Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 12, 2001 (Vol. 6, #16 - Issue #251)
Fix Them Holes
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- How We Implemented W2K With NLB and Double-Take Replication
- NT/2000 RELATED NEWS
- YES, You Can Get Your Hands On The W2K Source Code!
- First Results Of Feb 2001 GIGA/Sunbelt W2K Survey
- The Things You Have to TELL People #2 (Humor)
- NT/2000 THIRD PARTY NEWS
- Get Ready For 'Heavy Traffic' Cell-Phone Support
- Fix Them Holes: For Security's Sake!
- Why Buy Diskeeper When There's a Defragmenter In W2K?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Designing Security for a Windows 2000 Network
IT DEPARTMENT UNDERSTAFFED & OVER-WORKED?
Let SuperScout lighten the load. Eliminate bandwidth problems and
strengthen security measures with Internet filtering from
SurfControl. Their innovative use of non-evasive packet sniffing
technology monitors, reports, blocks and manages all TCP/IP
protocols - so your IT staff can concentrate on more important
matters. Download SuperScout FREE for 30-Days:
Visit SurfControl for more information.
Your Own W2Knews Profile
To begin with, a reminder: in the next few weeks you'll get an
invitation to have W2Knews at all times in HTML or in TXT, once we
get your new profile on-line. This allows you to opt-in to the
way YOU want it. I'll repeat this reminder a couple more times
so you will remember to actually *do* it [grin]
When I'm done with this newsletter, I'm going to correct the proofs
of our third book that will come out in a few months published by
New Riders: "Windows 2000 Power Toolkit" It's getting toward the
end and looking pretty good.
I'm also very pleased to announce the results of the large Feb
2001 GIGA/Sunbelt Windows 2000 Survey. Great results. Just keep
on reading. Lots of stuff happening, let's get to work!
(email me with feedback: [email protected])
Reduce Backup Times by up to 50% with Alacritech Server Adapter
Alacritech's innovative server adapters can help you reduce nightly
backup times by up to 50% while reducing capital costs on your
server infrastructure. One customer estimates their organization
saves over $100,000 per year by using Alacritech server adapters
to accelerate servers, networks and applications. To learn more,
Visit Alacritech for more information.
How We Implemented W2K With NLB and Double-Take Replication
I was sent many request for more technical information after I
talked about our successful upgrade of our webservers from NT to
W2K using Double-Take for replication and W2K's built-in NLB. So
I asked for a write-up by the Techs that did the implementation,
Greg Kras and Frank Consoli of our Florida office. Here's their
"Existing old Server Environment: A Dell dual Pentium Pro 200 with
256megs of RAM and a single Intergraph Pentium Pro 200 with 128megs
of RAM. Both machines run NT Server 4.0, SP6, IIS4, ColdFusion, WLBS,
and Double-Take. There were about 10 different web sites on these 2
WLBS-clustered servers apart from the sunbelt-software site. Stu
has some remarkable friends with off-the-beaten-path hobbies like
the http://www.barkcanoe.com site we host just for the fun of it.
WLBS (Windows Load Balancing Service, which was renamed Network Load
Balancing for W2K) provided the load balancing and fault tolerance
for the old sites while Double-Take replicated all web site updates
to the second server and our co-located web site in Texas. The 2
servers used ColdFusion to talk to back-end SQL7.0 databases on a
So, how did we get from NT to W2K?
Preparation: Installed and configured W2K Advanced Server on the
2 new Dell web servers. During install I used new server names and
different I.P. addresses so that they could coexist on the network
with the old servers. I then proceeded to apply service packs,
ColdFusion, NLB, Double-Take, etc. on both servers. I then manually
configured the web sites on one of the nodes to match the existing
I first attempted several IIS metabase replication/migration tools
but ran into problems, mostly due to the difference in IIS version.
Since there were only 10 sites and they were in need of some spring
cleaning doing them manually wasn't a bad thing. Once one of the
servers had all the IIS information configured I used the "iissync"
utility to mirror the configs to the other server. Nice little tool,
it can be found in system32/inetsrv. Following that I pretty much
rounded out the servers with minor tweaks and configs until I felt
comfortable with their stability and functionality.
Implementation: The very first step when I actually started to put
these machines into production was to use Double-Take to mirror the
existing web site data to one of the new servers. After this was
completed, 15 minutes or so, I took one of the old servers offline
by unplugging it from the network while leaving the other old server
I then took the new server with all the web information and renamed
it to the same name as the old server, gave it the correct I.P.
addresses, set NLB to not start automatically, and rebooted it.
When it came online I gave it a quick test or two and then unplugged
the other old server from the network at the same time as I enabled
NLB on the new server. After about 5-10 minutes I had worked out all
the bugs the reared up such as a wrong password on a DSN, missing
a document type in IIS, and a few other small items.
Next I used Double-Take to replicate from this new server to the other
new server, much faster going between the 2 new servers. Once this
completed I renamed and changed the I.P. addresses on this second
server. About and hour or two of poking around to make sure everything
was fine and the project was done. During the entire project the web
site was only completely down for about 3-5 minutes and partially
down for maybe 15.
If you want to create a fault-tolerant web-cluster yourself and need
to deploy W2K using NLB, and use Double-Take for replication between
the two (or more) nodes we'll be happy to help you. Email us at this
[email protected] and we'll get you set up. Oh,
and if you go to http://www.netcraft.com and enter
http://www.sunbelt-software.com into their "What's
That Site Running?" you'll see the result of our work..."
NT/2000 RELATED NEWS
YES, You Can Get Your Hands On The W2K Source Code!
Not so fast, not so fast, there are some prerequisites [grin]. Both
ZDNet and Client Server News 2000 reported this week that Microsoft
has been handing out copies to large W2K users. It's been piloted
for 6 months and will now be rolled out to hundreds of other high-end
users. These select companies have to sign their life away and
promise they will not modify any code. The only thing they *can* do
is insert debugging breakpoints into the Windows code to debug their
apps. Having the source code certainly helps to understand how Windows
works and how to make your own code work with it.
They have to promise there will be no code added, or slip out of their
control. Why is Microsoft doing this? Well, not many people know, but
the Fortune 1000 has been getting this kind of service from traditional
hardware and software vendors for decades. Digital Equipment's VMS OS
was licensed to customers this way in the eighties for example. It so
happens that NT/W2K's spiritual father Dave Cutler was Digital's Chief
VMS Software Architect. IBM has been doing this with their MVS as well.
In other words, if you want to break into the High-End, you need to
provide this kind of service. MS is making clear that this is no Open
Source initiative, no one is allowed to change code. The program is
called the ESLP (Enterprise Source License Program) And this kind of
program does not stand alone either. MS has been giving a license to
Win-sources to roughly 100 academic and research institutions as well.
And guess what? You can now also start applying to get your hot little
hands on these sources. But there are some prerequisites: You have to
have at least 1,500 Win2K licenses and you need to be signed up for
either the MS Upgrade Advantage program or its Enterprise Agreement.
You get W2K Pro, Server, AS and Datacenter, plus all SP's and WXP.
Looks like the roll-out will be USA first, and EU a bit later this
year. Best to ping your MS-rep on this one! Here's the article:
First Results Of Feb 2001 GIGA/Sunbelt W2K Survey
Many of you participated in the major Windows 2000 Survey we did with
GIGA last Feb. Three different research results have come out of this
very extensive survey. One of these is the 1-year Report Card on W2K.
We will have the full reports (GIGA calls these 'Planning Assumption')
on-line the coming week. But here is a sneak preview of the first two:
"After one year of deployment in production networks, an overwhelming
majority of corporate customers give Windows 2000 Professional and
Windows 2000 Server an "A" for Reliability.
"Among corporate accounts that have already deployed Windows 2000,
the platform improved its reliability rating by a full 10 percent in
the 13 months since its release. Early configuration and deployment
problems had more to do with the lack of user proficiency with the
new environment, than with any inherent reliability flaws in the core
Windows 2000 operating system code. Windows 2000 Professional and
Server have been remarkably free of any of the show-stopping bugs
that plagued prior 1.0 releases of Windows desktop and server
"There are certainly other issues and mitigating factors that can
arise and adversely impact an organization's decision to migrate
to Windows 2000 Professional and Server - but reliability will not
be one of them. Microsoft has at last delivered a rock-solid desktop,
laptop and server operating system.
"Windows 2000 Professional deployments are picking up speed as
corporations move quickly to retire the Windows 9x desktop operating
system. The timetable to deploy Windows 2000 Server is an entirely
different story, however. The tale of Windows 2000 Server can best
be summed up as a tug of war between quality and complexity. Thus
far, complexity is winning.
"To date, only about 30 percent of organizations have begun migrating
to Windows 2000 Server in earnest. Windows 2000 Professional upgrades
are proceeding at a much more respectable pace - with 45 percent of
organizations either having completed or in the midst of a migration,
according to the results of the latest joint Giga/Sunbelt Software,
Inc. survey of over 1,200 IT professionals worldwide.
"The chief culprits in the measured Windows 2000 Server migrations
are complexity; a paucity of skilled IT staff (both within organizations
and at systems integrators and outsourcers) and the sheer magnitude
of other network upgrade projects desktop and server hardware, software,
licensing, security and network infrastructure) that must be done in
advance of a Windows 2000 migration. All of these issues are likely
to persist for the foreseeable future. The trend of cautious, measured
Windows 2000 Server deployments will over the next 12 to 18 months.
FIRST YEAR REPORT CARD|
Windows 2000 Professional & Server
|Active Directory/DNS design:
(not entirely in MS control)|
A lot more detail will come available on both the website of GIGA
and Sunbelt. Giga Analysts: Laura Didio and Norbert Kriebel.
The Things You Have to TELL People #2 (Humor)
And here is another Knowledge Base entry. This time coming out of
the Compaq KB. Just as much a riot as the last one.
THIRD PARTY NEWS
Get Ready For 'Heavy Traffic' Cell-Phone Support
If you have ever found yourself juggling a pager, cellphone and a
Palm Pilot trying to look up phone numbers, dialing them and at
the same time consult your calendar you know what I'm talking about.
Well, I just saw the new Kyocera's Smartphone that has a FULL Palm
Pilot built into it. Looks just like a normal medium size cell phone.
But if you open up the hinged keypad, a whole actual Palm window
This $499 marriage between a phone and a PDA is going to be a hit.
You yourself, your IT managers and high-end execs are all going to
want one of these, despite the fact the screen is a bit smaller and
the font is slightly more difficult to read.
This thing is going to sell like hotcakes and everybody and their
brother will want to synch it up with Outlook. There's the first wave
of IT helpdesk and support problems lurking. The thing's got web
access, email, and all kinds of applications that they will load in.
This Smartphone has all the features of a modern cell phone, like
speed dialing, voice dialing and a speaker phone.
I just bought the Sprint TP3000 as a Christmas present for myself,
and now I wish I hadn't. The Kyocera Smartphone is the first
actual really successful merger between a phone and a PDA. Microsoft
is going to have a heck of a time competing against this thing with
their coming 'stinger' phone that promises much of the same.
Fix Them Holes: For Security's Sake!
You probably have all seen the W2KnewsFLASH that I pumped out on a
rush basis on Thursday. Well, it's really a wake-up call. Some
Russians have made it a business out of hacking and extorting
companies. The sad part is that what they use is really an automated
scan for known holes in NT. Some of these have been known for years.
Some people on the NTSYSADMIN list compared it to companies loudly
complaining about burglaries while they had none of their doors locked.
Andrew Baker said: It's like watching BOTH of your neighbor's houses
getting broken into and thinking to yourself: "Maybe I should get
an alarm... Nah, I don't have anything a burglar would want"
The message is clear. You simply -have- to apply the hotfixes on
both NT and W2K. I have been warning about this for y e a r s. It's
not really surprising that a few Russki 'entrepreneurs' have taken
the opportunity. You guys need to make this a regular cycle, once
a week apply the hotfixes all over your domains. I picked up a tool
for this three years ago as I could simply see this coming.
Apart from vulnerability scanners, here is a -really- useful little
tool that is cheap, does what you need it to, and is extremely easy
to implement: SPQuery. Scans your domain, reports on missing fixes,
and implements them for you. Integrated with the MS-websites. Easy
as pie. Fail to use it and the Russki's come a-knockin' [grin].
But...don't tell me I did not warn you. This kind of utility is one
of these tools you cannot afford NOT to use. Download SPQuery here:
The InfoWorld Article:
The Microsoft site where they have combined the patches in a single
location. Punch up this link and find out which vulnerabilities are
the exact culprits this time around:
Why Buy Diskeeper When There's a Defragmenter In W2K?
Well, let's have a look at what Microsoft states:
"Disk Defragmenter was designed primarily for stand-alone workstations
or servers (.) Disk Defragmenter is not intended to be a tool for
administrators to maintain networked workstations. This version is
not designed to be run remotely and cannot be scheduled to automatically
defragment a volume". From: Microsoft Knowledgebase Article ID: #Q231176
"The version included with Windows 2000 provides limited functionality
in maintaining disk performance by defragmenting volumes that use
the FAT, FAT32, or NTFS file system. MS KB #Q227463
OK, well if they say so themselves, better run Diskeeper on systems
that make a mess of their hard disks:
This Week's Links We Like. Tips, Hints And Fun Stuff
Instant Exchange, NoFail Email! Attend Marathon Webinar for details
A great page from a consultant in Sweden: Which Trojans use what port?
Good article on how to catch hackers using Honeypots
PRODUCT OF THE WEEK
Designing Security for a Windows 2000 Network
Exam 70-220, Designing Security for a Windows 2000 Network tests
the skills required to analyze the business requirements for security
and design a security solution that meets business requirements.
Security includes controlling access to resources, auditing access
to resources, authentication, and encryption. Ideal for you, professionals
looking for comprehensive self-study materials to get you through the
exam successfully. Years of publishing in this category has shown us
that the most asked-for type of study information comes in the
comprehensive, study-at-your-own-pace package. New Riders Training
Guides, with their objective coverage, emphasis on hands-on knowledge,
and practice exams, are an ideal tool for this audience. Thirty six
bucks in the Sunbelt Bookclub (add S&H)