Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Dec 10, 2001 (Vol. 6, #94 - Issue #329)
It's Deal Time
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- Defragmenting Raid Arrays - Why You Really Need It
- NT/2000 RELATED NEWS
- MS Ships Exchange 2000 Service Pack 2
- NT/2000 THIRD PARTY NEWS
- eEye Announces New SecureIIS Version 1.2.3
- Shavlik releases HfNetChkPro With New Powerful GUI
- Prevent Hard Disk Crashes - Special Extended
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hacking Exposed Third Edition
FREE MANAGEABILITY WEBCAST FROM MICROSOFT AND NETIQ
Need to get up to speed on the most compelling and functional
solutions for your Windows-centric enterprise? Don't miss our
free one-hour Webcast, "Managing the Enterprise." You'll hear
how Microsoft and NetIQ are collaborating to create manageability
solutions that ensure your servers, OS and applications are up
and running at peak performance. Register now!
Visit NetIQ for more information.
It's Deal Time
IT vendors have had a rough year. Their Q4 is usually the best, but
this time around it is a bit soft. If you have some budget left, now
is the time to ask for specials, discounts or goodies thrown in to
make the deal go through. You'll be surprised to find how far they
are willing to go to make a sale. So this is my advice, spend those
budget dollars now. It's the best time to get the stuff you need!
(email me with feedback: fee[email protected])
NO TIME TO KEEP UP WITH HOTFIXES?
Security vulnerabilities such as the Code Red worm and other intrusions
will never die, but are easily avoided if the latest security updates
are identified and deployed with UpdateEXPERT. Supporting Windows NT/
2000/XP and a long list of mission critical applications, UpdateEXPERT
secures your systems by deploying service packs and hotfixes. Research,
inventory, deploy and validate your updates! Download your eval here:
Visit UpdateEXPERT for more information.
Defragmenting Raid Arrays - Why You Really Need It
Fragmentation on RAID is an intricate topic. Because the purpose of
RAID is to offer redundancy, as well as improved disk performance
by splitting the I/O load, it is a common misconception that
fragmentation does not have a negative impact.
However, RAID does suffer from fragmentation, just as any single
physical disk does. And this is attributed to the difference in
the "logical" allocation of files versus their "physical" allocation.
The file system driver handles the logical location (what the OS sees),
in this case we're talking about ntfs.sys. The actual writing is then
passed to the fault tolerant device driver (hardware or software, it
makes no difference), which then, according to its procedures, handles
the placement of files and generating parity information, and then
passes the data to the disk device driver.
In this article I am assuming you already have a good grasp of the
various RAID formats, and I won't detail them.
Stripe sets are created, in part, for performance reasons. Access
to the data on a stripe set is usually faster than access to the
same data would be on a single disk, because the I/O load is spread
across more than one disk. Therefore, Windows NT can be doing seeks
on more than one disk at the same time, and can even have simultaneous
reads or writes occurring.
Stripe sets work well in the following environments:
Stripe sets are not well suited in the following situations:
- When users need rapid access to large databases or other data
- Storing program images, DLLs or run-time libraries for rapid
- Applications using asynchronous multi-threaded I/O's.
It is quite obvious that RAID can exploit a well written application
that can take advantage of asynchronous multi-threaded I/O techniques.
Physical members in the RAID environment are not read or written to
directly by an application. Even the Windows NT file system sees it
as one single "virtual" drive. This virtual drive has logical
cluster numbering just like any other partition supported under
- When programs make requests for small amounts of sequentially
located data. For example, if a program requests 8K at a time, it
might take eight separate I/O requests to read or write all the data
in a 64K strip, which is not a very good use of this storage
- When programs make synchronous random requests for small amounts
of data. This causes I/O bottlenecks because each request requires
a separate seek operation. 16-bit single-threaded programs are very
prone to this problem.
As an application reads and writes to this virtual environment
(creating new files, extending existing ones, as well as deleting
others) the files become fragmented. Because of this fact,
fragmentation on this virtual drive WILL HAVE a substantial
negative performance effect. When an I/O request is processed by
the file system, there are a number of attributes that must be checked
which cost valuable system time.
If an application has to issue multiple "unnecessary" I/O requests,
as in the case of fragmentation, not only is the processor kept
busier than needed, but once the I/O request has been issued, the
RAID hardware/software must process it and determine which physical
member to direct the I/O request. Multiple I/O's at this level will
result in multiple head movements of the disks in the array. In fact,
this fragmentation can negate any and all benefits of having RAID
in the first place as these unnecessary fragmented I/O requests take
up extra bandwidth causing the RAID to be less and less effective.
So the question now becomes how does a defragmenter affect this? The
defragmenter sees the RAID environment just as the file system does.
That is, Diskeeper defragments the "virtual" drive. Diskeeper improves
the speed and performance of a RAID environment by eliminating these
wasteful and unnecessary I/Os from being issued by the file system.
This occurs because the file system sees the files and free space as
being more contiguous.
The file system will spend less time checking file attributes which
means more processor time can be dedicated to doing real useful work
for the user/application. In addition, these I/O requests are now much
more likely to fill the entire 64K chunk (RAID stripe) size with the
I/O now taking full advantage of the RAID. Next I will use an example
to explain the technical information above.
As we just covered, if a given file is fragmented on the logical/virtual
drive, requesting that file requires the OS to use additional I/O's
for every separate fragment. These I/O requests are passed to the
Let's take an example of an Excel spreadsheet in 100 pieces. A single
physical disk would now have to perform 100 disk I/O's to retrieve
it (plus some additional overhead I/O's such as reading the file
record, reading in directories, etc...). Well, what if that "physical
disk" was actually a stripe set of 5 disks (for simplicities sake I'll
use RAID 0). The Raid controller receives the I/O's and intersperses
them equally between the disks (1/5th of the file across the disks).
If I was explaining RAID 5, one of the disks in each "stripe" would
be reserved for parity information. Now each physical disk in our
array has to do 20 I/O's to retrieve the file. Not as bad as 100
but still 20.
Now how a defragmenter affects this: Let's first go back to that
individual disk. Diskeeper has defragged the "logical file" to one
piece. Accessing that file now takes 1 disk I/O. Expanding that to
our 5 disk RAID set: the controller intercepts the I/O and intersperses
it equally across the array. Now, each physical disk has again 1/5th
of the file to retrieve, but must only perform 1 disk I/O, instead
A defragmenter (at least those that use the API's) never concern
themselves with the physical storage architectures underneath it,
nor does the file system. RAID controllers and device drivers are
responsible for this. Whether you are using striping with parity,
mirroring or combinations of RAID, makes no difference. Diskeeper
never forces files to a particular physical disk location. This
is again, the job of the driver.
By: Michael Materie, Systems Engineer, MCSE, CCNA, A+, I-NET+
and Howard Butler, Senior Systems Engineer, Executive Software.
To test the latest Diskeeper V7.0 on your RAID sets, click here:
NT/2000 RELATED NEWS
MS Ships Exchange 2000 Service Pack 2
This SP2 improves the mobile client features and enhances Outlook
Web Access (OWA), which is getting more and more popular in large
organizations. The SP2 also has management and migration features,
and includes all the upgrades from Service Pack 1. A more in depth
article is over here at Network World:
And you can get your hands on it over here:
THIRD PARTY NEWS
eEye Announces New SecureIIS Version 1.2.3
This latest version incorporates numerous bug fixes, improvements to
the help file and user manual, and a few new features as requested
by some of our users. Download this new version of SecureIIS on the
You may be required to login using your eEye issued username and
password. If you have misplaced your account information, you can
request a copy by submitting your email address on the same page
as the login.
What's new in SecureIIS v1.2.3?
Want to try it out as an eval? Here is the link:
- Improved support for Outlook Web Access
- Improved support for FrontPage Server Extensions.
- Improved help file and user manual.
- Added the ability to disable logging of 404 errors.
- Added a separate HTML error file for 404 errors.
- Fixed: Hotkeys and general application UI.
Shavlik releases HfNetChkPro With New Powerful GUI
Shavlik Technologies has released its next generation Microsoft
hot fix inspection UI built on Shavlik's widely used HfNetChkPro
technologies. This advanced user interface combines the power of
HfNetchk, the benefits of an open relational database with the
ability to scan specific machine types such as IIS and SQL, full
reporting that can be easily customized by end users to create a
great product to help customers manage the patch security of their
Knowing which system has which patch is nearly impossible with out
a tool like HfNetChkPro, and with HfNetChkPro's new UI the task gets
easier and more efficient. HfNetChkPro's new UI includes a set of
configurations screens designed to help users easily find the
machines they need to secure. For example, if a user wants to scan
all the IIS systems on their network to see if a specific patch is
properly installed they can quickly configure the UI, run the scan
and review the results within a short period of time. Another user
may want to scan an IP range to see how well their systems are
patched, another may which to import a list of machines names to
scan, all of these activities are supported by HfNetChkPro.
HfNetChkPro also stores a complete scan history and provides the
ability to search for patch information after a scan is complete
to avoid excessive network traffic and re-scanning. This history
can also be used to show patch management progress in the enterprise,
providing a great security knowledge management tool.
HfNetChkPro also provides the industries only real-time Microsoft
security patch management system making it key to computer and
network security. As soon as Microsoft issues a patch HfNetChkPro
is up to date. All users need to do is run a new scan.
To see all these goodies, try clicking on this link:
- Full Relational Database support on both the User Interface and
the command line version to create powerful, large scale, solutions
- Extensive, customizable reporting to quickly find key problems
based on your exact needs
- Powerful, easy to use User Interface with one touch scanning to
allow quick and powerful scans
- Specific product selection to scan such as Server Only, Workstation
Only and others to optimize searches
- Specific machine selection such as IIS Only, SQL Only, Dial-In
Server Only and many others
- Ability to combined machine selection to allow support for things
like IIS and SQL only
- Search for specific patch, and patches, allowing you to find exact
problems without having to dig through pages of data
- Search for specific machines, domains, IP ranges
- User defined file input in both User Interface version and command
line version to allow for easy data import
- Supports complete scan history for tracking of progress and to
Prevent Hard Disk Crashes - Special Extended
PC Week recently wrote: "One of the most costly IT headaches occurs
when a hard drive crashes. The downtime and lost data can be
catastrophic for the employee; getting a system up and running can
be a time sink for the technician. DiskAlert watches for subtle
signs of an impending disk failure and warns you before it's too late".
DiskAlert is new software from Executive Software that monitors your
system's hard drives for problems and alerts you and/or your staff by
e-mail, pager, phone and screen popup. DiskAlert runs NT, W2K and XP.
You can install a third module called the DiskAlert Assistant, on boxes
you specifically select, so your staff can also monitor and check up on
any alerts, but only the Administrator console allows you to change or
add drives to be monitored and configure your alert settings. Once you
install it, DiskAlert Agents runs invisibly on your servers, monitoring
disk drives and watching for potential problems. When a red flag gets
raised, the Agent sends a message to the Administrator, which in turn
sends out the various alerts you've set up to you and your staff.
DiskAlert works with all SCSI and IDE drives, all software RAID and
currently supports RAID controllers from Adaptec, AMI Mega RAID and
Compaq, with support for more controllers being added all the time.
They have a 2-for-1 special that was extended through the end of the
year, Get 2 licenses (usually $99.95) for the price of 1 ($49.95) with
immediate electronic delivery of full product.
This Week's Links We Like. Tips, Hints And Fun Stuff
Cache/RamDisks can unlock your servers true performance potential.
Register at availability.com and get FREE Availability Research
The TweakXP site has good hints and tips both hard- and software
Ohboy ohboy ohboy! [drool] Can I get one of these 50 inch Plasma screens?
PRODUCT OF THE WEEK
Hacking Exposed Third Edition
The updated content includes a new tools CD-ROM that includes security
software cited in the book and fully updated coverage of hacks and
countermeasures for the latest technologies like 802.11 Wireless
networking, Windows XP, and Windows.NET Sever. Of course, the great
content that pushed HE to the top of best seller lists is still there
and completely updated: late-breaking information on the newest Windows,
UNIX, Linux, and NetWare hacks and countermeasures in the tried-and-
true Hacking Exposed format, updated content on Web attacks (including
the newest IIS 5 vulnerabilities like Code Red), new techniques used
by today's hacker to pinpoint potential targets via ping sweeps,
TCP/UDP scans, traceroutes, whois queries, and zone transfers; an
updated remote access chapter covering analog dial-up, VPN, as well
as the latest known security holes associated with software like
Timbuktu, pcAnywhere, ControlIT, and ReachOut; and much more. It's
35 bucks at Amazon and reads like a spy novel. Recommended!