- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Dec 10, 2001 (Vol. 6, #94 - Issue #329)
It's Deal Time
  This issue of W2Knews™ contains:
    • It's Deal Time
    • Defragmenting Raid Arrays - Why You Really Need It
    • MS Ships Exchange 2000 Service Pack 2
    • eEye Announces New SecureIIS Version 1.2.3
    • Shavlik releases HfNetChkPro With New Powerful GUI
    • Prevent Hard Disk Crashes - Special Extended
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Hacking Exposed Third Edition
Need to get up to speed on the most compelling and functional
solutions for your Windows-centric enterprise? Don't miss our
free one-hour Webcast, "Managing the Enterprise." You'll hear
how Microsoft and NetIQ are collaborating to create manageability
solutions that ensure your servers, OS and applications are up
and running at peak performance. Register now!
Visit NetIQ for more information.

It's Deal Time

IT vendors have had a rough year. Their Q4 is usually the best, but this time around it is a bit soft. If you have some budget left, now is the time to ask for specials, discounts or goodies thrown in to make the deal go through. You'll be surprised to find how far they are willing to go to make a sale. So this is my advice, spend those budget dollars now. It's the best time to get the stuff you need!

Warm regards,

Stu Sjouwerman (email me with feedback: fee[email protected])

Security vulnerabilities such as the Code Red worm and other intrusions
will never die, but are easily avoided if the latest security updates
are identified and deployed with UpdateEXPERT. Supporting Windows NT/
2000/XP and a long list of mission critical applications, UpdateEXPERT
secures your systems by deploying service packs and hotfixes. Research,
inventory, deploy and validate your updates! Download your eval here:
Visit UpdateEXPERT for more information.

Defragmenting Raid Arrays - Why You Really Need It

Fragmentation on RAID is an intricate topic. Because the purpose of RAID is to offer redundancy, as well as improved disk performance by splitting the I/O load, it is a common misconception that fragmentation does not have a negative impact.

However, RAID does suffer from fragmentation, just as any single physical disk does. And this is attributed to the difference in the "logical" allocation of files versus their "physical" allocation. The file system driver handles the logical location (what the OS sees), in this case we're talking about ntfs.sys. The actual writing is then passed to the fault tolerant device driver (hardware or software, it makes no difference), which then, according to its procedures, handles the placement of files and generating parity information, and then passes the data to the disk device driver.

In this article I am assuming you already have a good grasp of the various RAID formats, and I won't detail them.

Stripe sets are created, in part, for performance reasons. Access to the data on a stripe set is usually faster than access to the same data would be on a single disk, because the I/O load is spread across more than one disk. Therefore, Windows NT can be doing seeks on more than one disk at the same time, and can even have simultaneous reads or writes occurring.

Stripe sets work well in the following environments:

  1. When users need rapid access to large databases or other data structures.
  2. Storing program images, DLLs or run-time libraries for rapid loading.
  3. Applications using asynchronous multi-threaded I/O's.
Stripe sets are not well suited in the following situations:
  1. When programs make requests for small amounts of sequentially located data. For example, if a program requests 8K at a time, it might take eight separate I/O requests to read or write all the data in a 64K strip, which is not a very good use of this storage mechanism.
  2. When programs make synchronous random requests for small amounts of data. This causes I/O bottlenecks because each request requires a separate seek operation. 16-bit single-threaded programs are very prone to this problem.
It is quite obvious that RAID can exploit a well written application that can take advantage of asynchronous multi-threaded I/O techniques. Physical members in the RAID environment are not read or written to directly by an application. Even the Windows NT file system sees it as one single "virtual" drive. This virtual drive has logical cluster numbering just like any other partition supported under Windows NT.

As an application reads and writes to this virtual environment (creating new files, extending existing ones, as well as deleting others) the files become fragmented. Because of this fact, fragmentation on this virtual drive WILL HAVE a substantial negative performance effect. When an I/O request is processed by the file system, there are a number of attributes that must be checked which cost valuable system time.

If an application has to issue multiple "unnecessary" I/O requests, as in the case of fragmentation, not only is the processor kept busier than needed, but once the I/O request has been issued, the RAID hardware/software must process it and determine which physical member to direct the I/O request. Multiple I/O's at this level will result in multiple head movements of the disks in the array. In fact, this fragmentation can negate any and all benefits of having RAID in the first place as these unnecessary fragmented I/O requests take up extra bandwidth causing the RAID to be less and less effective.

So the question now becomes how does a defragmenter affect this? The defragmenter sees the RAID environment just as the file system does. That is, Diskeeper defragments the "virtual" drive. Diskeeper improves the speed and performance of a RAID environment by eliminating these wasteful and unnecessary I/Os from being issued by the file system. This occurs because the file system sees the files and free space as being more contiguous.

The file system will spend less time checking file attributes which means more processor time can be dedicated to doing real useful work for the user/application. In addition, these I/O requests are now much more likely to fill the entire 64K chunk (RAID stripe) size with the I/O now taking full advantage of the RAID. Next I will use an example to explain the technical information above.

As we just covered, if a given file is fragmented on the logical/virtual drive, requesting that file requires the OS to use additional I/O's for every separate fragment. These I/O requests are passed to the physical disk.

Let's take an example of an Excel spreadsheet in 100 pieces. A single physical disk would now have to perform 100 disk I/O's to retrieve it (plus some additional overhead I/O's such as reading the file record, reading in directories, etc...). Well, what if that "physical disk" was actually a stripe set of 5 disks (for simplicities sake I'll use RAID 0). The Raid controller receives the I/O's and intersperses them equally between the disks (1/5th of the file across the disks). If I was explaining RAID 5, one of the disks in each "stripe" would be reserved for parity information. Now each physical disk in our array has to do 20 I/O's to retrieve the file. Not as bad as 100 but still 20.

Now how a defragmenter affects this: Let's first go back to that individual disk. Diskeeper has defragged the "logical file" to one piece. Accessing that file now takes 1 disk I/O. Expanding that to our 5 disk RAID set: the controller intercepts the I/O and intersperses it equally across the array. Now, each physical disk has again 1/5th of the file to retrieve, but must only perform 1 disk I/O, instead of 20!

A defragmenter (at least those that use the API's) never concern themselves with the physical storage architectures underneath it, nor does the file system. RAID controllers and device drivers are responsible for this. Whether you are using striping with parity, mirroring or combinations of RAID, makes no difference. Diskeeper never forces files to a particular physical disk location. This is again, the job of the driver. By: Michael Materie, Systems Engineer, MCSE, CCNA, A+, I-NET+ and Howard Butler, Senior Systems Engineer, Executive Software. To test the latest Diskeeper V7.0 on your RAID sets, click here:


MS Ships Exchange 2000 Service Pack 2

This SP2 improves the mobile client features and enhances Outlook Web Access (OWA), which is getting more and more popular in large organizations. The SP2 also has management and migration features, and includes all the upgrades from Service Pack 1. A more in depth article is over here at Network World:

And you can get your hands on it over here:


eEye Announces New SecureIIS Version 1.2.3

This latest version incorporates numerous bug fixes, improvements to the help file and user manual, and a few new features as requested by some of our users. Download this new version of SecureIIS on the following page:

You may be required to login using your eEye issued username and password. If you have misplaced your account information, you can request a copy by submitting your email address on the same page as the login.

What's new in SecureIIS v1.2.3?

  • Improved support for Outlook Web Access
  • Improved support for FrontPage Server Extensions.
  • Improved help file and user manual.
  • Added the ability to disable logging of 404 errors.
  • Added a separate HTML error file for 404 errors.
  • Fixed: Hotkeys and general application UI.
Want to try it out as an eval? Here is the link:

Shavlik releases HfNetChkPro With New Powerful GUI

Shavlik Technologies has released its next generation Microsoft hot fix inspection UI built on Shavlik's widely used HfNetChkPro technologies. This advanced user interface combines the power of HfNetchk, the benefits of an open relational database with the ability to scan specific machine types such as IIS and SQL, full reporting that can be easily customized by end users to create a great product to help customers manage the patch security of their enterprise.

Knowing which system has which patch is nearly impossible with out a tool like HfNetChkPro, and with HfNetChkPro's new UI the task gets easier and more efficient. HfNetChkPro's new UI includes a set of configurations screens designed to help users easily find the machines they need to secure. For example, if a user wants to scan all the IIS systems on their network to see if a specific patch is properly installed they can quickly configure the UI, run the scan and review the results within a short period of time. Another user may want to scan an IP range to see how well their systems are patched, another may which to import a list of machines names to scan, all of these activities are supported by HfNetChkPro.

HfNetChkPro also stores a complete scan history and provides the ability to search for patch information after a scan is complete to avoid excessive network traffic and re-scanning. This history can also be used to show patch management progress in the enterprise, providing a great security knowledge management tool.

HfNetChkPro also provides the industries only real-time Microsoft security patch management system making it key to computer and network security. As soon as Microsoft issues a patch HfNetChkPro is up to date. All users need to do is run a new scan.

New Features:

  • Full Relational Database support on both the User Interface and the command line version to create powerful, large scale, solutions
  • Extensive, customizable reporting to quickly find key problems based on your exact needs
  • Powerful, easy to use User Interface with one touch scanning to allow quick and powerful scans
  • Specific product selection to scan such as Server Only, Workstation Only and others to optimize searches
  • Specific machine selection such as IIS Only, SQL Only, Dial-In Server Only and many others
  • Ability to combined machine selection to allow support for things like IIS and SQL only
  • Search for specific patch, and patches, allowing you to find exact problems without having to dig through pages of data
  • Search for specific machines, domains, IP ranges
  • User defined file input in both User Interface version and command line version to allow for easy data import
  • Supports complete scan history for tracking of progress and to monitor changes
To see all these goodies, try clicking on this link:

Prevent Hard Disk Crashes - Special Extended

PC Week recently wrote: "One of the most costly IT headaches occurs when a hard drive crashes. The downtime and lost data can be catastrophic for the employee; getting a system up and running can be a time sink for the technician. DiskAlert watches for subtle signs of an impending disk failure and warns you before it's too late".

DiskAlert is new software from Executive Software that monitors your system's hard drives for problems and alerts you and/or your staff by e-mail, pager, phone and screen popup. DiskAlert runs NT, W2K and XP.

You can install a third module called the DiskAlert Assistant, on boxes you specifically select, so your staff can also monitor and check up on any alerts, but only the Administrator console allows you to change or add drives to be monitored and configure your alert settings. Once you install it, DiskAlert Agents runs invisibly on your servers, monitoring disk drives and watching for potential problems. When a red flag gets raised, the Agent sends a message to the Administrator, which in turn sends out the various alerts you've set up to you and your staff.

DiskAlert works with all SCSI and IDE drives, all software RAID and currently supports RAID controllers from Adaptec, AMI Mega RAID and Compaq, with support for more controllers being added all the time.

They have a 2-for-1 special that was extended through the end of the year, Get 2 licenses (usually $99.95) for the price of 1 ($49.95) with immediate electronic delivery of full product.


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Cache/RamDisks can unlock your servers true performance potential. Examples here:
  • Register at availability.com and get FREE Availability Research
  • The TweakXP site has good hints and tips both hard- and software
  • Ohboy ohboy ohboy! [drool] Can I get one of these 50 inch Plasma screens?

    Hacking Exposed Third Edition

    The updated content includes a new tools CD-ROM that includes security software cited in the book and fully updated coverage of hacks and countermeasures for the latest technologies like 802.11 Wireless networking, Windows XP, and Windows.NET Sever. Of course, the great content that pushed HE to the top of best seller lists is still there and completely updated: late-breaking information on the newest Windows, UNIX, Linux, and NetWare hacks and countermeasures in the tried-and- true Hacking Exposed format, updated content on Web attacks (including the newest IIS 5 vulnerabilities like Code Red), new techniques used by today's hacker to pinpoint potential targets via ping sweeps, TCP/UDP scans, traceroutes, whois queries, and zone transfers; an updated remote access chapter covering analog dial-up, VPN, as well as the latest known security holes associated with software like Timbuktu, pcAnywhere, ControlIT, and ReachOut; and much more. It's 35 bucks at Amazon and reads like a spy novel. Recommended!