DataCenter

Monitoring Windows Server CPU performance

I didn’t realize how much I really didn’t know about CPU performance monitoring until I read this Microsoft Technet blog on Interpreting CPU Utilization for Performance Analysis. As the article says: If you rely on CPU utilization as a crucial performance metric, you could be making some big mistakes interpreting the data.

Take some time and review this recent (August 2009) posting on this issue. If you manage/monitor Windows servers and watch server performance, this article will give you a better understanding of the ins/outs of interpreting CPU utilization.

Here’s 4 of the top 9 takeaways that you will learn by reading this article:

Summary of Key Takeaways

Key takeaway #1: Processor of type A @ 100% utilization IS NOT EQUAL TO Processor of type B @ 100% utilization

Key takeaway #2: 2 HW threads on the same package @ 100% utilization IS NOT EQUAL TO 2 HW threads on different packages @ 100% utilization (for better or worse)

Key takeaway #3: 2 HW threads on the same logical core @ 100% utilization IS NOT EQUAL TO 2 HW threads on different logical cores @ 100% utilization (for better or worse)

Key takeaway #4: 2 HW threads on the same NUMA node @ 100% utilization IS NOT EQUAL TO 2 HW threads on different NUMA nodes @ 100% utilization (for better or worse)

Thanks for reading and let’s continue to be good network citizens!

Would you click if it showed on the NY Times website? - Really would you?

Yesterday Fierce CIO reported that New York Times falls victim to rogue ad. This is a trend that seems to be happening more frequently. Rogue malware ads are appearing in a lot of places these days in areas most people would trust as authoritative and reliable sources of information. It is unknown how much the rogue malware “seller” may have gotten by putting the ad on the NY Times website but they likely made something from unsuspecting users. The NY Times did suffer some amount of loss since they disabled all third party ads until the rogue ad was removed. What would you do if an ad popped up on a trusted website saying your computer was infected? Most IT professionals would disregard the message as their systems SHOULD already be protected. However, how much of the general population is not an IT professional (at least outside of their own home )?

What can and should the security industry do to educate users about these social engineering tactics? Should computers be “licensed” or “permitted” to be on the internet to reduce threats to unsuspecting users? That’s a thought for you… what governing body would issue these computer use permits? What would the rate infrastructure be like - based on processor/memory or bandwidth? Where would the permit fees go? Would there be some internet oversight body that uses the fees to have inline malware filters?

Thinking out loud here folks - offer some suggestions. Your input is welcome and appreciated.

Thanks for reading and let’s continue to be good network citizens!

=========================

20090918 Update:

E-Week reports that there is a surge in click fraud. According to the article this is similar to the NY Times advertisement malware threat discussed above. I fear this trend will only get worse. What is a legitimate advertiser or web services organization to do?

Using net shell to backup/restore DHCP

Recently a fellow ITKE blogger posted Windows server 2003: DHCP server rant. I had been working on moving some DHCP services from one site to another when I saw his posting. I was using a series of network shell (netsh) commands to perform the necessary tasks to move scopes from one server to another. I thought I would share that series of commands with ITKE readers for your use.

We have about 20 sites with DHCP servers. So, this is a significant number of servers and scopes to manage. The Microsoft DHCP management console can be sluggish across a WAN so managing each server through RDP can be a pain also. Fortunately, the netsh dhcp server command set gives a good set of tools for managing DHCP services through a command line.

The netsh dhcp server help says:

Switches the active command context to the specified DHCP server.

Syntax:
dhcp> server <\\ServerName | ServerIP>

Parameters:
ServerName     - The NetBIOS or the DNS name of the DHCP server computer.
ServerIP       - The IP address of the DHCP server computer.

Notes:         If a value for neither ServerName nor ServerIP is specified, the local computer is assumed.

Examples:      server \\DHCP-SRV1
server \\dhcp-srv.microsoft.com
server 10.0.0.1

Using this command and the additional options available to manage DHCP, I wrote a script to go out to each DHCP server, make a copy of all scopes on that server and write it to a central location. The script is shown below. A prerequisite to the script is to get a copy of the psexec.exe tool from Sysinternals (Microsoft). I could use the remote server format of the command but prefer running the command on the remote servers’ command line.

The backup script is shown below. I named mine PS-dhcp-export.cmd

The first part of the script writes a batch file unique to each remote server.

:part1

if exist get-dhcp.cmd del get-dhcp.cmd
echo net use j: /d > get-dhcp.cmd
echo net use j: \\backupserver\c$ >> get-dhcp.cmd
echo j: >> get-dhcp.cmd
echo cd “\dhcpbackup” >> get-dhcp.cmd
echo netsh dhcp server export j:%1.txt all >> get-dhcp.cmd

Part2 actually runs the script on the remote computer and copies the get-dhcp.cmd file to the remote computer’s C:\ folder.

:part2
psexec -c -w c:\ get-dhcp.cmd \\%1

So, to run this against all remote site’s dhcp servers, I create a text file listing each remote authorized DHCP server. There is one server per line and looks something like this:

us1dc01
th6dc01
us2dc01
mx1dc01
us9dc01
us7dc02
uk3dc01
tw3dc01
us4dc01

This file is then read in and processed using the following backupdhcp.bat file:

for /F “tokens=*” %%I in (sites.txt) do call ps-dhcp-export.cmd %%I

Wait a few minutes and the backup is completed across all DHCP servers and a copy of the scopes is in one folder on another server.

If a scope needs restored or installed on a new DHCP server, use a command similar to the following:

netsh dhcp server import backupfile.txt scopesubnet

Where scopesubnet is either “ALL” or the subnet range like 10.2.0.0 or similar. More help can be found on the Microsoft Technet website for the netsh commands for DHCP.

Hope this tip has been useful. Thanks for reading & let’s continue to be good network citizens!

Another threat to watch out for - Ants in the keyboard!

On Friday I posted a tongue-in-cheek type posting about a worm taking down a laptop. Not necessarily big news but something different to see as a risk to computing equipment.

Another similar story came to my attention today. It has to do with ants in a membrane switch type keyboard. Check out the article Ant Farm In The Keyboard. Hey… isn’t it about sharing troubleshooting information between peers? wink-wink - nudge-nudge

Thanks for reading. Have a great day and let’s continue to be good network citizens!

Friday news alert - Worm causes computer crash! - Troubleshooting tip

Well… that’s probably news every day somewhere but in this case it was a real worm and I’m not talking about an electronic worm! I guess I need to ensure I don’t leave my computer out on the patio on the swing. I need to also watch my cat.

Check out the story Worm Causes Computer to Crash. You will see what I am saying is true.

Thanks for reading and let’s continue to be good network citizens.

Microsoft releases SharePoint Designer 2007 for FREE!

SharePoint Designer 2007 is Now Free – Office SharePoint Designer 2007 provides the powerful tools you need to deliver compelling and attractive SharePoint sites and quickly build workflow-enabled applications and reporting tools on the SharePoint platform, all in an IT-managed environment.  You can use SharePoint Designer 2007 to create and deploy interactive solutions on the SharePoint platform, without having to write code.  It also provides the professional-quality design tools you need to create great-looking SharePoint pages that are compatible with a wide range of browsers.  Additionally, site administrators and IT managers can control exactly how SharePoint Designer 2007 is used to help ensure information workers have a managed and controlled experience.

If you are interested in learning more about SharePoint Designer 2007, please be sure to check out:

·         Microsoft Office Sharepoint Designer 2007 Product Overview

·         SharePoint Designer demos

·         SharePoint Designer webcasts

·         Help for SharePoint Designer 2007

·         Future direction of Sharepoint Designer 2007:  video

Pandemic preparation, risk and business continuity

I’m not the kind to run around thinking the sky is falling or that the swine or bird flu risk is non-existent. I take a lot of these warnings with a grain of salt. However, the pandemic watches of the past few years should obviously have organizations thinking about their risks and business continuity plans. In fact, my organization has a few sites in Mexico and along the border with Mexico. So, this situation has the potential to directly affect our employees.

I wanted to bring your attention to a recent posting on the excellent SANS organization website about the pandemic watch of 2009. This posting is titled Pandemic Watch April 2009. This has very good explanations of the current situation and the potential health risks.

The section that I think is most appropriate to IT folks (actually to everyone) describes a skeleton plan for companies to help deal with the situation. The following is an excerpt from the SANS website.

Don’t Panic!

Initial monitoring stage (where we are right now)

* If you’re sick, stay home
* Family is sick, stay home
* Close contact with someone showing symptoms, stay home
* Wash your hands, cover your cough

Then, if multiple cases in your area,

* Think about telling non-essential workers to stay home
* Recommend workers take kids out of daycare

Pandemic stage

* Everyone will be staying home, how will you handle it?
* Do you have enough laptops?
* Can your VPN concentrators handle the load

I would recommend taking some time to read the summary about the health risks of the various flu strains. Let’s continue to keep our thoughts and best wishes for those who have already been affected by this most recent health issue.

Thanks for reading and let’s continue to be good network citizens - stay healthy too and if you are not healthy, then please contact a health care organization as soon as you can. Get well soon!

Security news - Videos from Hack In The Box 2008 Malaysia available for download

The videos from HITBSecConf2008 - Malaysia are now available for download!

Day 1

=====

http://thepiratebay.org/torrent/4654588/HITBSecConf2008_-_Malaysia_Videos___Day_1

Keynote Address 1: The Art of Click-Jacking - Jeremiah Grossman Keynote Address 2: Cyberwar is Bullshit - Marcus Ranum

Presentations:

- Delivering Identity Management 2.0 by Leveraging OPSS

- Bluepilling the Xen Hypervisor

- Pass the Hash Toolkit for Windows

- Internet Explorer 8 - Trustworthy Engineering and Browsing

- Full Process Reconsitution from Memory

- Hacking Internet Kiosks

- Analysis and Visualization of Common Packers

- A Fox in the Hen House - UPnP IGD

- MoocherHunting

- Browser Exploits: A New Model for Browser Security

- Time for a Free Hardware Foundation?

- Mac OS Xploitation

- Hacking a Bird in The Sky 2.0

- How the Leopard Hides His Spots - OS X Anti-Forensics Techniques

Day 2

=====

http://thepiratebay.org/torrent/4654974/HITBSecConf2008_-_Malaysia_Videos___Day_2

Keynote Address 3: Dissolving an Industry as a Hobby - THE PIRATE BAY

Presentations:

- Pushing the Camel Through the Eye of a Needle

- An Effective Methodology to Enable Security Evaluation at RTL Level

- Remote Code Execution Through Intel CPU Bugs

- Next Generation Reverse Shell

- Build Your Own Password Cracker with a Disassembler and VM Magic

- Decompilers and Beyond

- Cracking into Embedded Devices and Beyond!

- Client-side Security

- Top 10 Web 2.0 Attacks

===

On a related note, the registration for HITBSecConf2009 - Dubai (20th - 23rd April) is now open!

http://conference.hitb.org/hitbsecconf2009dubai/

The Call for Papers (CFP) for HITBSecConf2009 - Malaysia (October 5th -

8th) will open in March 2009.

Microsoft’s environmental campaign - XP goes green

Microsoft has a special section of their website dedicated to fostering environmental sustainability. To that end, they have released a product called Edison PC Power Management software. The application will work on XP and Windows Vista. According to the Microsoft Environment website features include:

• Scheduling. Identify work and non-work schedules to optimize power schemes based on when your PC is in use or on standby.
• Settings. Choose from among several options for power savings and settings.
• Estimated Savings Reports. Find information that shows how PC power settings correlate to money, kWh and CO2 savings.
• Intuitive User Interface. Drag easy-to-use sliding bars to choose settings and instantly see the power and monetary savings. Clearly marked tabs make the interface easy to navigate.

So… if you want to reduce your carbon footprint in 2009, check this out. I know I will.

Did you see this? - Microsoft Infrastructure Planning & Design Guides

Microsoft has become much better offering documentation beyond just marketing materials about their products and systems. The Infrastructure Planning and Design (IPD) guides are the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario.

The guides available include:

• Exchange Online—Evaluating Software-plus-Services
• Microsoft System Center Configuration Manager 2007 SP1 with R2
• Microsoft Application Virtualization 4.5
• Windows Server 2008 File Services
• Windows Server 2008 Print Services
• Infrastructure Planning and Design Series Introduction
• Internet Information Services 7.0
• Selecting the Right NAP Architecture
• Selecting the Right Virtualization Technology
• System Center Operations Manager 2007
• System Center Virtual Machine Manager 2008
• Windows Deployment Services
• Windows Server 2008 Active Directory Domain Services
• Windows Server 2008 Terminal Services
• Windows Server Virtualization (for Windows Server 2008 Hyper-V and Virtual Server 2005 R2 SP1)

As you see, there is a lot of information here to absorb and make use of in your environment. I’m going to be checking out the Systems Center Operations Manager 2007 implementation guide. It’s gonna be an interesting ride but at least Microsoft is offering some free support assistance in the planning and design phase.

Try some of these guides out. Share with us your thoughts and how effective the guides were in helping your organization meet operational demands.