My Thoughts On IT…

Brian Lewis's Thoughts on all things Information Technology related

USBwarningOk, once again we have a very scary computer security / insecurity revelation. USB drives are horribly insecure!

We have known to be concerned of devices that map directly to memory, like FireWire. They can access the computer ram and read it or write it without restriction. USB always seemed to be more secure than these devices because they didn’t have direct access to ram. The only thing we thought we needed to worry about with USB was either malicious files on the USB stick or if it was a keyboard entry stick like the rubber ducky stick.

Well now we have more to worry about. Because those USB drives also have a firmware section that make them work. Now researchers have found that you can put exploit code into the firmware. This is a section that is not scanned by antivirus and not normally visible to the operating system.

For more on the dangers:

Hackers can tap USB devices in new attacks, researcher warns
http://news.yahoo.com/hackers-tap-usb-devices-attacks-researcher-warns-070243916–finance.html

USB: The ultimate hacking tool?
http://gianiwvl.wordpress.com/2014/08/03/usb-the-ultimate-hacking-tool/

What are the Dangers of using an untrusted USB drive? (Before the new firmware exploits)
http://lifehacker.com/what-are-the-dangers-of-using-an-untrusted-usb-drive-1533523741

Chicago-BeanTechEd Part Duex… Plus (the plus is more)
Last month Microsoft announced a new huge event we will be hosting in Chicago the week of May 4th 2015.

The unified “Microsoft commercial technology event” as it is currently called will combine 5 different conferences into one!

The five Microsoft conferences that are now being merged into one Gigantic Conference are:

  • SharePoint Conference
  • Lync Conference
  • Exchange Conference
  • Project Conference
  • TechEd North America Conference

Whatever the name of this event, “Microsoft’s unified technology event for enterprises” or “unified Microsoft commercial technology event”,  my idea “Tech-Ed Plus” Smile, or something completely different, it promises to be a great conference and I hope to see you there.

 

More information about the event can be found in the Microsoft official announcements here:

Julie White’s Blog – Microsoft’s unified technology event for enterprises
http://blogs.office.com/2014/07/21/microsofts-unified-technology-event-for-enterprises/

Channel 9 – Announcing: Microsoft’s Unified Technology Event for Enterprises
http://channel9.msdn.com/Blogs/TechEd/SavetheDateMay4#fbid=

Steve Guggenheimer’s Blog – Announcing: Microsoft’s Unified Technology Event for Enterprises
http://blogs.msdn.com/b/stevengu/archive/2014/07/21/announcing-microsoft-s-unified-technology-event-for-enterprises.aspx

image

Just when I thought I knew all about creating Virtual Machines up on Microsoft’s Azure public cloud platform a new way has released this past Monday. (The wonderful thing about working in technology is that you are always learning) Smile

As of this past Monday the Azure Preview Portal now has the ability to create, manage, and monitor Virtual Machines. I was originally worried about the new portal as I have spent the last year in the standard Azure Portal and know how to do things there. However, in the short time I have been using the new portal I find the improvements are so dramatic that I don’t think it will be hard to switch over to the new portal completely when it comes out of preview.

Why don’t you take a look at Azure today and see what the future of Server computing looks like. You can get a 30 day free trial of Azure just go the www.azure.com and click on “try it”.

Want to learn more about Azure and Hybrid Cloud?

To continue your learning on Microsoft Azure and Hybrid Cloud, be sure to join our FREE Hybrid Cloud study track in our online Early Experts study group!

Ofc365_Orng166_rgbCustomers often want to know what is coming in the next versions of a Microsoft product or service. The Office 365 group understands this and has programmatically added it to their process. With online services product groups at Microsoft are continually adding new functionality into the offerings. As opposed to a traditional software product which bundles all the updates into a new version every year and a half or so. I see having a published roadmap as a much appreciated addition to the services model.

The Office 365 team just launched an Office 365 Business Roadmap site. Unveiled yesterday, June 19th, in a blog post. You can see the announcement here:
http://blogs.office.com/2014/06/19/improving-visibility-to-service-updates/

One of the things I like about the site is how they separate the information into four main buckets and then go into detail on the specific features.

The Roadmap Site’s 4 buckets are:
image

  • What’s has Launched
  • What’s Rolling Out
  • What’s In Development
  • What’s Canceled

Check it out for yourself and see what we have planned for you.

The Office 365 for business roadmap is available here:
http://office.microsoft.com/en-us/products/office-365-roadmap-FX104343353.aspx

imageOne of the questions customers often ask is what the heck does the new /vm switch do in Sysprep.exe. Well here is the secret…

What the /mode:vm switch does
Running SYSPREP removes unique information, such as the SID and GUID, but it also resets the hardware drivers information. When you run Sysprep with the /mode:vm switch you don’t remove the hardware information. This means the machine doesn’t need to redetect hardware on it’s first boot enabling a faster process when creating new VMs.

Command Line Only
VM mode is available only through the command line. It is also supported only when you run it from inside a virtual machine and deploying to a virtual machine of the same type. (i.e. Hyper-v Gen1 to Hyper-v Gen1 or Hyper-v Gen2 to Hyper-v Gen2)

Here is a side note…
I spent a good half hour a few years ago looking for the Sysprep.exe download on the internet. Guess what? You won’t find a sysprep download as it is already in all Windows installs. Ouch – it still kinda stings…

To Run Sysprep
Open a Command Prompt window as an administrator. Change to the C:\windows\system32\sysprep directory. Type:

Command Description
Sysprep /generalize /shutdown /oobe Standard command for real hardware
Sysprep /generalize /shutdown /oobe /mode:vm Command for a Virtual Machine

 

For more info on Sysprep see the Technet article here:
http://technet.microsoft.com/en-us/library/hh824938.aspx

imageHave you heard of HDbaseT?
I currently use HDMI to connect my flat-panel TV to my Bose system which uses HDMI to connect to a bunch of other devices. (Xbox, Cable, Roku, Apple TV, PS3) It sure would be nice to be able to use a CAT5 cable to connect these devices instead of HDMI. That is what the HDBaseT standard is meant to do.

HDBaseT not only caries the transmission of uncompressed high-definition video and audio like HDMI but it also adds power, home networking, and some control signals all over a common cable with a standard connector. This could be the next connection technology you use to connect your systems together. I hope so!

HDBaseT spec 1.0 was finalized in June of 2010 and a 2.0 spec is expected. It is supported by the HDBaseT Alliance. This is an alliance of electronic industry companies such as Samsung, LG, Sony, Panasonic, Creston, and many others. To find out more about the HDBaseT alliance and technology visit the alliance website:

http://hdbaset.org/technology/

Hopefully we will see this technology in our home electronics soon!

For more info on HDBaseT watch this video from Infocomm 2012
http://www.youtube.com/v/yogX4S9Jysk?hd=1

hadoop_azureI have often been asked “Does Microsoft have a Hadoop strategy?” The answer is, Yes! The easiest way to get this to work is in Microsoft Azure using the HDInsight feature.

As businesses seek ways to store, manage and analyze their ever-increasing amounts of data, they have looked for tools to capitalize on this wealth of data. The tool that has emerged as the predominant Big Data analysis tool is Apache Hadoop, an open source software allowing multiple servers to mine data in parallel.

Microsoft has built HDInsight in Azure as part of our comprehensive data platform to facilitate large data analysis.  It includes Hadoop and SQL Server technology to offer an easy to use Big Data platform.

To setup a cluster of servers is now an easy task with HDInsight in Azure. From the Azure portal you select to create an HDInsight Cluster and choose from 1 to 32 servers. Azure will provision your cluster in just a few minutes and it will be configured with Hadoop and YARN. YARN is the cluster resource management sub-project introduced in Hadoop 2.0.

The HDInsight service also has an easy-to-use Web interface that gives users the ability to create interactive queries over the Hive, the Hadoop component that provides large data set querying and management capabilities.

If you are interested in mining your data for those golden nuggets a fast, easy, and less expensive way is to use the HDInsight tool in Azure. Give it a try today!

 

For More Information:

Reveal new insights with Big Data
http://www.microsoft.com/en-us/server-cloud/solutions/big-data.aspx?WT.mc_id=Blog_SQL_Announce_DI#fbid=eSnb5QAQara

Microsoft updates its Hadoop cloud solution ( provides up to 100x performance improvements)
http://blogs.technet.com/b/dataplatforminsider/archive/2014/06/03/microsoft-updates-its-hadoop-cloud-solution.aspx

4353_Figure-3---Secured-boot-path-with-UEFI_7BBA93DAWhat is Secure Boot?
Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted. This is a technology to prevent Rootkits. Windows 8 and above supports Secure Boot as does Windows Server 2012 and above.

How does it work? (High Level)
When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system. If the signatures are good, the PC boots, and the firmware gives control to the operating system.

How do I tell if it is working?
Just because you have new hardware that has a UEFI BIOS and you are running a version of Windows that supports Secure Boot doesn’t mean that you are running it. It is a bit more complicated than that.

1 Open a PowerShell Command Prompt and run as Administrator image
2 Run command:
Confirm-SecureBootUEFI
image

Possible Cmdlet Returns:

True – All good! Your PC supports Secure Boot and Secure Boot is enabled
False – PC supports Secure Boot but Secure Boot is disabled (you may have a watermark on your desktop warning you of this)
Cmdlet not supported on this platform – This PC does not support Secure Boot or is setup in a Compatibility Support Module (CSM) Legacy BIOS mode.

 

For a good overview on what Secure Boot is see Steven Sinofsky’s old blog post:
Protecting the pre-OS environment with UEFI
http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

For information on installing Windows to Support Secure boot see my previous post:
Installing Windows 8.1 from a USB Stick under a UEFI BIOS and Secure Boot
http://mythoughtsonit.com/2014/05/installing-windows-8-1-from-usb-to-a-uefi-secure-boot-machine/

Windows-8_1Installing Windows 8.1 from a USB Stick under a UEFI BIOS and Secure Boot.
When Building a Windows UEFI system there are a few things to know that are different from when building an old BIOS based machine. First your USB install stick has be be formatted with FAT32 and Not NTFS. Second your UEFI motherboard probably has a Compatibility Support Module (CSM) mode that is set for BIOS compatibility. You need to turn that off if you want to enable UEFI, Secure Boot, and booting from a GPT partitioned disk.

The 11 steps for manually preparing / building a USB Disk to be a bootable Win 8.1 Install.
This bootable USB stick will work for both older BIOS installs as well as the newer UEFI installs.

1. Diskpart (Run from a CMD prompt)
2. List Disk
3. Select Disk # (Where # is the number of your USB disk)
4. Clean (removes any partitions on the USB disk, including any hidden sectors)
5. Create Partition Primary (Creates a new primary partition with default parameters)
6. Select Partition 1 (Focus on the newly created partition)
7. Active (Sets the selected partition to an active valid system partition state)
8. Format FS=fat32 quick (Formats the partition with the FAT32 file system. FAT32 is needed instead of NTFS so that it can load under the secure boot UEFI BIOS.)
9. Assign (Assigns the USB drive a drive letter)
10. Exit
11. Copy all the files from the Windows 8.1 DVD to the USB Stick.

 

For More information on on UEFI and Installing Windows to these machines here are some links:
Happy System Building! –Brian

For more information on UEFI BIOS and Secure Boot in Windows 8.1
http://answers.microsoft.com/en-us/windows/forum/windows8_1-security/uefi-secure-boot-in-windows-81/65d74e19-9572-4a91-85aa-57fa783f0759

Installing Windows on UEFI-based Computers
http://technet.microsoft.com/en-us/library/hh290675(v=WS.10).aspx#BootingUEFImode

hp_proliant_microserver_g8

I have run a server in my home for the past 18 years. I initially had it routing my home network to the internet because home routers didn’t exist at that time.Yes, I had all my machines networked and on the internet. It was fun and kept me well trained on the technologies I used at work. It was time to upgrade my server and those lame inexpensive NAS systems didn’t work as well as I would like. So, it is time to build me a sweet system!

I like the compatibility and stability of enterprise grade servers but after having used a couple of Compaq ProLiant servers in the past I realized I didn’t like the $50 a month electric bill and the sound of a small jet engine rumbling through my living room floor from the server room below. Those fans can be quite loud. The other downside is the cost, I would pick up a used server to keep the costs down. What I really want is an entry level server in a small case that has low power usage and a quite fan. 

That is where the MicroServer Gen8 from HP come in. This is exactly what HP built in the ProLiant Gen8 MicroServer. This is a great entry level enterprise grade server with an affordable price tag, low power consumption, and usually a quiet fan. The fan is variable so it can cool the server if it needs to but otherwise runs slow and quiet. It even comes with HP’s iLO remote management built in. Unfortunately, there is an extra cost to enable the full use of the iLO card.

This is a very capable server for home or small office. The speed of the dual core Celeron G160T 2.3 Ghz CPU is more than fast enough. For more information on this server see the Quick Specs sheet from HP Available at: http://h18000.www1.hp.com/products/quickspecs/14565_div/14565_div.pdf

I purchased my HP ProLiant MicroServer Gen8 on December 7, 2013. It was a Christmas present to myself. Just what I wanted, how did I ever guess… Smile Over the past months, when I have had time, I have been researching what others have done with this server and set it up with different configurations. I have just made my final purchases today for my planned configuration.

This server will be both my hyper-v host server and my NAS. I have been evaluating different storage options but want to keep the costs down. I have seen that a lot of the community is using an add-in card for the disk controller but I want to avoid that cost. I will be using the onboard controller, Server 2012 R2 and storage spaces.

Here is the configuration I am using:

Item Cost (and link)
HP Gen8 ProLiant MicroServer Celeron G160T 2.3 Ghz CPU $389.99
Kingston ValueRAM 16GB Kit  (8Gig *2) Gig Memory Upgrade $169.99
ADATA Premier Pro SP900 64Gig  *  (OS Drive) $49.99
WD Red Hard Drive – 3TB  * (Data Drive) $124.99
WD Red Hard Drive – 3TB  * (Data Drive) $124.99
ADATA SP900 256GB SSD * (Data Drive – SSD Storage Tier) $129.99
ADATA SP900 256GB SSD * (Data Drive – SSD Storage Tier) $129.99
ICY DOCK EZConvert Mounting Kit (For SSD Drive) $15.99
ICY DOCK EZConvert Mounting Kit (For SSD Drive) $15.99
Power Converter Cable (For OS SSD drive in CDROM tray) $4.99
   
Total Cost $1156.90

This machine will have a data storage space of 6.5 TB of total space. I will use both striping and mirroring virtual disks for the storage spaces in addition to data de-duplication. For offsite backup I will be backing up to Azure storage for my important data. Also the two larger SSDs will go into slots one and two of the server as these offer 6Gb/s SATA connections and the other SATA connections only offer 3Gb/s. This is a limitation of the inbox controller.

This article is the first in a series of article I will be posting on the HP ProLiant Gen 8 MicroServer. Stay tuned for configuration details, bench marks, and how to guides.

Regards – Brian