI. API sharing and reuse via virtual machine Some languages like those running in a virtual machine (e.g..net CLI compliant languages in the Common Language Runtime and JVM compliant languages in the Java Virtual Machine) can share APIs. In this case the virtual machine enables the language interoperation thanks to the common denominator of the virtual machine that abstracts from the specific language using an intermediate byte code and its language binding. Hence this approach maximizes the code reuse potential for all the existing libraries and related APIs. Web APIs When used in the context of web development, an API is typically defined as a set of Hypertext Transfer Protocol (HTTP) request messages, along with a definition of the structure of response messages, which is usually in an Extensible Markup Language (XML) or JavaScript Object Notation (JSON) format. While "Web API" is virtually a synonym for web service, the recent trend (so-called Web 2.0) has been moving away from Simple Object Access Protocol (SOAP) based services towards more direct Representational State Transfer (REST) style communications. Web APIs allow the combination of multiple services into new applications known as mashups. 38

Chapter 5 Virtualisation Virtualization may be a new concept to many; it is actually an old practice at least in the technology world. Virtualization has been used since the 1960s to help maximize the power and potential of mainframe computers. So, how can a 40+ year old technology be applicable today? It s really not the same technology rising from the ashes as much as it s a technology architecture that has found an application in today s IT infrastructure. And its potential for improving IT operations is tremendous. The purpose of this white paper is to provide a primer on virtualization and how it can be used by mid-sized organizations to lower costs and improve operations (the constant goal of IT). In today s highly decentralized IT environment, we often see a one-to-one relationship between server and application (i.e. one application configured for one server). The dramatic drop in the cost of powerful servers has made this practice popular. The ever-swinging pendulum of centralization and decentralization in IT practices is now heading back to a more centralized model. This is where virtualization fits in. So, what is virtualization? At its simplest level, virtualization allows a single computer to do the job of many computers. The term often used is Meta Computer. Why is this important? Virtualization technology can save money and simplify IT operations. Virtualization also represents a technology framework by which all IT infrastructures will run in the future. One of the reasons for this pendulum swing is the opportunity to access the vast amount of surplus capacity that exists in servers today. According to industry analyst International Data Corporation (IDC), typical server deployments show an average utilization as 10%-to-15% of total capacity. That means that 85%-to-90% of the server processing power is not used. Extrapolate this unused capacity out over hundreds and thousands of servers across business and industry and you get a sense of the magnitude of the opportunity. One of the goals of virtualization is to target this unused capacity. Industry Utilisation Utilities provide an excellent model for the challenges IT faces in capturing and managing the unused CPU power available. Managing surplus capacity is a practice electrical utility companies have tackled for decades. Power grids across the country are taxed at different times of the day and year requiring the efficient management of electricity flow. To address this issue, electric utilities create power grids that create redundant paths and lines so that power can be routed from any power plant to any load center, through a variety of routes, based on the economics of the transmission path and the cost of power. The IT industry coined the phrase Utility Computing to define the computing model in which resources (CPU power, storage space, etc.) are 39

made available to the user on an as-needed basis (like a utility grid). The goal of the utility computing model is to maximize the efficient use of computing resources and minimize user costs. Organizations are able to dial up or dial down usage in real time, to meet the varying demands of business. Utility computing uses virtualization as a technology foundation. The business value of virtualization is significant as well. It will allow IT greater flexibility and speed in adapting to changing business requirements. Virtualization An Old IT Practice Revitalized Virtualization was first implemented more than 30 years ago as a way to logically partition mainframe computers into separate virtual machines. This was called multitasking the ability to run multiple applications and processes at the same time. Since mainframes were very expensive, getting the most from the computing power was critical. In the 1990s, client/server computing became the rage. The client/server architecture created a distributed processing environment where transaction processing was split between a server and a desktop computer. So, unlike the mainframe environment where resources were shared centrally, a percentage of the processing was distributed to the desktop. Client/server architectures took advantage of the new more powerful PCs and empowered users to support their own application and business requirements. But, over the next decade, IT found these environments to be difficult-to-manage and difficult-to-control islands of computing. The client/server architecture is a good example of the centralization/decentralization dynamics of the IT world. As soon as users became enabled with desktop spreadsheets, word processing or modules of ERP systems, the IT architecture became decentralized. Security became an overriding issue. Data storage and recovery became a concern. As a result the technology swing is back towards centralization. In effect, we have come full circle back to the future so to speak. The architectural profile, though, is different than before and quite advanced. Understanding the ubiquitous nature of the Internet helps illustrate the concept of virtualization. When you surf the Internet, you have no idea (nor do you care) where a transaction is being processed. If a purchase is made on Amazon or ebay,a user isn t wondering whether that transaction is occurring in San Francisco, Paris or Beijing. The transaction simply happens. This modern day definition of distributed processing means the following: The architecture is multi-tiered Each tier is capable of significant processing power The topology is virtual (cloud) The user is insulated from knowing where a transaction is processed Virtualization Used Today in Industry The framework in which virtualization aligns in today s IT world is much broader than the 1960s. In practical implementation, virtualization can be used for a variety of IT infrastructure challenges. Here are some examples: Machine Virtualization multiple computers acting as one (Meta Computers). Operating System Virtualization enabling multiple isolated and secure virtualized servers to run of a physical server (the same OS kernel is used to implement the guest environments). Application Virtualization using a software virtualization layer to encapsulate a server or desktop application from the local operating system. The application still executes locally using local 40

resources, but without being installed in the traditional sense. Network Virtualization the network is configured to Navigate to virtual devices where processing is completed cross platform. Much of the virtualization technology is accomplished with software. Virtualization creates an abstraction layer (a way of hiding the implementation details of a particular set of functionality) that insulates the business (i.e. transactions) from the structure of the IT architecture. The hiding of this technical detail is called encapsulation. The Benefits of Virtualization The benefits of virtualization reach beyond the ability to take advantage of unused processor capacity. Here are some of those benefits: Resource utilization: virtualization provides economies of scale that allows existing platforms to be better utilized. Infrastructure Cost Reduction: IT can reduce the number of servers and related IT hardware. Application and Network Design Flexibility: Application programmers can design and build distributed applications that span systems and geography. Operational Flexibility: IT administrators can accomplish more with a single stroke in a virtual environment than the support and maintenance of multiple devices. Portability: Virtual machines combined with the encapsulation of virtual data makes it easy to move virtual machines from one environment to another: a. For maintenance b. For replication (disaster recovery) c. For resource utilization System Availability: significant reductions in downtime for system maintenance can be achieved with virtualization. Recovery: in case of disaster, virtualized systems can be recovered more quickly. The Virtual Infrastructure Virtualization of a server or multiple servers is one thing. Designing an entire IT infrastructure for virtualization is another. The next step in this technology and resource consolidation is to virtualize the complete IT infrastructure. This is where the economies of scale become even more favorable. In fact, the broader the implementation scale of virtualization, the benefits listed above grow dramatically. For the virtual infrastructure, we are taking into account the servers, operating systems, applications, network, ata storage, user systems (desktops, remote laptops, etc.) disaster recovery mechanisms and more. The virtual infrastructure represents the design and layout knowledgebase of all components of the infrastructure. The illustration below shows the abstraction layer of the virtualization architecture. Applications and users are insulated from connecting to a specific server. Instead users connect to applications and data stored throughout the network. They don t, and should not have to, be concerned about where the actual transaction is being processed. p p l i c a t i o n A p p l i c a t i o n A p p l i c a o n O p e r a t i n g S y s t e m O p e r a t i n g S y s t e m O p e r a ti n 41

A Companies offering Virtualization Technology 1. VMware Find a major data center anywhere in the world that doesn't use VMware, and then pat yourself on the back because you've found one of the few. VMware dominates the server virtualization market. Its domination doesn't stop with its commercial product, vsphere. VMware also dominates the desktop-level virtualization market and perhaps even the free server virtualization market with its VMware Server product. VMware remains in the dominant spot due to its innovations, strategic partnerships and rock-solid products. 2. Citrix Citrix was once the lone wolf of application virtualization, but now it also owns the world's most-used cloud vendor software: Xen (the basis for its commercial XenServer). Amazon uses Xen for its Elastic Compute Cloud (EC2) services. So do Rackspace, Carpathia, SoftLayer and 1and1 for their cloud offerings. On the corporate side, you're in good company with Bechtel, SAP and TESCO. 3. Oracle If Oracle's world domination of the enterprise database server market doesn't impress you, its acquisition of Sun Microsystems now makes it an impressive virtualization player. Additionally, Oracle owns an operating system (Sun Solaris), multiple virtualization software solutions (Solaris Zones, LDoms and xvm) and server hardware (SPARC). What happens when you pit an unstoppable force (Oracle) against an immovable object (the Data Center)? You get the Oracle-centered Data Center. 4. Microsoft Microsoft came up with the only non-linux hypervisor, Hyper-V, to compete in a tight server virtualization market that VMware currently dominates. Not easily outdone in the data center space, Microsoft offers attractive licensing for its Hyper-V product and the operating systems that live on it. For all Microsoft shops, 42

Hyper-V is a competitive solution. And, for those who have used Microsoft's Virtual PC product, virtual machines migrate to Hyper-V quite nicely. 5. Red Hat For the past 15 years, everyone has recognized Red Hat as an industry leader and open source champion. Hailed as the most successful open source company, Red Hat entered the world of virtualization in 2008 when it purchased Qumranet and with it, its own virtual solution: KVM and SPICE (Simple Protocol for Independent Computing Environment). Red Hat released the SPICE protocol as open source in December 2009. 6. Amazon Amazon's Elastic Compute Cloud (EC2) is the industry standard virtualization platform. Ubuntu's Cloud Server supports seamless integration with Amazon's EC2 services. Engine Yard s Ruby application services leverage Amazon's cloud as well. 7. Google When you think of Google, virtualization might not make the top of the list of things that come to mind, but its Google Apps, AppEngine and extensive Business Services list demonstrates how it has embraced cloudoriented services. Three Kinds of Server Virtualization There are three ways to create virtual servers: full virtualization, Para-virtualization and OS-level virtualization. They all share a few common traits. The physical server is called the host. The virtual servers are called guests. The virtual servers behave like physical machines. Each system uses a different approach to allocate physical server resources to virtual server needs. Full virtualization uses a special kind of software called a hypervisor. The hypervisor interacts directly with the physical server's CPU and disk space. It serves as a platform for the virtual servers' operating systems. The hypervisor keeps each virtual server completely independent and unaware of the other virtual servers running on the physical machine. Each guest server runs on its own OS -- you can even have one guest running on Linux and another on Windows. The hypervisor monitors the physical server's resources. As virtual servers run applications, the hypervisor relays resources from the physical machine to the appropriate virtual server. Hypervisors have their own processing need, which means that the physical server must reserve some processing power and resources to run the hypervisor application. This can impact overall server performance and slow down applications. The Para-virtualization approach is a little different. Unlike the full virtualization technique, the guest servers in a para-virtualization system are aware of one another. A para-virtualization hypervisor doesn't need as much processing power to manage the guest operating systems, because each OS is already aware of the demands the other operating systems are placing on the physical server. The entire system works together as a cohesive unit. An OS-level virtualization approach doesn't use a hypervisor at all. Instead, the virtualization capability is part of the host OS, which performs all the functions of a fully virtualized hypervisor. The biggest limitation of this approach is that all the guest servers must run the same OS. Each virtual server remains independent from all the others, but you can't mix and match operating systems among them. Because all the guest operating systems must be the same, this is called a homogeneous environment. 43

The Challenges of Managing a Virtual Environment While virtualization offers a number of significant business benefits, it also introduces some new management challenges that must be considered and planned for by companies considering a virtualization strategy. The key management challenges for companies adopting virtualization include: Policy-based management Bandwidth implications Image proliferation Security Human issues Some of the other challenges of deploying and managing a virtual environment include: a new level of complexity for capacity planning; a lack of vendor support for applications running on virtual systems; an increased reliance on hardware availability; cost accounting difficulties (i.e. measuring usage not just for physical servers but also for individual parts of a server); an additional layer of monitoring complexity; the potential for significant up-front costs; and an overall increase in the complexity of the IT environment. Policy-Based Management Enterprises should look to deploy automated policy based management alongside their virtualization strategy. Resource management, for example, should include automated policy-based tools for disk allocation and usage, I/O rates, CPU usage, memory allocation and usage, and network I/O. Management tools need to be able to throttle resources in shared environments, to maintain service levels and response times appropriate to each virtual environment. Administrators should be able to set maximum limits, and allocate resources across virtual environments proportionally. Allocations need to have the capability to change dynamically to respond to peaks and troughs in load characteristics. Management tools will also be required to automate physical to virtual, virtual to virtual, and virtual to physical migration. Bandwidth Implications Enterprises should make sure they have the appropriate network bandwidth for their virtualization requirements. For example, instead of one server using a 100Mb Ethernet cable, now 10 or even 100 virtual servers must share the same physical pipe. While less of a problem within the datacenter or for communication between virtual servers running in a single machine, network bandwidth is a significant issue for application streaming and remote desktop virtualization. These technologies deliver quite substantial traffic to end users, in most cases significantly higher than is required for standard-installed desktop computing. Streaming technologies, although in many cases more efficient than complete application delivery, also impose high bandwidth requirements. Image Proliferation Operating system and server virtualization can lead to a rapid proliferation of system images, because it is so much easier and faster to deploy a new virtual image than to deploy a new physical server, without approval or hardware procurement. This can impose very high management and maintenance costs, and potentially lead to significant licensing issues including higher costs and compliance risks. This proliferation also leads to significant storage issues, such as competing I/O and extreme fragmentation, requiring much faster and multichannel disk access, and more maintenance time, effort, and cost. Enterprises need to manage their virtual environment with the same level of discipline as their physical infrastructure, using discovery tools to detect and prevent new systems from being created without following proper process. Security While virtualization can have many worthwhile security benefits, security also becomes more of a management issue in a virtualized environment. There will be more systems to secure, more points of entry, 44

more holes to patch, and more interconnection points across virtual systems (where there is most likely no router or firewall), as well as across physical systems. Access to the host environment becomes more critical, as it will often allow access to multiple guest images and applications. Enterprises need to secure virtual images just as well as they secure physical systems. Human Issues Enterprises should not underestimate the potential for human issues to affect their virtualization plans adversely. Virtualization requires a new set of skills and methodologies, not just within IT, but often (certainly in the case of application and desktop virtualization) in the end-user community. Perhaps most importantly, this new technology requires new and creative thinking, not just new training and skills. 45

Chapter 6 Window Server 2008 Hyper V Hyper-V is a role in Windows Server 2008 and Windows Server 2008 R2 that provides you with the tools and services you can use to create a virtualized server computing environment. This type of environment is useful because you can create and manage virtual machines, which allow you to run multiple operating systems on one physical computer and isolate the operating systems from each other. This guide introduces Hyper-V by providing instructions for installing this role and configuring a virtual machine. Hyper-V has specific requirements. Hyper-V requires an x64-based processor, hardware-assisted virtualization, and hardware data execution prevention (DEP). Hyper-V is available in x64-based versions of Windows Server 2008 specifically, the x64-based versions of Windows Server 2008 Standard, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter. If your computer is running Windows Server 2008, verify that your computer has been updated with the release version of Hyper-V before you install Hyper-V. If your computer is running Windows Server 2008 R2, skip this step. The release version (RTM) of Windows Server 2008 included the pre-release version of Hyper-V. The release version of Hyper-V is offered through Windows Update as a recommended update, Hyper-V Update for Windows Server 2008 x64 Edition (KB950050). However, you also can obtain the update through the Microsoft Download Center. On a full installation of Windows Server 2008, click Start, click Windows Update, click View update history, and then click Installed Updates. On a Server Core installation, at the command prompt, type: wmic qfe list Look for update number kbid=950050, which indicates that the update for Hyper-V has been installed. You can install Hyper-V on either a full installation or a Server Core installation. You can use Server Manager to install Hyper-V on a full installation, as described in the following procedure. To install on a Server Core installation, you must perform the installation from a command prompt. Run the following command: Start /w ocsetup Microsoft-Hyper-V To install Hyper-V on a full installation of Windows Server 2008 1. Click Start, and then click Server Manager. 2. In the Roles Summary area of the Server Manager main window, click Add Roles. 3. On the Select Server Roles page, click Hyper-V. 4. On the Create Virtual Networks page, click one or more network adapters if you want to make their network connection available to virtual machines. Note The type of network you can create in this step is called an external virtual network. If you create it now you can connect the virtual machine to it when you create the virtual machine in Step 2. To create virtual networks later or reconfigure existing networks, see Step 4: Configure virtual networks. 5. On the Confirm Installation Selections page, click Install. 6. The computer must be restarted to complete the installation. Click Close to finish the wizard, and then click yes to restart the computer. 46

7. After you restart the computer, log on with the same account you used to install the role. After the Resume Configuration Wizard completes the installation, click Close to finish the wizard. Step 2: Create and set up a virtual machine After you have installed Hyper-V, you can create a virtual machine and set up an operating system on the virtual machine. Before you create the virtual machine, you may find it helpful to consider the following questions. You can provide answers to the questions when you use the New Virtual Machine Wizard to create the virtual machine. Is the installation media available for the operating system you want to install on the virtual machine? You can use physical media, a remote image server, or an.iso file. The method you want to use determines how you should configure the virtual machine. How much memory will you allocate to the virtual machine? Where do you want to store the virtual machine and what do you want to name it? To create and set up a virtual machine 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. From the Action pane, click New, and then click Virtual Machine. 3. From the New Virtual Machine Wizard, click Next. 4. On the Specify Name and Location page, specify what you want to name the virtual machine and where you want to store it. 5. On the Memory page, specify enough memory to run the guest operating system you want to use on the virtual machine. 6. On the Networking page, connect the network adapter to an existing virtual network if you want to establish network connectivity at this point. Note If you want to use a remote image server to install an operating system on your test virtual machine, select the external network. 7. On the Connect Virtual Hard Disk page, specify a name, location, and size to create a virtual hard disk so you can install an operating system on it. 8. On the Installation Options page, choose the method you want to use to install the operating system: o Install an operating system from a boot CD/DVD-ROM. You can use either physical media or an image file (.iso file). o o 9. Click Finish. Install an operating system from a boot floppy disk. Install an operating system from a network-based installation server. To use this option, you must configure the virtual machine with a legacy network adapter connected to an external virtual network. The external virtual network must have access to the same network as the image server. After you create the virtual machine, you can start the virtual machine and install the operating system. 47

Step 3: Install the guest operating system and integration services In the final step of this process, you connect to the virtual machine to set up the operating system, which is referred to as the guest operating system. As part of the setup, you install a software package that improves integration between the virtualization server and the virtual machine. The instructions in this step assume the following: You specified the location of the installation media when you created the virtual machine. You are installing an operating system for which integration services are available. To install the guest operating system and integration services 1. From the Virtual Machines section of the results pane, right-click the name of the virtual machine you created in step 2 and click Connect. The Virtual Machine Connection tool will open. 2. From the Action menu in the Virtual Machine Connection window, click Start. 3. Proceed through the installation. Notes o o When you are at the point where you need to provide input to complete the process, move the mouse cursor over the image of the setup window. After the mouse pointer changes to a small dot, click anywhere in the virtual machine window. This action "captures" the mouse so that keyboard and mouse input is sent to the virtual machine. To return the input to the physical computer, press Ctrl+Alt+Left arrow and then move the mouse pointer outside of the virtual machine window. After the operating system is set up, you are ready to install the integration services. From the Action menu of Virtual Machine Connection, click Insert Integration Services Setup Disk. On Windows operating systems, you must close the New Hardware Wizard to start the installation. If Autorun does not start the installation automatically, you can start it manually. Click anywhere in the guest operating system window and navigate to the CD drive. Use the method that is appropriate for the guest operating system to start the installation package from the CD drive. After you have completed the setup and integration services are installed, you can begin using the virtual machine. You can view or modify the virtual hardware that is configured for the virtual machine by reviewing the settings of the virtual machine. From the Virtual Machines pane, right-click the name of the virtual machine that you created in step 3 and click Settings. From the Settings window, click the name of the hardware to view or change it. Step 4: Configure virtual networks You can create virtual networks on the server running Hyper-V to define various networking topologies for virtual machines and the virtualization server. There are three types of virtual networks you can create: 1. An external network, which provides communication between a virtual machine and a physical network by creating an association to a physical network adapter on the virtualization server. 2. An internal network, which provides communication between the virtualization server and virtual machines. 3. A private network, which provides communication between virtual machines only. The following procedures provide the basic instructions for configuring virtual networks. 48

To create a virtual network 1. Open Hyper-V Manager. 2. From the Actions menu, click Virtual Network Manager. 3. Under Create virtual network, select the type of network you want to create. The types of network are External, Internal, and Private. If the network you want to create is an external network, see Additional considerations below. 4. Click Add. The New Virtual Network page appears. 5. Type a name for the new network. Review the other properties and modify them if necessary. Note You can use virtual LAN identification as a way to isolate network traffic. However, this type of configuration must be supported by the physical network adapter. 6. Click OK to create the virtual network and close Virtual Network Manager, or click Apply to create the virtual network and continue using Virtual Network Manager. To add a network adapter to a virtual machine 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. In the results pane, under Virtual Machines, select the virtual machine that you want to configure. 3. In the Action pane, under the virtual machine name, click Settings. 4. In the navigation pane, click Add Hardware. 5. On the Add Hardware page, choose a network adapter or a legacy network adapter. Network adapters can only be added to a virtual machine when the machine is turned off. For more information about each type of adapter, see "Additional considerations" below. 6. Click Add. The Network Adapter or Legacy Network Adapter page appears. 7. Under Network, select the virtual network you want to connect to. 8. If you want to configure a static MAC address or virtual LAN identifier, specify the address or identifier you want to use. 9. Click OK. Additional considerations By default, membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. However, an administrator can use Authorization Manager to modify the authorization policy so that a user or group of users can complete this procedure. A legacy network adapter works without installing a virtual machine driver because the driver is already available on most operating systems. The legacy network adapter emulates a physical network adapter, multiport DEC 21140 10/100TX 100 MB. A legacy network adapter also supports networkbased installations because it includes the ability to boot to the Pre-Boot Execution Environment (PXE). The legacy network adapter is not supported in the 64-bit edition of Windows Server 2003 or the Windows XP Professional x64 Edition. When you create an external virtual network, it affects how networking is configured on the physical network adapter. After installation, the management operating system uses a virtual network adapter to connect to the physical network. (The management operating system runs the Hyper-V role.) When you look at Network Connections in the management operating system, you will see the original network adapter and a new virtual network adapter. The original physical network adapter has nothing bound to it except the Microsoft Virtual Network Switch Protocol, and the virtual network adapter 49

now has all of the standard protocols and services bound to it. The virtual network adapter that appears under Network Connections will have the same name as the virtual network with which it is associated. It is possible to create an internal virtual network, which will expose a virtual network adapter to the parent partition without the need to have a physical network adapter associated with it. Hyper-V only binds the virtual network service to a physical network adapter when an external virtual network is created. However, networking will get disrupted for a short period of time on the network adapter when a virtual network gets created or deleted. VHD (virtual hard disk) In Windows 7 and Windows 8, a virtual hard disk can be used as the running operating system on designated hardware without any other parent operating system, virtual machine, or hypervisor. Windows diskmanagement tools, the DiskPart tool and the Disk Management Microsoft Management Console (Diskmgmt.msc), can be used to create a VHD file. A supported Windows image (.WIM) file can be deployed to the VHD and the.vhd file can be copied to multiple systems. The Windows 8 boot manager can be configured to boot directly into the VHD. The.VHD file can also be connected to a virtual machine for use with the Hyper-V Role in Windows Server. Native-boot VHD files are not designed or intended to replace full image deployment on all client or server systems. Enterprise environments already managing and using.vhd files for virtual machine deployment will get the most benefit from the native-boot VHD capabilities. Using the.vhd file as a common image container format for virtual machines and designated hardware simplifies image management and deployment in an enterprise environment. Common Scenarios VHDs with native boot are frequently used in the following scenarios: Using disk-management tools to create and attach a VHD for offline image management. You can attach a VHD by using the Attach vdisk command which activates the VHD so that it appears on the host as a disk drive instead of as a.vhd or.vhdx file. Mounting reference VHD images on remote shares for image servicing. Maintaining and deploying a common reference VHD image to execute in either virtual or physical computers. Configuring VHD files for native boot without requiring a full parent installation. Configuring a computer to boot multiple local VHD files that contain different application workloads, without requiring separate disk partitions. Using Windows Deployment Services (WDS) for network deployment of VHD images to target computers for native boot. Managing desktop image deployment. Requirements Native VHD boot has the following dependencies: The local disk must have at least two partitions: a system partition that contains the Windows 8 bootenvironment files and Boot Configuration Data (BCD) store, and a partition to store the VHD file. The.vhd file format is supported for native boot on a computer with a Windows 7 boot environment, but you will have to update the system partition to a Windows 8 environment to use the.vhdx file format. The local disk partition that contains the VHD file must have enough free disk space for expanding a dynamic VHD to its maximum size and for the page file created when booting the VHD. The page file 50

is created outside the VHD file, unlike with a virtual machine where the page file is contained inside the VHD. Benefits The benefits of native boot capabilities for VHDs include the following: Using the same image-management tools for creating, deploying, and maintaining system images to be installed on designated hardware or on a virtual machine. Deploying an image on a virtual machine or a designated computer, depending on capacity planning and availability. Deploying Windows for multiple boot scenarios without requiring separate disk partitions. Deploying supported Windows images in a VHD container file for faster deployment of reusable development and testing environments. Replacing VHD images for server redeployment or recovery. Limitations Native VHD support has the following limitations: Native VHD disk management support can attach approximately 512 VHD files concurrently. Native VHD boot does not support hibernation of the system, although sleep mode is supported. VHD files cannot be nested. Native VHD boot is not supported over Server Message Block (SMB) shares. Windows BitLocker Drive Encryption cannot be used to encrypt the host volume that contains VHD files that are used for native VHD boot, and BitLocker cannot be used on volumes that are contained inside a VHD. The parent partition of a VHD file cannot be part of a volume snapshot. An attached VHD cannot be configured as a dynamic disk. A dynamic disk provides features that basic disks do not, such as the ability to create volumes that span multiple disks (spanned and striped volumes), and the ability to create fault-tolerant volumes (mirrored and RAID-5 volumes). All volumes on dynamic disks are known as dynamic volumes. The parent volume of the VHD cannot be configured as a dynamic disk. Recommended Precautions The following are recommended precautions for using VHDs with native boot: Use Fixed VHD disk types for production servers, to increase performance and help protect user data. Use Dynamic or Differencing VHD disk types only in non-production environments, such as for development and testing. When using Dynamic VHDs, store critical application or user data on disk partitions that are outside the VHD file, when it is possible. This reduces the size requirements of the VHD. It also makes it easier to recover application or user data if the VHD image is no longer usable due to a catastrophic system shutdown such as a power outage. Types of Virtual Hard Disks Three types of VHD files can be created by using the disk-management tools: Fixed hard-disk image. A fixed hard-disk image is a file that is allocated to the size of the virtual disk. For example, if you create a virtual hard disk that is 2 gigabytes (GB) in size, the system will create a host file approximately 2 GB in size. Fixed hard-disk images are recommended for production servers and working with customer data. 51

Dynamic hard-disk image. A dynamic hard-disk image is a file that is as large as the actual data written to it at any given time. As more data is written, the file dynamically increases in size. For example, the size of a file backing a virtual 2 GB hard disk is initially around 2 megabytes (MB) on the host file system. As data is written to this image, it grows with a maximum size of 2 GB. Dynamic hard-disk images are recommended for development and testing environments. Dynamic VHD files are smaller, easier to copy, and will expand once mounted. Differencing hard-disk image. A differencing hard-disk image describes a modification of a parent image. This type of hard-disk image is not independent; it depends on another hard-disk image to be fully functional. The parent hard-disk image can be any of the mentioned hard-disk image types, including another differencing hard-disk image. 52

Chapter 7 Configuration & Management of Hyper V The Hyper-V role enables you to create a virtualized server computing environment using a technology that is part of Windows Server 2008. This type of environment is useful because you can create and manage virtual machines, which allows you to run multiple operating systems on one physical computer and isolate the operating systems from each other. As a result, you can use a virtualized computing environment to improve the efficiency of your computing resources by utilizing more of your hardware resources. Hyper-V provides software infrastructure and basic management tools that you can use to create and manage a virtualized server computing environment. This virtualized environment can be used to address a variety of business goals aimed at improving efficiency and reducing costs. For example, a virtualized server environment can help you: Reduce the costs of operating and maintaining physical servers by increasing your hardware utilization. You can reduce the amount of hardware needed to run your server workloads. Increase development and test efficiency by reducing the amount of time it takes to set up hardware and software and reproduce test environments. Improve server availability without using as many physical computers as you would need in a failover configuration that uses only physical computers. Hyper-V requires specific hardware. You can identify systems that support the x64 architecture and Hyper-V by searching the Windows Server catalog for Hyper-V as an additional qualification. To install and use the Hyper-V role, you need the following: An x64-based processor. Hyper-V is available in x64-based versions of Windows Server 2008 specifically, the x64-based versions of Windows Server 2008 Standard, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter. Hardware-assisted virtualization. This is available in processors that include a virtualization option specifically, Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V). Hardware-enforced Data Execution Prevention (DEP) must be available and be enabled. Specifically, you must enable the Intel XD bit (execute disable bit) or AMD NX bit (no execute bit). Configure Hyper-V You can configure the server running Hyper-V by modifying Hyper-V settings. You can use these settings to specify where certain files are stored by default and control interactions such as keyboard combinations and logon credentials. There are two categories of Hyper-V settings: Server settings, which specify the default location of virtual hard disks and virtual machines. User settings, which enable you to customize interactions with Virtual Machine Connection, and display messages and wizard pages if you hid them previously. Settings for Virtual Machine Connection include the mouse release key and Windows key combinations. To configure Hyper-V settings 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. In the Actions pane, click Hyper-V Settings. 3. In the navigation pane, click the setting that you want to configure. 53

4. Click OK to save the changes and close Hyper-V Settings, or click Apply to save the changes and configure other settings. Create Virtual Machines The New Virtual Machine Wizard provides you with a simple and flexible way to create a virtual machine. The New Virtual Machine Wizard is available from Hyper-V Manager. When you use the wizard, you have two basic options for creating a virtual machine: You can use default settings to create a virtual machine without proceeding through all the configuration pages of the wizard. This type of virtual machine is configured as follows: Name New Virtual Machine Location The default location configured for the server running Hyper-V Memory 512 MB Network Not connected connection Virtual hard disk Dynamically expanding hard disk with a storage capacity of 127 gigabytes Installation options No media is specified No disks connected to this device. Integration services are required in the guest SCSI controller operating system in order to use this device. Some newer versions of Windows include integration services. You can use settings that you specify on the configuration pages to create a virtual machine that is customized for your needs. To create a default virtual machine 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. From the Action pane, click New, and then click Virtual Machine. 3. On the Before You Begin page, click Finish. Or, if the Specify Name and Location page is the first page that appears, click Finish on that page. To create a customized virtual machine 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. From the Action pane, click New, and then click Virtual Machine. 3. Proceed through the pages of the wizard to specify the custom settings that you want to make. You can click Next to move through each page of the wizard, or you can click the name of a page in the left pane to move directly to that page. 4. After you have finished configuring the virtual machine, click Finish. Create Virtual Hard Disks The New Virtual Hard Disk Wizard provides you with a simple way to create a virtual hard disk. This wizard creates the following types of disks: Fixed virtual hard disk Dynamically expanding virtual hard disk Differencing virtual hard disk 54

Many of the options you can use to customize the virtual hard disk differ depending on the type of virtual hard disk you create. In all cases, the virtual hard disk requires a name and a storage location. To create a virtual hard disk 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. In the Action pane, click New, and then click Hard Disk. 3. Proceed through the pages of the wizard to customize the virtual hard disk. You can click Next to move through each page of the wizard, or you can click the name of a page in the left pane to move directly to that page. 4. After you have finished configuring the virtual hard disk, click Finish. Install a Guest Operating System A guest operating system is the operating system that you install and run in a virtual machine. Before you can install the guest operating system, if you did not specify the location of the installation media when you created the virtual machine, you will need to perform one of the following steps: Obtain the installation media for the operating system and configure the virtual machine to use the CD/DVD drive to access the installation media. If you want to perform a network-based installation, configure the virtual machine to use a legacy network adapter that is connected to an external virtual network. This type of network provides connectivity to a physical network by routing traffic through an external virtual network to a physical network adapter. After you have configured the virtual machine appropriately, you can install the guest operating system. To install the guest operating system 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. Connect to the virtual machine. From the Virtual Machines section of the results pane, using one of the following methods: o Right-click the name of the virtual machine and click Connect. o Select name of the virtual machine. In the Action pane, click Connect. 3. The Virtual Machine Connection tool opens. 4. From the Action menu in the Virtual Machine Connection window, click Start. 5. The virtual machine starts, searches the startup devices, and loads the installation package. 6. Proceed through the installation. Connect to a Virtual Machine Virtual Machine Connection is a tool that you use to connect to a virtual machine so that you can install or interact with the guest operating system in a virtual machine. Some of the tasks that you can perform by using Virtual Machine Connection include the following: Connect to the video output of a virtual machine Control the state of a virtual machine Take snapshots of a virtual machine Modify the settings of a virtual machine 55

Before you begin Virtual Machine Connection is installed automatically when you install the Hyper-V role on a full installation of Windows Server 2008. By default, Virtual Machine Connection uses the same credentials you used to log on to your current Windows session to also establish a session to a running virtual machine. If you want Virtual Machine Connection to use a different set of credentials, you can configure Hyper-V so that you will be prompted for credentials. To connect to a virtual machine from Hyper-V Manager 1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. In the results pane, under Virtual Machines, right-click the name of the virtual machine and click Connect. 3. The Virtual Machine Connection tool opens. Manage Virtual Networks You can create many virtual networks on the server running Hyper-V to provide a variety of communications channels. For example, you can create networks to provide the following: Communications between virtual machines only. This type of virtual network is called a private network. Communications between the virtualization server and virtual machines. This type of virtual network is called an internal network. Communications between a virtual machine and a physical network by creating an association to a physical network adapter on the virtualization server. This type of virtual network is called an external network. As a best practice, we recommend that you provide the physical computer with more than one physical network adapter. Use one physical network adapter to provide virtual machines with an external virtual network, including remote access to the virtual machines. Use the other network adapter for all network communications with the management operating system, including remote access to the Hyper-V role. The management operating system runs the Hyper-V role. You can use Virtual Network Manager to add, remove, and modify the virtual networks. Virtual Network Manager is available from Hyper-V Manager. To add a virtual network 1. Open Hyper-V Manager. 2. From the Actions menu, click Virtual Network Manager. 3. Under Create virtual network, select the type of network you want to create. 4. Click Add. The New Virtual Network page appears. 5. Type a name for the new network. Review the other properties and modify them if necessary. 6. Click OK to save the virtual network and close Virtual Network Manager, or click Apply to save the virtual network and continue using Virtual Network Manager. To modify a virtual network 1. Open Hyper-V Manager. 2. From the Actions menu, click Virtual Network Manager. 3. Under Virtual Networks, click the name of the network you want to modify. 4. Under Virtual Network Properties, edit the appropriate properties to modify the virtual network. 56

5. Click OK to save the changes and close Virtual Network Manager, or click Apply to save the changes and continue using Virtual Network Manager. To remove a virtual network 1. Open Hyper-V Manager. 2. From the Actions menu, click Virtual Network Manager. 3. Under Virtual Networks, click the name of the network you want to remove. 4. Under Virtual Network Properties, click Remove. 5. Click OK to save the changes and close Virtual Network Manager, or click Apply to save the changes and continue using Virtual Network Manager. Configure a Virtual Machine for High Availability A highly available virtual machine requires that you perform some specific configuration and tasks. Some configuration and tasks must be done before you make the virtual machine highly available, while others must be done afterward. Before you try to make a virtual machine highly available, review the following information to make sure that the virtual machine is configured appropriately. Making the virtual machine highly available Before you make the virtual machine highly available, you need to review, and in some cases, modify the networking, security, and storage in your environment. Networking. All nodes in the same cluster must use the same name for the virtual network that provides external networking for the virtual machines. For example, if you created a virtual network through the Add Roles Wizard when you installed the role, a name is assigned to the virtual network based on the network adapter. This name will be different on each physical computer. You must delete the virtual network and then recreate it, using the same name on each physical computer in the cluster. Also note that if a physical network adapter uses static settings, such as a static IP address, and IPv6 is not disabled, the static settings will be deleted when you connect a virtual network to the physical adapter. In that case, you must reconfigure the static settings. Processor. If the nodes in your cluster use different processor versions make sure that you configure the virtual machine for processor compatibility. This helps ensure that you can failover or migrate a virtual machine without encountering problems due to different virtualization features on different versions of the same manufacturer s processor. However, this does not provide compatibility between different processor manufacturers. Security. To avoid potential problems you might encounter trying to administer highly available virtual machines, all nodes in the cluster must use the same authorization policy. There are two ways you can accomplish this: o Use a local, XML-based authorization store on each node. The policy must be configured the same on each store in the cluster. o Use an authorization store located in Active Directory Domain Services (AD DS). Storage. You must use shared storage that is supported by both the Failover Clustering feature and Hyper-V. When you create the virtual machine, choose the option to store the virtual machine in a new folder and specify the location of the shared storage. After you make the virtual machine highly available After you make the virtual machine highly available, do the following: Install the guest operating system and the integration services. 57

Configure the virtual machine to take no action through Hyper-V if the physical computer shuts down by modifying the Automatic Stop Action setting to none. Virtual machine state must be managed through the Failover Clustering feature. If you use snapshots on a clustered virtual machine, all resources associated with each snapshot must be stored on the same shared storage as the virtual machine. If you change the configuration of a virtual machine, we recommend that you use the Failover Manager snap-in to access the virtual machine settings. When you do this, the cluster is updated automatically with the configuration changes. However, if you make changes to the virtual machine settings from the Hyper-V Manager snap-in, you must update the cluster manually after you make the changes. If the configuration is not refreshed after networking or storage changes are made, a subsequent failover may not succeed or may succeed but result in the virtual machine being configured incorrectly. Monitor the performance of the Hyper-V server While most of the principles of analyzing performance of a guest operating system installed on a Hyper-V virtual machine performance are the same as analyzing the performance of an operating system installed on a physical machine, many of the collection methods are different. The following considerations are significant when evaluating performance of your BizTalk Server solution running on a guest operating system installed on a Hyper-V virtual machine. Measuring Disk I/O Performance The following considerations apply when measuring disk I/O performance on a guest operating system installed on a Hyper-V virtual machine: Measure disk latency on a Hyper-V host operating system The best initial indicator of disk performance on a Hyper-V host operating system is obtained by using the \Logical Disk(*)\Avg. sec/read and \Logical Disk(*)\Avg. sec/write performance monitor counters. These performance monitor counters measure the amount of time that read and write operations take to respond to the operating system. As a general rule of thumb, average response times greater than 15ms are considered sub-optimal. This is based on the typical seek time of a single 7200 RPM disk drive without cache. The use of logical disk versus physical disk performance monitor counters is recommended because Windows applications and services utilize logical drives represented as drive letters wherein the physical disk (LUN) presented to the operating system can be comprised of multiple physical disk drives in a disk array. Use the following rule of thumb when measuring disk latency on the Hyper-V host operating system using the \Logical Disk(*)\Avg. Disk sec/read or \Logical Disk(*)\Avg. Disk sec/write performance monitor counters: 1ms to 15ms = Healthy 15ms to 25ms = Warning or Monitor 26ms or greater = Critical, performance will be adversely affected Measure disk latency on guest operating systems Response times of the disks used by the guest operating systems can be measured using the same performance monitor counters used to measure response times of the disks used by the Hyper-V host operating system. Use the following performance monitor counters to measure the impact of available memory on the performance of a guest operating system installed on a Hyper-V virtual machine: Measure available memory on the Hyper-V host operating system The amount of physical memory available to the Hyper-V host operating system can be determined by monitoring the \Memory\Available MBytes performance monitor counter on the physical computer. This counter 58

reports the amount of free physical memory available to the host operating system. Use the following rules of thumb when evaluating available physical memory available to the host operating system: o \Memory\Available Mbytes Available MBytes measures the amount of physical memory available to processes running on the computer, as a percentage of physical memory installed on the computer. The following guidelines apply when measuring the value of this performance monitor counter: 50% of free memory available or more = Healthy 25% of free memory available = Monitor 10% of free memory available = Warning Less than 5% of free memory available = Critical, performance will be adversely affected Hyper-V allows guest computers to share the same physical network adapter. While this helps to consolidate hardware, take care not to saturate the physical adapter. Use the following methods to ensure the health of the network used by the Hyper-V virtual machines: Test network latency Ping each virtual machine to ensure adequate network latency. On local area networks, expect to receive less than 1ms response times. Test for packet loss Use the pathping.exe utility to test packet loss between virtual machines. Pathping.exe measures packet loss on the network and is available with all versions of Windows Server since Windows Server 2000. Pathping.exe sends out a burst of 100 ping requests to each network node and calculates how many pings are returned. On local area networks there should be no loss of ping requests from the pathping.exe utility. Test network file transfers Copy a 100MB file between virtual machines and measure the length of time required to complete the copy. On a healthy 100Mbit (megabit) network, a 100MB (megabyte) file should copy in 10 to 20 seconds. On a healthy 1Gbit network, a 100MB file should copy in about 3 to 5 seconds. Copy times outside of these parameters are indicative of a network problem. One common cause of poor network transfers occurs when the network adapter has auto detected a 10MB half-duplex network which prevents the network adapter from taking full advantage of available bandwidth. Measure network utilization on the Hyper-V host operating system Use the following performance monitor counters to measure network utilization on the Hyper-V host operating system: The following considerations apply when evaluating processor performance on a guest operating system installed on a Hyper-V virtual machine: Guest operating system processors do not have a set affinity to physical processors/cores The hypervisor determines how physical resources are used. In the case of processor utilization, the hypervisor schedules the guest processor time to physical processor in the form of threads. This means the processor load of virtual machines will be spread across the processors of the physical computer. Furthermore, virtual machines cannot exceed the processor utilization of the configured number of logical processors, for example if a single virtual machine is configured to run with 2 logical processors on a physical computer with 8 processors/cores, then the virtual machine cannot exceed the processor capacity of the number of configured logical processors (in this case 2 processors). 59

Measure overall processor utilization of the Hyper-V environment using Hyper-V performance monitor counters For purposes of measuring processor utilization, the host operating system is logically viewed as just another guest operating system. Therefore, the \Processor(*)\% Processor Time monitor counter measures the processor utilization of the host operating system only. To measure total physical processor utilization of the host operating system and all guest operating systems, use the \Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time performance monitor counter. This counter measures the total percentage of time spent by the processor running the both the host operating system and all guest operating systems. Use the following thresholds to evaluate overall processor utilization of the Hyper-V environment using the \Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time performance monitor counter: Less than 60% consumed = Healthy 60% - 89% consumed = Monitor or Caution 90% - 100% consumed = Critical, performance will be adversely affected Tools for Measuring Performance The following tools can be used to measure performance of Server. 1. Performance Analysis of Logs (PAL) tool The PAL tool is used to generate an HTML-based report that graphically charts important performance monitor counters and generates alerts when thresholds for these counters are exceeded. PAL is an excellent tool for identifying bottlenecks in a BizTalk Server solution to facilitate the appropriate allocation of resources when optimizing the performance of the solution. 2. SQLIO The SQLIO tool was developed by Microsoft to evaluate the I/O capacity of a given configuration. As the name of the tool implies, SQLIO is a valuable tool for measuring the impact of file system I/O on SQL Server performance. 3. SQL Profiler Microsoft SQL Server Profiler can be used to capture Transact-SQL statements that are sent to SQL Server and the SQL Server result sets from these statements. Because BizTalk Server is tightly integrated with SQL Server, the analysis of a SQL Server Profile trace can be a useful tool for analyzing problems that may occur in BizTalk Server when reading from and writing to SQL Server databases. For information about how to use SQL Server Profiler. 4. LoadGen BizTalk LoadGen 2007 is a load generation tool used to run performance and stress tests against BizTalk Server. 5. BizUnit BizUnit is a framework designed for automated testing of BizTalk solutions. BizUnit is an excellent tool for testing end-to-end BizTalk Server scenarios. 6. IOMeter IOMeter is an open source tool used for measuring disk I/O performance. 60

Chapter 8 Google App & Microsoft Office 365 About two decades ago, if any one would have mentioned the term cloud computing people would have considered it Greek or Latin. But today almost all businesses irrespective of the size are relying on it for getting reliable tools to help them grow and expand in a sustainable manner. Of all the providers out there in the market, Google Cloud Computing is considered the best not for one but many reasons. The primary reason for people s preference of Google s applications is the fact that many of them have been integrated together in a very seamless and flawless manner making things really easy for getting the job done. For instance, Gmail, Google Docs, AdWords, Maps, Picassa all can be accessed easily using one email id. This makes the entire operation easier and also highly affordable. If one had to get some software coded to meet all these purposes, it would have cost millions of dollars. Moreover, the time spent on developing the same and maintaining it would also be substantial. Let us now take a detailed look at what all services Google Cloud Computing has on offer. 1. Google Mail (Gmail) The most commonly used service of Google. Though it does not come directly under the purview of cloud computing, one needs to have a Gmail account in order to use the other services. Gmail was one of the first mail servers to have an integrated chat applet. This applet was even able to store conversations automatically in the form of an email. 2. Google Docs In simple words Google Docs is Microsoft Office online. You can create all the documents such as work sheets, documents and even presentations online and store them on Google s server. Moreover, since the files are store on a remote server you can virtually access them from any place in the world that has an internet connection which makes them very handy. At the same time you do not need to worry about the security of the files as they are encrypted with advance technology and only people whom you permit can access them. 3. Google Analytics using Google s Analytics tool you can monitor the entire traffic come on to your website with data being updated hourly. This way you make decisions after being well informed about the situation and modify or update your sites accordingly. 4. Google AdWords and AdSense Once you have got to know your target audience, you can use these revolutionary advertising tools to get the most value for every cent you spend on advertising. With AdWords, your message is sure to reach the precise target you intend to communicate with and thus get good returns. The best part is that data from any of Google s other cloud computing applications can be integrated with each other and you will not have to rephrase the same. 5. Picasa This is one of the best and most interactive applications in the Google Cloud Computing bouquet. For those who intend to sell physical products online, Picasa is a great way of uploading photographs and images of your products and exhibit them to clients. This application again can be integrated with your site. 61

Gmail groups replies to a message so it s easier to follow the conversation. Cloud Infrastructure (Networking) Google Apps for Business - Gmail More than email You can start a text, voice, or video chat right from your inbox. 62

Stay in the loop when you re on the go from your mobile phone or tablet. Email wherever you work Gmail works on any computer or mobile device with a data connection and offline support lets you keep working even when you re disconnected. Whether you're at your desk, in a meeting, or on a plane, your email is there. Work fast, save time Gmail is designed to make you more productive. 25GB of storage means you never have to delete anything, powerful search lets you find everything, and labels and filters help you stay organized. Connect with people Your inbox isn't just about messages, it's about people too. Text, voice, and video chat lets you see who s online and connect instantly. See your contacts profile photos, recent updates and shared docs next to each email. 63

Calendar - Stay in sync with your team Shared calendars make it easy to see when the people you work with are free. Creating a new event is as easy as typing a sentence. 64

When you re having trouble scheduling a meeting, Calendar can suggest a time that works for everyone. Stay organized and on schedule Organize your day with Calendar and get event reminders on your phone or in your inbox. Attach files or docs to your event so you have the right materials when your meeting starts. Find time with your team Calendar sharing makes it easy to find time with the people you work with and the smart scheduling feature suggests meeting times that work for everyone. Publish calendars to the web Create an event calendar and embed it on your website or set up appointment slots so customers can choose the best time for them. Drive - Store everything, share anything Apps users who wish to use Google Drive now can opt-in at drive.google.com/start 65

All your files are accessible from any web browser. Automatically sync files from your Mac or PC to your personal drive in Google s cloud. Access your files anywhere Google Drive on your Mac, PC or mobile device (or your browser) gives you a single place for up-to-date versions of your files from anywhere. In addition to any file type you choose to upload, Google Docs are also stored in Google Drive. Bring your files to life Share individual files or whole folders with individual people, your entire team or even customers, vendors and partners. Create and reply to comments on files to get feedback or add ideas. 66

Buy what you need & grow flexibly Start with 5 GB of included storage for each of your users. Need more? For as little as $4/month for 20 GB, administrators can centrally purchase and manage up to 16TB (Yes, that s 16,000 GB!) of additional storage for each user. Docs - Work together better Create rich documents and work together on the same doc at the same time. Share lists, track projects and analyze data with powerful spreadsheets. 67

View and even edit your documents from your mobile phone or tablet. Create or upload Create awesome documents, spreadsheets and presentations with Google Docs. Or, you can upload your existing work to view, share and edit online. Share securely Your docs are stored on the web, so sharing them can be as easy as sending a link. You can make your documents as public or as private as you like and control who can view, comment on and edit each document at any time. Work together Google Docs is designed for teams. Multiple people can edit a document at the same time and integrated chat and commenting make it easy to work together. Word processing Create rich documents with images, tables, equations, drawings, links and more. Gather input and manage feedback with social commenting. Spreadsheets Keep and share lists, track projects, analyze data and track results with our powerful spreadsheet editor. Use tools like advanced formulas, embedded charts, filters and pivot tables to get new perspectives on your data. Presentations Create beautiful slides with our presentation editor, which supports things like embedded videos, animations and dynamic slide transitions. Publish your presentations on the web so anyone can view them, or share them privately. 68

Sites - Shared workspaces for your team Build customs project sites that include videos, calendars, documents and more. Building a project site is as easy as writing a document, no coding skills required. 69

Share your project sites with the right people, inside and outside your company. Easy to build Build project sites without writing a single line of code. It's as easy as writing a document. And, to save even more time, you can choose from hundreds of pre-built templates. Simple to organize Use your team site to organize everything from calendars to documents to presentations to videos. Built-in Google-powered search makes it easy to find exactly what you're looking for later. Quick to share Share your site with your team, your entire company or even a customer or partner with the click of a button. You control who can view and who can edit your site and you can always adjust settings later. Vault - Add archiving and e-discovery to Google Apps Vault is optional and adds archiving, e-discovery and information governance capabilities for an additional $5/user/month 70

Google Apps Vault helps protect your business from legal risks. Search the archive for relevant email and chat messages. Preserve messages beyond their standard retention periods. 71

Export messages for further review and analysis. Retention policies Define retention policies that are automatically applied to your email and chat messages. Email and chat archiving Your email and chat messages are archived and retained according to your policies, preventing inadvertent deletions. E-discovery Be prepared for litigation and compliance audits with powerful search tools that help you find and retrieve relevant email and chat messages. Legal hold Place legal holds on users as needed. Email and chat messages can't be deleted by users when they're placed on hold. Export Export specific email and chat messages to standard formats for additional processing and review. Audits Run reports on user activity and actions in the archive. Searches, message views, exports and more are shown. More - Apps comes with even more handy tools 72

Chrome for Business* Chrome was built from the ground up to deliver the best experience for Gmail, Docs, Calendar and more, and supports the most advanced functionality such as offline support and desktop notifications. Groups for Business Google Groups can be used as mailing lists and to share calendars, docs, sites and videos quickly with coworkers. Groups are easy for users to set up and the group owner can manage membership in each group. Cloud Connect for Microsoft Office Google Cloud Connect for Microsoft Office brings collaborative multi-person editing to the Microsoft Office experience. You can share, backup and simultaneously edit Microsoft Word, PowerPoint and Excel documents with coworkers. Microsoft Office 365 Office is productivity software (including Word, PowerPoint, Excel, Outlook, and OneNote) that is installed on your desktop or laptop computer. Office 365 is an online subscription service that provides email, shared calendars, the ability to create and edit documents online, instant messaging, web conferencing, a public website for your business, and internal team sites all accessible anywhere from nearly any device. Customers with Office 2010 installed on their computer can quickly configure their software to work with Office 365. These users can easily retrieve, edit and save Office docs in the Office 365 cloud, co-author docs in real-time with others, quickly initiate PC-to-PC calls, instant messages and web conferences with others. Office 365 is also compatible with Office 2007 and newer editions of Office and select Office 365 plans include Office Professional Plus. Microsoft Office 365 is a set of cloud-based messaging and collaboration solutions, built on the most trusted name in office productivity. With Microsoft Office 365, you can help businesses of all sizes to be more productive. Extend your reach to new markets and deepen engagements by delivering solutions that enable workers to collaborate from virtually anywhere, using almost any device including PCs, phones, and browsers. Office 365 includes the following products: Microsoft Exchange Online Microsoft SharePoint Online Microsoft Lync Online Microsoft Office Web Apps Microsoft Office Professional Plus To do free trial logon to: http://www.microsoft.com/en-in/office365/online-software.aspx 73

Chapter 9 Web Application Security In earlier computing models, e.g. in client-server, the load for the application was shared between code on the server and code installed on each client locally. In other words, an application had its own client program which served as its user interface and had to be separately installed on each user's personal computer. An upgrade to the server-side code of the application would typically also require an upgrade to the client-side code installed on each user workstation, adding to the support cost and decreasing productivity. In contrast, web applications use web documents written in a standard format such as HTML and JavaScript, which are supported by a variety of web browsers. Web applications can be considered as a specific variant of client-server software where the client software is downloaded to the client machine when visiting the relevant web page, using standard procedures such as HTTP. Client web software update may happen each time the web page is visited. During the session, the web browser interprets and displays the pages, and acts as the universal client for any web application. In the early days of the Web each individual web page was delivered to the client as a static document, but the sequence of pages could provide an interactive experience, as user input is returned through web form elements embedded in the page markup. What is a Client? The 'client' is used in client-server environment to refer to the program the person uses to run the application. A client-server environment is one in which multiple computers share information such as entering information into a database. The 'client' is the application used to enter the information, and the 'server' is the application used to store the information. Benefits of a Web Application A web application relieves the developer of the responsibility of building a client for a specific type of computer or a specific operating system. Since the client runs in a web browser, the user could be using an IBM-compatible or a Mac. They can be running Windows XP or Windows Vista. They can even be using Internet Explorer or Firefox, though some applications require a specific web browser. Web applications commonly use a combination of server-side script (ASP, PHP, etc) and client-side script (HTML, Javascript, etc.) to develop the application. The client-side script deals with the presentation of the information while the server-side script deals with all the hard stuff like storing and retrieving the information. How Long Have Web Applications Been Around Web Applications have been around since before the web gained mainstream popularity. For example, Larry Wall developed Perl, a popular server-side scripting language, in 1987. That was seven years before the Internet really started gaining popularity outside of academic and technology circles. The first mainstream web applications were relatively simple, but the late 90's saw a push toward more complex web applications. Nowadays, millions of Americans use a web application to file their income taxes on the web. Future of Web Applications Most web applications are based on the client-server architecture where the client enters information while the server stores and retrieves information. Internet mail is an example of this, with companies like Yahoo and MSN offering web-based email clients. The new push for web applications is crossing the line into those 74

applications that do not normally need a server to store the information. Your word processor, for example, stores documents on your computer, and doesn't need a server. Web applications can provide the same functionality and gain the benefit of working across multiple platforms. For example, a web application can act as a word processor, storing information and allowing you to 'download' the document onto your personal hard drive. If you have seen the new Gmail or Yahoo mail clients, you have seen how sophisticated web applications have become in the past few years. Much of that sophistication is because of AJAX, which is a programming model for creating more responsive web applications.google Apps, Microsoft Office Live, and WebEx Web Office are examples of the newest generation of web applications. Web Application security Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application. Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security. Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and mitigation strategy. OWASP Top 10 has become an industrial norm in assessing Web Applications. Methodology According to the patterns & practices Improving Web Application Security book, a principle-based approach for application security includes: Knowing your threats. Securing the network, host and application. Incorporating security into your software development process Note that this approach is technology / platform independent. It is focused on principles, patterns, and practices. Threats, Attacks, Vulnerabilities, and Countermeasures According to the patterns & practices Improving Web Application Security book, the following terms are relevant to application security: Asset. A resource of value such as the data in a database or on the file system, or a system resource. Threat. A negative effect. Vulnerability. A weakness that makes a threat possible. Attack (or exploit). An action taken to harm an asset. Countermeasure. A safeguard that addresses a threat and mitigates risk. Application Threats / Attacks According to the patterns & practices Improving Web Application Security book, the following are classes of common application security threats / attacks: 75

Category Threats / Attacks Input Validation Authentication Authorization Configuration management Sensitive information Session management Cryptography Parameter manipulation Exception management Auditing and logging Buffer overflow; cross-site scripting; SQL injection; canonicalization Network eavesdropping ; Brute force attack; dictionary attacks; cookie replay; credential theft Elevation of privilege; disclosure of confidential data; data tampering; luring attacks Unauthorized access to administration interfaces; unauthorized access to configuration stores; retrieval of clear text configuration data; lack of individual accountability; overprivileged process and service accounts Access sensitive data in storage; network eavesdropping; data tampering Session hijacking; session replay; man in the middle Poor key generation or key management; weak or custom encryption Query string manipulation; form field manipulation; cookie manipulation; HTTP header manipulation Information disclosure; denial of service User denies performing an operation; attacker exploits an application without trace; attacker covers his or her tracks Security in the cloud When looking to move workload to cloud environments, most Chief Information Officers will say that security is the number one concern. To address those concerns, IT organizations must consider several aspects of security to ensure they do not put their organizations at risk as they explore cloud computing. Some of these concerns regarding security have to do with what the cloud provider s service and operational procedures, and other concerns, have to do with new processes that must be considered, and that did not have to be considered before in the traditional IT model. To provide effective security for a cloud environment, both the cloud provider and consumer must partner to provide solutions to the following security concerns: Governance and Enterprise Risk Management The ability of an organization to govern and measure enterprise risk that is introduced by cloud computing. This concern includes items such as 76

legal precedence for agreement breaches, ability of user organizations to adequately assess risk of a cloud provider, responsibility to protect sensitive data when both user and provider may be at fault Compliance and Audit Maintaining and proving compliance when using cloud computing. Issues involve evaluating how cloud computing affects compliance with internal security policies, and also various compliance requirements. Application Security Securing application software that is running on or being developed in the cloud. This concern includes items such as whether it is appropriate to migrate or design an application to run in the cloud. Encryption and Key Management Identifying proper encryption usage and scalable key management. This concern addresses access controls of both access to resources and for protecting data. Identity and Access Management - Managing identities and leveraging directory services to provide access control. The focus is on issues that are encountered when extending an organization s identity into the cloud. Although, Governance and Enterprise Risk Management are existing functions within most IT organizations, cloud computing introduces several unique challenges around this topic. Part of the responsibilities are that of the cloud provider, and other components are that of the consumer to ensure that the overall solution that is being leveraged meets the governance and Enterprise Risk Management standards of the organization. For example, in the IBM Smart Cloud Enterprise offering, IBM requires its customers to secure the application and operating system that is being used, although IBM does provide a base operating system image with basic security configurations. In addition, most organizations are bound by some form of security compliance guidelines. These guidelines and regulations do not change when moving a workload into the cloud environment. Therefore, consumers of cloud must look at their existing compliance and audit guidelines to ensure that the workloads they move to the cloud still comply with the guidelines by which their organizations are bound. Also, consumers must ensure that any audit requirements can still be met even though the workload has been moved into a cloud environment. Securing application software that is running or being developed in the cloud is another consideration for security. Standard application security might need to be changed or enhanced based on a cloud provider s environment or customer requirements. Encryption and Key Management becomes critical when moving a workload to the cloud. Using encryption and a scalable key management solution must be considered when leveraging cloud solutions. For example, IBM Smart Cloud Enterprise provides a robust key management system for secure access to all Linux compute resources. Finally, Identity and Access Management is critical to the success of cloud solutions. This ensures only authenticated and authorized individuals get access to the correct components of the workloads that are hosted in cloud solutions. Solutions such as Tivoli Access Manager with its WebSEAL reverse proxy can help with the authorization of individuals; solutions such as Tivoli Identity Manager can help with the authentication of users. Cloud Security Concerns When addressing security in a cloud environment, consider five key areas to help ensure that your cloud provider and you as consumers of cloud are creating a cloud solution that meets the business needs. It is critical to consider the governance and enterprise risk aspects of cloud computing along with the compliance 77

and audit implications to the organization. In addition, application security concerns such as encryption, key management, and identity and access management must be addressed to ensure security risks are mitigated in a cloud environment. Although many of these disciplines exist in traditional IT, many of the disciplines must be reviewed when you move workload to a cloud environment. Applications in cloud environments Security Recommendations With the adoption of cloud computing continuing to accelerate, the need to adopt and maintain effective security and compliance practices is more important than ever. To help enterprises maintain compliance while using the cloud, and keep their networks, applications and data safe, Verizon is offering the following best practices and tips. Cloud infrastructure security is at the heart of the matter: Physical security: Facilities should be hardened with climate control, fire prevention and suppression systems, and uninterruptable power supplies, and have round-the-clock onsite security personnel. Look for a provider that offers biometric capabilities, such as fingerprints or facial recognition, for physical access control, and video cameras for facility monitoring. Network security and logical separation: Virtualized versions of firewalls and intrusion prevention systems should be utilized. Portions of the cloud environment containing sensitive systems and data should be isolated. Regularly scheduled audits using industry-recognized methods and standards, such as SAS 70 Type II, the Payment Card Industry Data Security Standard, ISO 27001/27002 and the Cloud Security Alliance Cloud Controls Matrix, should be conducted. Inspection: Anti-virus and anti-malware applications, as well as content filtering should be employed at gateways. Data loss prevention capabilities should be considered when dealing with sensitive information, such as financial and personal data, and proprietary intellectual property. Administration: Special attention should be paid to cloud hypervisors, the servers that run multiple operating systems, since they provide the ability to manage an entire cloud environment. Many security and compliance requirements mandate different network and cloud administrators to provide a separation of duties and added level of protection. Access to virtual environment management interfaces should be highly restricted, and application programming interfaces, or APIs, should be locked down or disabled. Comprehensive monitoring and logging: Nearly all security standards require the ability to monitor and control access to networking, systems, applications and data. A cloud environment, whether in-house or outsourced, must offer the same ability. Cloud application security is a must: System security. Virtual machines, or VMs, should be protected by cloud-specific firewalls, intrusion prevention systems and anti-virus applications, as well as consistent and programmatic patch-management processes. Application and data security. Applications should utilize dedicated databases wherever possible, and 78

application access to databases should be limited. Many security compliance standards require monitoring and logging of applications and related databases. Authentication and authorization. Two-factor authentication, such as digital authentication, should be used for user names and passwords and are a necessity for remote access and any type of privileged access. Roles of authorized users should be clearly defined and kept to the minimum necessary to complete their assigned tasks. Password encryption is advisable. In addition, authentication, authorization and accounting packages should not be highly customized, as this often leads to weakened security protection. Vulnerability management. Applications should be designed to be invulnerable to common exploits, such as those listed in the Open Web Application Security Project (OWASP) Top 10. Applications deployed in the cloud require regular patching, vulnerability scanning, independent security testing and continuous monitoring. Data storage. Enterprises should know the types of data stored in a cloud environment and segregate data types, as appropriate. Additionally, the physical and logical location of data should be known due to potential security and privacy implications. Change management. It is highly recommended that change-management policies for network, system, application and data administrators be clearly documented and understood to avoid inadvertent issues and potential data loss. Encryption. Encryption of data in a cloud environment can be more complex and requires special attention. Many standards contain requirements for both in-transit and at-rest data. For instance, financial data and personal health information should always be encrypted. Public, private and hybrid clouds. Shared virtualized environment. Public clouds, many using a shared virtualized environment, offer basic security features. This means proper segmentation and isolation of processing resources should be an area of focus. To meet your enterprise's security and compliance requirements, be prudent in choosing the proper cloud environment. Public cloud providers. While the economics may be attractive, some public cloud providers may not sufficiently support the types of controls required by enterprises to meet security and compliance requirements. Be sure to ask a lot of questions. Prudent security measures. No matter what the cloud model, enterprises should employ segmentation, firewalls, intrusion protection systems, monitoring, logging, and access controls and data encryption. Private clouds are a double-edged sword. Private clouds can be hosted on premises or at a service provider's facility. As with traditional environments, security design and controls are critical. When using a service provider's offering, it's important to select the right cloud that meets your requirements. Just because it's a private cloud, doesn't mean it's inherently secure. Hybrid clouds. Hybrid clouds can offer enterprises the best of both of worlds, enabling them to meet a wide range of IT and business objectives. Hybrid clouds offer an enterprise the ability to house applications in the most suitable environment while leveraging the benefits and features of shared and on-premises cloud environments and the ability to move applications and data between the two. 79

Chapter 10 Cloud Interoperability and Solution Interoperability The concept of interoperability as it applies to cloud computing is at its simplest, the requirement for the components of a processing system to work together to achieve their intended result. Components should be replaceable by new or different components from different providers and continue to work. Components that make up a system consist of the hardware and software elements required to build and operate it. Typical components required of a cloud system include: Hardware Operating systems Virtualization Networks Storage Software (Application frameworks, middleware, libraries, applications) Data Security. It should be apparent to most readers that these components compose almost any IT system. You might ask how these components and therefore how interoperability concerns differ from any IT system where all of the components would logically be expected to work together as well. Organizations must approach the cloud with the understanding that they may have to change providers in the future. Portability and interoperability must be considered up front as part of the risk management and security assurance of any cloud program. Large cloud providers can offer geographic redundancy in the cloud, hopefully enabling high availability with a single provider. Nonetheless, it s advisable to do basic business continuity planning, to help minimize the impact of a worst-case scenario. Various companies will in the future suddenly find themselves with urgent needs to switch cloud providers for varying reasons, including: An unacceptable increase in cost at contract renewal time. A provider ceases business operations. A provider suddenly closes one or more services being used, without acceptable migration plans. Unacceptable decrease in service quality, such as a failure to meet key performance requirements or achieve service level agreements (SLAs). A business dispute between cloud customer and provider. Some simple architectural considerations can help minimize the damage should these kinds of scenarios occur. However, the means to address these issues depend on the type of cloud service. With Software as a Service (SaaS), the cloud customer will by definition be substituting new software applications for old ones. Therefore, the focus is not upon portability of applications, but on preserving or enhancing the security functionality provided by the legacy application and achieving a successful data migration. With Platform as a Service (PaaS), the expectation is that some degree of application modification will be necessary to achieve portability. The focus is minimizing the amount of application rewriting while preserving or enhancing security controls, along with achieving a successful data migration. With Infrastructure as a Service (IaaS), the focus and expectation is that both the applications and data should be able to migrate to and run at a new cloud provider. 80

Due to a general lack of interoperability standards, and the lack of sufficient market pressure for these standards, transitioning between cloud providers may be a painful manual process. From a security perspective, our primary concern is maintaining consistency of security controls while changing environments. Recommendations For All Cloud Solutions: Substituting cloud providers is in virtually all cases a negative business transaction for at least one party, which can cause an unexpected negative reaction from the legacy cloud provider. This must be planned for in the contractual process as outlined in Domain 3, in your Business Continuity Program as outlined in Domain 7, and as a part of your overall governance in Domain 2. Understand the size of data sets hosted at a cloud provider. The sheer size of data may cause an interruption of service during a transition, or a longer transition period than anticipated. Many customers have found that using a courier to ship hard drives is faster than electronic transmission for large data sets. Document the security architecture and configuration of individual component security controls so they can be used to support internal audits, as well as to facilitate migration to new providers. For IaaS Cloud Solutions: Understand how virtual machine images can be captured and ported to new cloud providers, who may use different virtualization technologies. Identify and eliminate (or at least document) any provider-specific extensions to the virtual machine environment. Understand what practices are in place to make sure appropriate deprovisioning of VM images occurs after an application is ported from the cloud provider. Understand the practices used for decommissioning of disks and storage devices. Understand hardware/platform based dependencies that need to be identified before migration of the application/data. Ask for access to system logs, traces, and access and billing records from the legacy cloud provider. Identify options to resume or extend service with the legacy cloud provider in part or in whole if new service proves to be inferior. Determine if there are any management-level functions, interfaces, or APIs being used that are incompatible with or unimplemented by the new provider. For PaaS Cloud Solutions: When possible, use platform components with a standard syntax, open APIs, and open standards. Understand what tools are available for secure data transfer, backup, and restore. Understand and document application components and modules specific to the PaaS provider, and develop application architecture with layers of abstraction to minimize direct access to proprietary modules. Understand how base services like monitoring, logging, and auditing would transfer over to a new vendor. Understand control functions provided by the legacy cloud provider and how they would translate to the new provider. When migrating to a new platform, understand the impacts on performance and availability of the application, and how these impacts will be measured. 81

Understand how testing will be completed prior to and after migration, to verify that the services or applications are operating correctly. Ensure that both provider and user responsibilities for testing are well known and documented. For SaaS Solutions: Perform regular data extractions and backups to a format that is usable without the SaaS provider. Understand whether metadata can be preserved and migrated. Understand that any custom tools being implemented will have to be redeveloped, or the new vendor must provide those tools. Assure consistency of control effectiveness across old and new providers. Assure the possibility of migration of backups and other copies of logs, access records, and any other pertinent information which may be required for legal and compliance reasons. Understand management, monitoring, and reporting interfaces and their integration between environments. Is there a provision for the new vendor to test and evaluate the applications before migration. Choosing a Cloud Firewall A "cloud firewall" is a network firewall appliance which is specifically designed to work with cloud-based security solutions. The Edge2WAN cloud firewall includes built-in link bonding technology specifically optimized for cloud-security solutions. When combined with our cloud-based security clients, Cloud5ecure, our customers will receive complete protection against Internet threats like web-based malware, spyware, and viruses. The Edge2WAN cloud firewalls purpose is to reduce security risks and ensure the highest possible uptime for these applications which includes greater network redundancy as well as comprehensive network/endpoint security. Cloud firewalls can improve any organizations overall security and business continuity; we've done it for these customers; we can do it for you. Cloud Firewall Security The EdgeXOS cloud firewall platform provides next generation network security by incorporating both appliance level and endpoint protection while utilizing the cloud to ensure instant and realtime security updates in order to prevent zero hour security threats. What this means is that the EdgeXOS cloud firewall platform can react faster and ensure better defenses than other non-cloud enabled solutions. XRoads Networks has utilized its partnership with Webroot to provide centralized and global web security via the EdgeXOS appliances and enable endpoint protection through a 82

simple download and installation process managed through the EdgeXOS platform which can ensure that all users are connecting securely to the network. No other solution on the market surpasses the security capabilities offered via the EdgeXOS cloud firewall platform. Hardened Network Firewall The EdgeXOS platforms has a built-in network layer firewall which can be used to create granular security policies to allow, deny, and log network traffic based on various administrative criteria. The packet inspection firewall can quickly determine if specific types of attacks are being made against it and adjust accordingly, including DoS attacks, SYN floods, fragmented packets, redirects, source route attacks, and reverse path filtering. The firewall is easy to configure and is rules based which allows for simple grouping and modification as needed. Rules can be grouped based on name and applied based on group order. User control is also built-in to the firewall which automatically detects all physical addresses on the LAN network for easy administration and management. Security Policies XOS Preview The EdgeXOS platform is a deep inspection firewall that works in conjunction with our packet classifier technology to secure your network connections. In addition to the rules-based firewall the EdgeXOS can manage individual users through network access control and authentication. 83

Network access control utilizes end-users MAC/physical address and IP address in order to identify the enduser and then grant access through a web-based interface, or when the administrator specifically allows that user access to the network. The NAC server can be used in conjunction with the Cloud5ecure client in order to enforce endpoint security for all users on the local area network. The EdgeXOS cloud firewall platform delivers its #1 rated antispyware technology by leveraging partnerships with leading cloud-security vendors like Webroot, the leader in antispyware detection and prevention. These cloud-security vendors utilize research systems that scour the entire Web and discover spyware faster than any other solution available today. These updates are immediately distributed through our solution to end-users, thus preventing new outbreaks and reducing lost productivity and headaches. In order to delivery enterprise class antivirus detection the EdgeXOS cloud firewall incorporates technology from Webroot, which is a best-of-breed virus scanner, and includes an integrated Host Intrusion Prevention System (HIPS) to detect potential malware before it creates problems on an end-users system. Behavioral analysis automatically finds potential threats and can quarantine them before they become a security issue. Patent-pending technology from XRoads Networks allows these third party vendors to operate at top speed and ensure highly redundant connectivity to these critical security services. 84

Chapter 11 Backup and Recovery of cloud data In information technology, a backup or the process of backing up is making copies of data which may be used to restore the original after a data loss event. Backups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users. A 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups popularly represent a simple form of disaster recovery, and should be part of a disaster recovery plan, by themselves, backups should not alone be considered disaster recovery. Not all backup systems or backup applications are able to reconstitute a computer system, or in turn other complex configurations such as a computer cluster, active directory servers, or a database server, by restoring only data from a backup. Since a backup system contains at least one copy of all data worth saving, the data storage requirements are considerable. Organizing this storage space and managing the backup process is a complicated undertaking. A data repository model can be used to provide structure to the storage. In the modern era of computing there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability. Before data is sent to its storage location, it is selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Many organizations and individuals try to have confidence that the process is working as expected and work to define measurements and validation techniques. It is also important to recognize the limitations and human factors involved in any backup scheme. Managing the backup process It is important to understand that backing up is a process. As long as new data is being created and changes are being made, backups will need to be updated. Individuals and organizations with anything from one computer to thousands (or even millions) of computer systems all have requirements for protecting data. While the scale is different, the objectives and limitations are essentially the same. Likewise, those who perform backups need to know to what extent they were successful, regardless of scale. Recovery point objective (RPO) The point in time that the restarted infrastructure will reflect. Essentially, this is the roll-back that will be experienced as a result of the recovery. The most desirable RPO would be the point just prior to the data loss event. Making a more recent recovery point achievable requires increasing the frequency of synchronization between the source data and the backup repository. Recovery time objective (RTO) The amount of time elapsed between disaster and restoration of business functions. 85

Data security In addition to preserving access to data for its owners, data must be restricted from unauthorized access. Backups must be performed in a manner that does not compromise the original owner's undertaking. This can be achieved with data encryption and proper media handling policies. Limitations An effective backup scheme will take into consideration the limitations of the situation. Backup window The period of time when backups are permitted to run on a system is called the backup window. This is typically the time when the system sees the least usage and the backup process will have the least amount of interference with normal operations. The backup window is usually planned with users' convenience in mind. If a backup extends past the defined backup window, a decision is made whether it is more beneficial to abort the backup or to lengthen the backup window. Performance impact All backup schemes have some performance impact on the system being backed up. For example, for the period of time that a computer system is being backed up, the hard drive is busy reading files for the purpose of backing up, and its full bandwidth is no longer available for other tasks. Such impacts should be analyzed. Costs of hardware, software, labor All types of storage media have a finite capacity with a real cost. Matching the correct amount of storage capacity (over time) with the backup needs is an important part of the design of a backup scheme. Any backup scheme has some labor requirement, but complicated schemes have considerably higher labor requirements. The cost of commercial backup software can also be considerable. Network bandwidth Distributed backup systems can be affected by limited network bandwidth. Backup Implementation Meeting the defined objectives in the face of the above limitations can be a difficult task. The tools and concepts below can make that task more achievable. Scheduling Using a job scheduler can greatly improve the reliability and consistency of backups by removing part of the human element. Many backup software packages include this functionality. Authentication Over the course of regular operations, the user accounts and/or system agents that perform the backups need to be authenticated at some level. The power to copy all data off of or onto a system requires unrestricted access. Using an authentication mechanism is a good way to prevent the backup scheme from being used for unauthorized activity. Chain of trust Removable storage media are physical items and must only be handled by trusted individuals. Establishing a chain of trusted individuals (and vendors) is critical to defining the security of the data. 86

Measuring the process To ensure that the backup scheme is working as expected, the process needs to include monitoring key factors and maintaining historical data. Backup validation Also known as "backup success validation the process by which owners of data can get information about how their data was backed up. This same process is also used to prove compliance to regulatory bodies outside of the organization, for example, an insurance company might be required under HIPAA to show "proof" that their patient data are meeting records retention requirements. [16] Disaster, data complexity, data value and increasing dependence upon ever-growing volumes of data all contribute to the anxiety around and dependence upon successful backups to ensure business continuity. For that reason, many organizations rely on third-party or "independent" solutions to test, validate, and optimize their backup operations (backup reporting). Reporting In larger configurations, reports are useful for monitoring media usage, device status, errors, vault coordination and other information about the backup process. Logging In addition to the history of computer generated reports, activity and change logs are useful for monitoring backup system events. Validation Many backup programs make use of checksums or hashes to validate that the data was accurately copied. These offer several advantages. First, they allow data integrity to be verified without reference to the original file: if the file as stored on the backup medium has the same checksum as the saved value, then it is very probably correct. Second, some backup programs can use checksums to avoid making redundant copies of files, to improve backup speed. This is particularly useful for the de-duplication process. Monitored backup Backup processes are monitored by a third party monitoring center. This center alerts users to any errors that occur during automated backups. Monitored backup requires software capable of pinging the monitoring center's servers in the case of errors. Some monitoring services also allow collection of historical meta-data, which can be used for Storage Resource Management purposes like projection of data growth, locating redundant primary storage capacity and reclaimable backup capacity. Selection and extraction of data A successful backup job starts with selecting and extracting coherent units of data. Most data on modern computer systems is stored in discrete units, known as files. These files are organized into file systems. Files that are actively being updated can be thought of as "live" and present a challenge to back up. It is also useful to save metadata that describes the computer or the file system being backed up. Deciding what to back up at any given time is a harder process than it seems. By backing up too much redundant data, the data repository will fill up too quickly. Backing up an insufficient amount of data can eventually lead to the loss of critical information. 87

Copying files Making copies of files is the simplest and most common way to perform a backup. A means to perform this basic function is included in all backup software and all operating systems. Partial file copying Instead of copying whole files, one can limit the backup to only the blocks or bytes within a file that have changed in a given period of time. This technique can use substantially less storage space on the backup medium, but requires a high level of sophistication to reconstruct files in a restore situation. Some implementations require integration with the source file system. File Systems File system dump Instead of copying files within a file system, a copy of the whole file system itself can be made. This is also known as a raw partition backup and is related to disk imaging. The process usually involves unmounting the filesystem and running a program like dd (Unix). Because the disk is read sequentially and with large buffers, this type of backup can be much faster than reading every file normally, especially when the filesystem contains many small files, is highly fragmented, or is nearly full. But because this method also reads the free disk blocks that contain no useful data, this method can also be slower than conventional reading, especially when the filesystem is nearly empty. Some filesystems, such as XFS, provide a "dump" utility that reads the disk sequentially for high performance while skipping unused sections. The corresponding restore utility can selectively restore individual files or the entire volume at the operator's choice. Identification of changes Some filesystems have an archive bit for each file that says it was recently changed. Some backup software looks at the date of the file and compares it with the last backup to determine whether the file was changed. Versioning file system A versioning file system keeps track of all changes to a file and makes those changes accessible to the user. Generally this gives access to any previous version, all the way back to the file's creation time. An example of this is the Way back versioning file system for Linux. Live data If a computer system is in use while it is being backed up, the possibility of files being open for reading or writing is real. If a file is open, the contents on disk may not correctly represent what the owner of the file intends. This is especially true for database files of all kinds. The term fuzzy backup can be used to describe a backup of live data that looks like it ran correctly, but does not represent the state of the data at any single point in time. This is because the data being backed up changed in the period of time between when the backup started and when it finished. For databases in particular, fuzzy backups are worthless. Snapshot backup A snapshot is an instantaneous function of some storage systems that presents a copy of the file system as if it were frozen at a specific point in time, often by a copy-on-write mechanism. An effective way to back up live data is to temporarily quiesce it (e.g. close all files), take a snapshot, and then resume live operations. At this point the snapshot can be backed up through normal methods. While a snapshot is very handy for viewing a filesystem as it was at a different point in time, it is hardly an effective backup mechanism by itself. 88

Open file backup Many backup software packages feature the ability to handle open files in backup operations. Some simply check for openness and try again later. File locking is useful for regulating access to open files. When attempting to understand the logistics of backing up open files, one must consider that the backup process could take several minutes to back up a large file such as a database. In order to back up a file that is in use, it is vital that the entire backup represent a single-moment snapshot of the file, rather than a simple copy of a read-through. This represents a challenge when backing up a file that is constantly changing. Either the database file must be locked to prevent changes, or a method must be implemented to ensure that the original snapshot is preserved long enough to be copied, all while changes are being preserved. Backing up a file while it is being changed, in a manner that causes the first part of the backup to represent data before changes occur to be combined with later parts of the backup after the change results in a corrupted file that is unusable, as most large files contain internal references between their various parts that must remain consistent throughout the file. Cold database backup During a cold backup, the database is closed or locked and not available to users. The datafiles do not change during the backup process so the database is in a consistent state when it is returned to normal operation. Hot database backup Some database management systems offer a means to generate a backup image of the database while it is online and usable ("hot"). This usually includes an inconsistent image of the data files plus a log of changes made while the procedure is running. Upon a restore, the changes in the log files are reapplied to bring the copy of the database up-to-date (the point in time at which the initial hot backup ended). Metadata Not all information stored on the computer is stored in files. Accurately recovering a complete system from scratch requires keeping track of this non-file data too. System description System specifications are needed to procure an exact replacement after a disaster. Boot sector The boot sector can sometimes be recreated more easily than saving it. Still, it usually isn't a normal file and the system won't boot without it. Partition layout The layout of the original disk, as well as partition tables and file system settings, is needed to properly recreate the original system. File metadata Each file's permissions, owner, group, ACLs, and any other metadata need to be backed up for a restore to properly recreate the original environment. System metadata Different operating systems have different ways of storing configuration information. Microsoft Windows keeps a registry of system information that is more difficult to restore than a typical file. Benefits of Cloud Backup and Disaster Recovery The key reasons why small and medium-sized businesses should implement a comprehensive data backup and disaster recovery process. With a best practice, two-tier backup system, you have both local, immediate restore and sharing data backup, combined with a secondary backup in an offsite location, for which we recommended using a cloud-based solution. 89

Many companies are already embracing cloud data backup, and for good reason, as there are many technical, economic and security benefits. The advent of cloud storage has created an affordable multi-tier BDR option to backup critical data for retrieval after a data loss event or other disaster. Here are a few of the key benefits companies can gain with backup disaster recovery in the cloud: Improved data protection: Cloud backup assures that your data is recoverable and protected. With industry-leading encryption and security practices, cloud-based data is highly secure. Don t buy into the hype about the cloud being less secure. It s just not true. Low Total Cost of Ownership (TCO): Zero capital expense and predictable subscription pricing keep total cost of ownership low. Ease of use: Cloud BDR solutions tend to have easy-to-use web-based management and user interfaces. At most, cloud solutions require a light-weight agent on devices used for data synch to the cloud, so you have minimal maintenance. Fast implementation: Rapid deployment in a matter of minutes with set-up and configuration wizards. Leverage existing IT: Most cloud solutions interoperate with existing storage devices, applications and operating systems. Lower energy consumption: No need for larger server rooms, saving power consumption and energy bills. If you have a Green IT initiative, this is a great way to lower your carbon footprint and energy consumption by leveraging a proven cloud vendor. Agility and scalability: Because it s cloud-based, increasing or decreasing your storage capacity should be painless. Try to avoid any tiered pricing as you increase data volumes. 90

Chapter 12 Server Performance & Monitoring Server Performance and Activity Monitoring The goal of monitoring databases is to assess how a server is performing. Effective monitoring involves taking periodic snapshots of current performance to isolate processes that are causing problems, and gathering data continuously over time to track performance trends. Microsoft SQL Server and the Microsoft Windows operating system provide utilities that let you view the current condition of the database and to track performance as conditions change. Performance Monitoring Differs from Traditional Server Monitoring Since we have various types of IT Components in a cloud, the traditional performance management which focuses on specific components will not work for Cloud. They are not well equipped to provide a more holistic view of the cloud environment. More than independent management of Physical and virtual infrastructure elements, focus should be on how they perform to deliver the Business Service to the User. Service Level Agreements (SLAs) are very important in a Cloud environment. Since the Customer pays for the services/infrastructure he uses, customer needs to be assured of a level of service at any time. Thus performance Monitoring of Cloud should monitor the capability of components of cloud in delivering the expected service. To a large extend Clouds are based on virtualized resources. Most of the Virtualization vendors provide management/monitoring solutions which collect a robust set of resource utilization statistics, even though they provide a good view of individual components, they fail to provide a complete picture of the performance of the entire cloud environment For example with VMware s VCenter/vSphere we can get basic resource utilization information of the ESX/ESXi host and virtual machines, they fail to provide a visibility into the performance of the business applications hosted on these platforms. Although it is possible to approximate the performance of Physical infrastructure based on how its resources are utilized, that is not the case with virtual components due to the shared and dynamic nature of resource allocation. The monitoring solution should be capable of dynamically identifying the VMs in which the application is currently running and then collect the parameters. Also depending on the agreement between the service provider and the customer, resources will be dynamically allocated to applications. Thus Virtualized/Cloud environment requires a specialized monitoring solution which can provide effective, convenient and holistic view of the entire environment. In a nutshell we need a monitoring model for Cloud which can provide a view of the health of the entire cloud in delivering a service. It should help the provider assess whether customer s demands can be met with the current resources/performance. Also we need to get a view of individual applications hosted on cloud. IV. Cloud Performance Monitoring When we consider monitoring performance of a Cloud, we can broadly classify it to 2 categories. Monitoring from Service providers view and Monitoring from Cloud Consumer s view. Infrastructure Performance - A Cloud service provider is interested in this kind of report. This involves performance of the various infrastructure components in the cloud like Virtual Machines, Storage, and Network etc. Since individual component s performance fail to provide an accurate view of the overall cloud performance, a new approach called Infrastructure Response Time is being researched upon to get a more accurate picture of the performance of a virtualized/ cloud environment. Infrastructure Response Time (IRT) is defined as the time it takes for any workload (application) to place a request for work on the virtual 91

environment and for the virtual environment to complete the request (from the guest to spindle and back again). The request could be a simple data exchange between 2 VMs or a complex request which involves database transaction and writes into a storage array. Parameters of Interest for Cloud Service Provider Cloud Service Provider needs to get an exhaustive view of the health of the entire cloud to assess the situation. Lot of decision making and determining SLAs are driven by the Cloud performance. Cloud service providers would be interested in the below details to assess the actual performance of cloud. A. Resource Utilization details Just like in any other performance monitoring, utilization parameters of physical servers/infrastructure is an important factor in cloud monitoring, as these servers make up the cloud. B. Infrastructure Response Time (IRT) As already discussed, IRT gives a clear picture of the overall Performance of the cloud as it checks the time taken for each transaction to complete. IRT is very crucial as it has an impact on the application performance and availability which in turn affects the SLAs C. Virtualization metrics Similar to the physical machines, we need to collect the resource utilization data from the Virtual machines. This provides a picture of how much of the VM is being utilized and this data helps in analysing the resource utilization by applications and to decide on the scaling requirements. Other important parameters related to Virtual Machines like Number of VMs used by application Time taken to create a new VM Time taken to move an app from one VM to another Time taken to allocate additional resources to VM are of importance as they also contribute to IRT and performance of the applications hosted in cloud. D. Transaction metrics Transaction metrics can be considered as a derivative from IRT. Metrics like Success percentage of transactions, count of transactions etc. for an application would give a clearer picture of the performance of an application in cloud at a particular instance. An ideal monitoring solution for Cloud should be capable of providing all the above details.reporting and Collecting Performance Data Reporting The following reports would help the service provider to understand the cloud usage and its performance. Multi-dimensional reports - Different levels of Report for different users like overall infrastructure usage, usage reports of specific resources/datacenters etc 92

- Application level reports like, Reports showing the infrastructure usage by each application, infrastructure reports like, Performance of the resources in the cloud Busy-hour / peak Usage Report - Helps to get a clear view of the usage of the application for better planning of resources and SLAs What If analysis Trend Analysis Collecting Monitoring application should collect Performance parameters like CPU utilization, memory utilization etc. from physical as well as virtual hosts. Solution to be capable enough to collect the response time per transaction and per application. Could be done either using an agent residing in the VM or an external monitoring agent. The agent needs to track and capture details of each transaction happening with the applications hosted in the VM. Collect virtualization metrics from underlying virtualization platform. Need to ensure that the solution works well with different virtualization platforms. Derive transaction metrics/data from collected data on response time. To perform monitoring tasks with Windows tools Use System Monitor to monitor the utilization of system resources. Collect and view real-time performance data in the form of counters, for server resources such as processor and memory use, and for many Microsoft SQL Server resources such as locks and transactions. To start System Monitor in Windows On the Start menu, point to Run, type perfmon in the Run dialog box, and then click OK. Monitoring Server Performance and Activity 93

Monitoring a server isn't something you should do haphazardly. You need to have a clear plan a set of goals that you hope to achieve. Let's take a look at the reasons you may want to monitor a server and at the tools you can use to do this. Figure 3-10: Use the Open dialog box to open the saved event log in a new view. Why Monitor Your Server Troubleshooting server performance problems is a key reason for monitoring. For example, users may be having problems connecting to the server and you may want to monitor the server to troubleshoot these problems. Here, your goal would be to track down the problem using the available monitoring resources and then to resolve it. Another common reason for wanting to monitor a server is to improve server performance. You do this by improving disk I/O, reducing CPU usage, and cutting down on the network traffic load on the server. Unfortunately, there are often trade-offs to be made when it comes to resource usage. For example, as the number of users accessing a server grows, you may not be able to reduce the network traffic load, but you may be able to improve server performance through load balancing or by distributing key data files on separate drives. Getting Ready to Monitor Before you start monitoring a server, you may want to establish baseline performance metrics for your server. To do this, you measure server performance at various times and under different load conditions. You can then compare the baseline performance with subsequent performance to determine how the server is performing. Performance metrics that are well above the baseline measurements may indicate areas where the server needs to be optimized or reconfigured. After you establish the baseline metrics, you should formulate a monitoring plan. A comprehensive monitoring plan includes the following steps: 1. Determining which server events should be monitored in order to help you accomplish your goal. 2. Setting filters to reduce the amount of information collected. 3. Configuring monitors and alerts to watch the events. 4. Logging the event data so that it can be analyzed. 5. Analyzing the event data in Performance Monitor. These procedures are examined later in the chapter. While you should develop a monitoring plan in most cases, there are times when you may not want to go through all these steps to monitor your server. For example, you may want to monitor and analyze activity as it happens rather than logging and analyzing the data later. 94

Using Performance Monitor Performance Monitor graphically displays statistics for the set of performance parameters you've selected for display. These performance parameters are referred to as counters. You can also update the available counters when you install services and add-ons on the server. For example, when you configure DNS on a server, Performance Monitor is updated with a set of objects and counters for tracking DNS performance. Performance Monitor creates a graph depicting the various counters you're tracking. The update interval for this graph is completely configurable but by default is set to one second. As you'll see when you work with Performance Monitor, the tracking information is most valuable when you record the information in a log file and when you configure alerts to send messages when certain events occur or when certain thresholds are reached, such as when a the CPU processor time reaches 99 percent. The sections that follow examine key techniques you'll use to work with performance monitor. Choosing Counters to Monitor The Performance Monitor only displays information for counters you're tracking. Dozens of counters are available and as you add services, you'll find there are even more. These counters are organized into groupings called performance objects. For example, all CPU-related counters are associated with the Processor object. To select which counters you want to monitor, complete the following steps: 1. Select the Performance option on the Administrative Tools menu. This displays the Performance console. 2. Select the System Monitor entry in the left pane, shown in Figure 3-11. Figure 3-11: Counters are listed in the lower portion of the Performance Monitor window. 3. Performance Monitor has several different viewing modes. Make sure you're in View Chart display mode by selecting the View Chart button on the Performance Monitor toolbar. 4. To add counters, select the Add button on the Performance Monitor toolbar. This displays the Add Counters dialog box shown in Figure 3-12. The key fields are o Use Local Computer Counters Configure performance options for the local computer. Select Counters From Computer Enter the Universal Naming Convention (UNC) name of the server you want to work with, such as \\ZETA. Or use the selection list to select the server from a list of computers you have access to over the network. o Performance Object Select the type of object you want to work with, such as Processor. Note: The easiest way to learn what you can track is to explore the objects and counters available in the Add Counters dialog box. Select an object in the Performance Object field, click the Explain button, and then scroll through the list of counters for this object. o All Counters Select all counters for the current object. 95

o Select Counters from List Select one or more counters for the current object. For example, you could select % Processor Time and % User Time. All Instances Select all counter instances for monitoring. Select Instances From List Select one or more counter instances to monitor. Figure 3-12: Select counters you want to monitor. Tip Don't try to chart too many counters or counter instances at once. You'll make the display difficult to read and you'll use system resources namely CPU time and memory that may affect server responsiveness. 5. When you've selected all the necessary options, click Add to add the counters to the chart. Then repeat this process, as necessary, to add other performance parameters. 6. Click Done when you're finished adding counters. 7. You can delete counters later by clicking on their entry in the lower portion of the Performance window and then clicking Delete. Using Performance Logs You can use performance logs to track the performance of a server and you can replay them later. As you set out to work with logs, keep in mind that parameters that you track in log files are recorded separately from parameters that you chart in the Performance window. You can configure log files to update counter data automatically or manually. With automatic logging, a snapshot of key parameters is recorded at specific time intervals, such as every 10 seconds. With manual logging, you determine when snapshots are made. Two types of performance logs are available: Counter Logs These logs record performance data on the selected counters when a predetermined update interval has elapsed. Trace Logs These logs record performance data whenever their related events occur. Creating and Managing Performance Logging To create and manage performance logging, complete the following steps: 1. Access the Performance console by selecting the Performance option on the Administrative Tools menu. 2. Expand the Performance Logs and Alerts node by clicking the plus sign (+) next to it. If you want to configure a counter log, select Counter Logs. Otherwise, select Trace Logs. 3. As shown in Figure 3-13, you should see a list of current logs in the right pane (if any). A green log symbol next to the log name indicates logging is active. A red log symbol indicates logging is stopped. 4. You can create a new log by right-clicking in the right pane and selecting New Log Settings from the shortcut menu. A New Log Settings box appears, asking you to give a name to the new log settings. Type a descriptive name here before continuing. 96

Figure 3-13: Current performance logs are listed with summary information 5. To manage an existing log, right-click its entry in the right pane and then select one of the following options: o Start To activate logging. o Stop To halt logging. o Delete To delete the log. o Properties To display the log properties dialog box. Creating Counter Logs Counter logs record performance data on the selected counters at a specific sample interval. For example, you could sample performance data for the CPU every 15 minutes. To create a counter log, complete the following steps: 1. Select Counter Logs in the left pane of the Performance console and then right-click in the right pane to display the shortcut menu. Choose New Log Settings. 2. In the New Log Settings dialog box, type a name for the log, such as System Performance Monitor or Processor Status Monitor. Then click OK. 3. In the General tab, click Add to display the Select Counters dialog box. This dialog box is identical to the Add Counters dialog box shown previously in Figure 3-12. 4. Use the Select Counters dialog box to add counters for logging. Click Close when you're finished. 5. In the Sample Data Every... field, type in a sample interval and select a time unit in seconds, minutes, hours, or days. The sample interval specifies when new data is collected. For example, if you sample every 15 minutes, the log is updated every 15 minutes. 6. Click the Log Files tab, shown in Figure 3-14, and then specify how the log file should be created using the following fields: o Location Sets the folder location for the log file. o File Name Sets the name of the log file. o End File Names With Sets an automatic suffix for each new file created when you run the counter log. Logs can have a numeric suffix or a suffix in a specific date format. o Start Numbering At Sets the first serial number for a log that uses an automatic numeric suffix. o Log File Type Sets the type of log file to create. Use Text File CSV for a log file with comma-separated entries. Use Text File TSV for a log file with tab-separated entries. Use Binary File to create a binary file that can be read by Performance Monitor. Use Binary 97

Circular File to create a binary file that overwrites old data with new data when the file reaches a specified size limit. Figure 3-14: Configure the log file format and usage 7. Tip If you plan to use Performance Monitor to analyze or view the log, use one of the binary file formats. o Comment Sets an optional description of the log, which is displayed in the Comment column. o Maximum Limit Sets no predefined limit on the size of the log file. o Limit Of Sets a specific limit in KB on the size of the log file. 8. Click the Schedule tab, shown in Figure 3-15, and then specify when logging should start and stop. 9. You can configure the logging to start manually or automatically at a specific date. Select the appropriate option and then specify a start date if necessary. Tip Log files can grow in size very quickly. If you plan to log data for an extended period, be sure to place the log file on a drive with lots of free space. Remember, the more frequently you update the log file, the higher the drive space and CPU resource usage on the system. Figure 3-15: Specify when logging starts and stops 10. The log file can be configured to stop o Manually o After a specified period of time, such as seven days o At a specific date and time o When the log file is full (if you've set a specific file size limit) 98

11. Click OK when you've finished setting the logging schedule. The log is then created, and you can manage it as explained in the "Creating and Managing Performance Logging" section of this chapter. Creating Trace Logs Trace logs record performance data whenever events for their source providers occur. A source provider is an application or operating system service that has traceable events. On domain controllers you'll find two source providers: the operating system itself and Active Directory:NetLogon. On other servers, the operating system will probably be the only provider available. To create a trace log, complete the following steps: 1. Select Trace Logs in the left pane of the Performance console and then right-click in the right pane to display the shortcut menu. Choose New, and then select New Log Settings. 2. In the New Log Settings dialog box, type a name for the log, such as Logon Trace or Disk I/O Trace. Then click OK. This opens the dialog box shown in Figure 3-16. 3. If you want to trace operating system events, select the Events Logged By System Provider option button. As shown in Figure 3-16, you can now select system events to trace. Caution: Collecting page faults and file detail events puts a heavy load on the server and causes the log file to grow rapidly. Because of this, you should collect page faults and file details only for a limited amount of time. 4. If you want to trace another provider, select the Nonsystem Providers option button and then click Add. This displays the Add Nonsystem Providers dialog box, which you'll use to select the provider to trace. 5. When you're finished selecting providers and events to trace, click the Log Files tab. You can now configure the trace file as detailed in step 6 of the section of this chapter entitled "Creating Counter Logs." The only change is that the log file types are different. With trace logs, you have two log types: o Sequential Trace File Writes events to the trace log sequentially up to the maximum file size (if any). o Circular Trace File Overwrites old data with new data when the file reaches a specified size limit. Figure 3-16: Use the General tab to select the provider to use in the trace 6. Choose the Schedule tab and then specify when tracing starts and stops. 7. You can configure the logging to start manually or automatically at a specific date. Select the appropriate option and then specify a start date, if necessary. 99

8. You can configure the log file to stop manually, after a specified period of time (such as seven days), at a specific date and time, or when the log file is full (if you've set a specific file size limit). 9. When you've finished setting the logging schedule, click OK. The log is then created and can be managed as explained in the section of this chapter entitled "Creating and Managing Performance Logging." Replaying Performance Logs When you're troubleshooting problems, you'll often want to log performance data over an extended period of time and analyze the data later. To do this, complete the following steps: 1. Configure automatic logging as described in the "Using Performance Logs" section of this chapter. 2. Load the log file in Performance Monitor when you're ready to analyze the data. To do this, select the View Log File Data button on the Performance Monitor toolbar. This displays the Select Log File dialog box. 3. Use the Look In selection list to access the log directory, and then select the log you want to view. Click Open. 4. Counters you've logged are available for charting. Click the Add button on the toolbar and then select the counters you want to display. Configuring Alerts for Performance Counters You can configure alerts to notify you when certain events occur or when certain performance thresholds are reached. You can send these alerts as network messages and as events that are logged in the application event log. You can also configure alerts to start applications and performance logs. To add alerts in Performance Monitor, complete the following steps: 1. Select Alerts in the left pane of the Performance console, and then right-click in the right pane to display the shortcut menu. Choose New Alert Settings. 2. In the New Alert Settings dialog box, type a name for the alert, such as Processor Alert or Disk I/O Alert. Then click OK. This opens the dialog box shown in Figure 3-17. 3. In the General tab, type an optional description of the alert. Then click Add to display the Select Counters To Log dialog box. This dialog box is identical to the Add Counters dialog box shown previously in Figure 3-12. Figure 3-17: Use the Alert dialog box to configure counters that trigger alerts. 4. Use the Select Counters to Log dialog box to add counters that trigger the alert. Click Close when you're finished. 5. In the Counters panel, select the first counter and then use the Alert When the Value Is... field to set the occasion when an alert for this counter is triggered. Alerts can be triggered when the counter is 100

over or under a specific value. Select Over or under, and then set the trigger value. The unit of measurement is whatever makes sense for the currently selected counter(s). For example, to alert if processor time is over 98 percent, you would select over and then type 98 as the limit. Repeat this process to configure other counters you've selected. 6. In the Sample Data Every... field, type in a sample interval and select a time unit in seconds, minutes, hours, or days. The sample interval specifies when new data is collected. For example, if you sample every 10 minutes, the log is updated every 10 minutes. Caution: Don't sample too frequently. You'll use system resources and may cause the server to seem unresponsive to user requests. 7. Select the Action tab, shown in Figure 3-18. You can now specify any of the following actions to happen when an alert is triggered: o Log An Entry In The Application Event Log Creates log entries for alerts. o Send A Network Message To Sends a network message to the computer specified. o Run This Program Sets the complete file path of a program or script to run when the alert occurs. o Start Performance Data Log Sets a counter log to start when an alert occurs. Tip You can run any type of executable file, including batch scripts with the.bat or.cmd extension and Windows scripts with the.vb,.js,.pl, or.wsc extension. To pass arguments to a script or application, use the options of the Command Line Arguments panel. Normally, arguments are passed as individual strings. However, if you select Single Argument String, the arguments are passed in a comma-separated list within a single string. The Example Command Line Arguments list at the bottom of the tab shows how the arguments would be passed. 8. Choose the Schedule tab and then specify when alerting starts and stops. For example, you could configure the alerts to start on a Friday evening and stop on Monday morning. Then each time an alert occurs during this period, the specified action(s) are executed. Figure 3-18: Set actions that are executed when the alert occurs 9. You can configure alerts to start manually or automatically at a specific date. Select the appropriate option and then specify a start date, if necessary. 10. You can configure alerts to stop manually, after a specified period of time, such as seven days, or at a specific date and time. 11. When you've finished setting the alert schedule, click OK. The alert is then created, and you can manage it in much the same way that you manage counter and trace logs. 101