Monday, November 9, 2009

Browser Market Share Among IT Professionals - A Statistically Insignificant & Questionable Analysis

I realize as I write this post that I am officially a geek. I not only have an IT blog, but I am using Google Analytics to create reports and track how many people are visiting the blog, where they live, what type of internet service they have, and what browser they are using. It is this last bit of evidence on browsers that made me think to write this post.

I know that my sample is not large enough to be significant (around 270 unique visitors), and I know there is no way to verify that the people visiting are IT professionals. But, I was surprised at the percentages of users using non-IE browsers. I knew that Firefox had taken a large share of the market, but I was surprised that Chrome and Safari both had about a 5% share in my sample. Here is the breakdown:



Comparing this to recent broswer market share stats here, I found that my stats showed a greater loss (> 10% more) for IE. Based on this information and personal experience at the company I work for, I am going to postulate that IT professionals are switching browsers at a much faster rate than less technical users.

Ok, obvious right? But, the real question I began asking myself is what are the reasons that peole switch or don't switch. Why do people prefer IE, Chrome, Firefox, or Safari? If there really is a "Best" browser, what is keeping everyone from switching?

Well, I don't have all the answers, but I can at least explain why where I work only IT users use browsers other than IE.

We participate in around 6 security audits every year. All of these audits require patch management (preferably automated), approved software lists, vulnerability assessments, etc. Why does this matter? Well, I haven't done extensive research, but I am not aware of any free way to automate the deployment of patches from a central server and receive reports on the results of these deployments for non-IE browsers. I am not saying that this necessarily makes IE more secure or a better solution, but with Windows Server Update Services (WSUS) and WSUS reporting it makes it much easier to provide evidence for audits.

Combine the deployment and reporting issues with the fact that many websites both external and internal (third-party web-based apps) are not written to be compatible with all browsers. Add the fact that more browsers (or versions/brands of software in general) means more training and increased support calls, and it makes more sense to only allow one browser.

However, software developers need to be able to test web applications for compatibility with multiple browsers, and support personnel may need to support users from home that may use unapproved browsers. Therefore, IT personnel are allowed (approved) to install and use non-IE browsers.

So, what I am wondering now is if this is true for other organizations, what is the true browser market share?

8YD2EK9ZG822

HES8QT5KGC2V

Saturday, November 7, 2009

IIS Makes Website Redirection Easy

I have found many uses for the redirection functionality that is built into IIS over the years and I am surprised by how many times I come across people using redirect files or other methods to redirect people to new sites or to redirect people to SSL.

Microsoft has some good information here on how to use redirection in IIS. However, I thought I would give some real world examples and provide some screenshots. You will also want to check out this reference to see all of the available parameters. OK, let's get started.

Redirect to SSL

I use IIS redirection the most to redirect regular web traffic to SSL. Here is how:

Example: We want to redirect http://mail.domain.com to SSL. [Site] will be used as a placeholder for whatever you want to call the website in IIS.

Step 1: Set up website called "Redirect [Site] to SSL" (This website will only run on port 80 and will not be assigned a server certificate. You may have to add a host header or assign a specific IP to this site if you are hosting multiple sites.)

Step 2: Now, go to the properties of the site you just created, select the 'Home Directory' tab, select the 'A Redirection to a URL' radio button, under 'Redirect to:' enter 'https://mail.domain.com'. For this particular example, you can ignore the check boxes below. However, you may want to use one based on your need and security requirements so do some research.



Step 3: Set up website called [Site] and assign it a certificate so that it will accept SSL connections. (You will either need to add a fake host header, I use 'asdf', or change the TCP port to another number, e.g. 8080 or 1234, so that the sites will not interfere with each other. TCP port is not needed on this site since we want the 'Redirect [Site] to SSL' to respond for HTTP (port 80) traffic.)

Done.

Redirect to SSL Exchange 2003 & 2007

Step 1: Follow directions for 'Redirect to SSL', but instead of entering 'https://mail.domain.com' in step 2 enter 'https://mail.domain.com/exchange' (Exchange 2003) or 'https://mail.domain.com/owa' (Exchange 2007).

Problem: If someone enters 'https://mail.domain.com', no redirection will take place because the traffic is not hitting the redirect site.

Solution: Go to the 'Properties' of the root of your [Site] (the one running SSL) and select the 'Home Directory' tab. Select the 'A Redirection to a URL' radio button, under 'Redirect to:' enter 'https://mail.domain.com/exchange' (Exchange 2003) or 'https://mail.domain.com/owa' (Exchange 2007). Then, check the check box 'A directory below URL entered'. (If you do not check this box, it will apply redirection to all of the sub-directories also. You do not want that.)



Done.

Redirect and Preserve Suffix and Parameters (Query String) - Redirection Parameters

Example: You want to redirect 'http://mail.domain.com' and 'https://mail.domain.com' to 'https://mail.newdomain.com', but you want to make sure that 'http://mail.domain.com/default.aspx?User=dhazar' or 'https://mail.domain.com/default.aspx?User=dhazar' redirect to 'https://mail.newdomain.com/default.aspx?User=dhazar'. You want to make sure that the redirection preserves the suffix and the parameters

How: Assuming the sites are already set up go to 'Properties' of the site that responds for 'http://mail.domain.com' and 'https://mail.domain.com', select 'Home Directory' tab, select the 'A Redirection to a URL' radio button, under 'Redirect to:' enter 'https://mail.newdomain.com$S$Q', check 'The exact URL entered above'. When using 'Redirection Parameters', you may (not always) need to check the check box 'The exact URL entered above'. In this example, the box must be checked. $S and $Q are 'Redirection Parameters'.



I won't provide any more examples here, but see the 'Redirect Reference' here to find out more. There are a few more useful parameters and it explains how to use wildcards for more advanced redirection.

Tuesday, November 3, 2009

XO IP Flex - True Shared Voice & Data - SIP for the Masses

Alright, I know the title makes me look like an XO salesperson or an advertiser, but I really just wanted to write an informative piece about the service. I am just a customer and overall I am pretty satisfied with the service. I will include the positives and the negatives of the service.

For those unfamiliar with the XO IP Flex product, it is a shared data/voice offering that uses SIP trunking between an XO-owned, on-premise router and the XO VOIP switch (BroadSoft). The on-premise router then provides an analog or TDM hand-off to the customer.

So, here is how it works. You can order the service in four different configurations 1 T1 (1.54 Mb/Up to 16 voice channels), 2 T1s (~3 Mb/Up to 32 voice channels), 3 T1s (~4.5 Mb/Up to 48 voice channels), & 10Mb/Up to 72 voice channels (Not sure how many T1s here, but we have a 10 Mb ethernet circuit and the number depends on the distance from CO). When you order, you choose how many voice channels you want provisioned (can change amount later up to max), and then you choose if you want them to hand off as a PRI, digital trunk, analog lines, or some combination.

Now, this isn't like traditional shared T1 service where some channels are dedicated to voice and the remainder are data. The service here is basically a Cisco router that provides QoS for voice traffic. Which means that if you are not using any voice, you are not losing any data bandwidth.

Here is what is great about this setup. You can use any existing TDM phone system that supports PRI, digital trunks, and/or analog lines, or you can use regular analog phones (XO can provide the PBX functionality). At the same time, you can still take advantage of the cost benefits of VOIP. Your phone system won't even know you are using VOIP. You also get free QoS for voice traffic between the router and the XO VOIP switch. No need to buy expensive equipment to provide quality voice.

Some of the other benefits include:

- Free calling between any of your XO IP Flex locations (Why not? It is never leaving the XO network. See full data sheet linked to below for more info and restrictions.)
- Buckets of minutes and even Enterprise buckets (shared among locations)
- Cheap rates if you exceed bucket
- Free 800 number
- Lots of DIDs (telephone numbers) included
- If you choose to just use analog phones, or if your PBX is not very functional, you can administer the XO PBX from the business portal to provide PBX services. You can even purchase add-on services for enterprise-class PBX features.
- Full list of features here.

Alright, now for the negatives. First, XO IPFlex cannot provide a SIP hand-off to the customer. Direct SIP trunking requires you to order a different product from XO. Second, it is pretty darn close, but I don't think it is 100% as reliable as traditional TDM or analog voice service. The final negative I am aware of is that, at least with Avaya Communication Manager, you cannot send caller ID that is not a DID assigned to your XO account.

The main problem with not being able to pass any caller ID is with call forwarding or extension to cellular type calling (UPDATE: Avaya has fixed this issue. See here). Usually phone systems will pass the originating callers information on so you know who is calling, however, the calls are dropped in this scenario. Now, they could fix this issue at any time (UPDATE: Avaya has fixed this issue. See here), and you may not want caller ID so you can have XO hardcode your BTN for all calls. Also, it may not be a problem with other PBX systems, and you can always add some translations in your PBX to pass a DID assigned to your system like the primary business telephone number (BTN). So, I guess what I am trying to say is that you should do some research if this is the only thing holding you back.

One last thing, if you are using the XO portal as the PBX, I believe they offer forwarding and extension to cellular type services (may cost extra) that would most likely not experience the caller ID issues.

OK, so now for my conclusion. The IP Flex service is not for everyone, but if you own a non-VOIP or hybrid PBX or if you don't own a PBX, you may want to check it out. You may save some money and who doesn't like that.

I know there are other carriers that have similar services. Feel free to comment if you have a particular service you have used and are happy (or unhappy) with. Also, if you have any positives or negatives to add, let me know.

Monday, November 2, 2009

High CPU - dwwin.exe or dumprep.exe - Terminal Services - Windows Error Reporting

If you experience sudden slowdowns for your terminal services users and in your research you see the dwwin.exe or dumprep.exe is hogging the processor, disable windows error reporting. In fact, I think it is best to disable this on all terminal servers (and even all machines), unless needed, through a GPO. See http://technet.microsoft.com/en-us/library/bb490841.aspx for ways to disable error reporting.

When error reporting is enabled, an application crash spawns a process that collects information to send to Microsoft and/or for internal use. This process can really slow down your machine and in a shared environment like terminal services can have devastating effects. Luckily, it is easy to disable.

Preferred Hardware for Virtualization Part II - Configurations & Performance

Now that you have the specs for the Dell 2900 III and the Dell T610 servers, I wanted to give some examples of configurations I use in my environment and some performance or utilization statistics (real stats from past month). Both of my configurations here will be for the 2900. The first configuration I am going to give is the configuration running the greatest number of virtual hosts. The second configuration is the server that runs half (about 32) of our Thin Clients in our production data entry facility (See post here.) and half of our servers for that location. To make it easier, I will use Retail prices for any pricing info I give, but understand that with volume licensing programs and a Dell account you may be able to get significant discounts (For example, open business licensing on datacenter edition without hyper-v is around $2,150. The servers below can get down around $6,500).

Configuration 1
Dell 2900
2 X 2.66 Ghz Processors (Intel 5355 - Quad-core)
16 GB RAM
8 X 400 GB 10k SAS drives (Raid 10 - 1.44 GB usable space)
4 X Gb NICs (Two built-in, 1 Add-in)
Total Server Cost - ~$8,500
2 X Windows DataCenter Edition Processor Licenses - 2 X $2,971
1 X VMWare ESX Standard 2 Proc. (could have used foundation) - $2,568

Total Cost for Unlimited Use - ~$17,000
Cost per Virtual Host - ~$810 (Remeber includes all server licensing costs)
Number of Virtual Hosts - 21

Server Breakdown
1 X Domain Controller
2 X Processing Box
1 X Terminal Server (Approx 10 Thin Client Users)
1 X Virtual Center Server
6 X Web Servers
2 X Backup Servers
4 X Personal Computers (Still Server Edition to take advantage of unlimited licensing)
1 X Email Archival
1 X Video Conferencing
1 X FTP Server
1 X File Server

CPU Utilization (in Mhz)
Maximum
10,646 (Almost 1 full processor)
Average
4,606 (2 Cores)

Memory (Percentage)
Maximum
86
Average
78

Disk Usage (in KBps - should support more than 40k KBps)
Maximum
8,059
Average
2,383

Network Utilization (in KBps)
Maximum
42,224 (Proof that gigabit is not always required for VMWare)
Average
3,017

So, as you can see here, we overbuilt this server. It was one of our first servers. We could have gone with one processor which would have saved ~$3,700 (1 Datacenter Proc + 1 CPU). This would have brought the system cost to ~$13,300 and then per virtual machine cost to just over $600. Plus, there is still room for growth.

Now for configuration 2. I was surprised to find that running client sessions through terminal services takes up much more processing power than most servers. It is a great way to use up extra processing power.

Configuration 2
Dell 2900 III
1 X 2.83 Ghz (Intel 5440 - Quad-core)
16 GB RAM
8 X 450 GB 15k SAS drives (Raid 6 - ~2 TB Usable Space limited by Raid controller)
4 X Gb NICs (Two built-in, 1 Add-in)
Total Server Cost - ~$8,000
1 X Windows DataCenter Edition Processor Licenses - $2,971
1 X VMWare ESX Foundation 2 Proc. (may offer single processor now) - $1,889

Total Cost for Unlimited Use - ~$12,860
Cost per Virtual Host - ~$1,286 (Remeber includes all server licensing costs)
Number of Virtual Hosts - 10

At first look, we are paying a lot more per host with this configuration, but remember there are 32 clients running on the terminal servers so even though the cost is higher we are gaining a lot of value.

Server Breakdown
1 X Domain Controller
1 X SQL Server
1 X Processing Box
1 X Security Controller
2 X File Server
2 X FTP Server (One for stateless Thin Client logins)
2 X Terminal Servers

CPU Utilization (in Mhz)
Maximum
6,291 (Little more than 1/2 full processor. Turn off error reporting or you will see huge spikes in CPU when apps crash. See here.)
Average
2,627 (1 core)

Memory (Percentage)
Maximum
63 (Terminal server sessions can eat up memory if the users are using memory intensive apps like Outlook and some browsers. Make sure you test this to get an idea how much each session will use)
Average
55

Disk Usage (in KBps)
Maximum
66,320 (Biggest offender SQL averages over 21,000)
Average
13,672 (Terminal servers average under 4)

Network Utilization (in KBps)
Maximum
6,444 (Proof that gigabit is not always required for VMWare)
Average
542

Preferred Hardware for Virtualization - Dell 2900 III & Dell T610

I understand that not everyone is going to agree with this post. I don't really expect them to. When designing a system there are many variables, and the best solution will not always be the same solution. However, in my current position, I have done the analysis many times for different projects and for some reason, I almost always come back to the same hardware. So, I figured I would share the reasons why I usually end up purchasing these servers for my virtualization needs.

Obviously it all boils down to value and functionality. I feel that these servers deliver great performance at a great price and they are functional in ways that fit our needs. Ok, first I will discuss the downside to these servers so that I can explain why, for me, it doesn't matter. The downside is that these servers are a whopping 5U. Yeah, I know, that is a lot of rack space for a server these days. However, if you are just starting down the virtualization path, you will usually find that you have more than enough rack space, and if not, there are definitely other solutions that will save you the space.

Now, if you are familiar with Dell hardware, you may have overlooked these. In order to find them, you usually need to select tower servers and most medium to large organizations do not browse that area of the Dell website. Even though they are listed in the tower server section, both of these servers have optional rack configurations (Last time I checked, they took away the rack config for the 2900 III, but I am sure you can still get it if you have an account rep or call in).

Alright, so why am I listing two different models? The T610 is basically the replacement for the 2900 III and supports the latest Intel processors. The price is not much more than the 2900 so if you have the need for faster processing you may want to skip the 2900, but because there is a slight cost savings, because there is one nice feature that the T610 does not have, and because most people would be surprised how little processing power their servers actually need I have included it. So, what is the feature that has saved the 2900? Dell calls it a flex bay. Basically, the flex bay allows you to fit two extra drives in the server that are either mirrored or striped. These drives can be used to run the OS so that you don't have to steal drives from the main Raid controller or partition a section of your array for the OS. Unfortunately, as of last time I checked, the T610 does not offer a flex bay.

Ok, I guess I should move on to the stuff that really matters. Here are the specs that make these servers my preferred choice for virtualization:

Dell 2900 III
CPU
Dual socket. Supports two dual-core (52xx) or quad-core (54xx) CPUs. When it comes to virtualization, I always go with the fastest processor with the greatest number of cores (within reason). The main reason for this is OS licensing as I will explain later.

Memory
12 DIMMs. That's right 12. So, you can add 48 GB (12 X 4GB) of memory to the server.

Hard Drives
Up to 8 X 3.5 inch SATA or SAS drives (One of my next posts is going to be titled, 'The Case for Direct-Attached Storage (DAS)'. I will link to it here when I am done.). I know that some people will argue that 2.5 inch drives are faster, but if the 3.5 inch drives are fast enough, as of today, they are still cheaper and are available in larger capacities. What does all this mean? Well for under $5,800 you can get 8 X 450 GB 15k SAS drives, giving you around 3.5 terrabytes of raw storage (the Raid controller is limited so you will not be able to use all of it, but the next step down is 300 GB 15k drives (2.34 TB raw) and it only saves you a few hundred dollars)

Flex Bay
Two more for a total of 10 3.5 inch SATA or SAS drives (Note: these cannot be added to the 8 drive array)

Expansion Slots
No compact PCI or riser slots here. 6 expansion slots. 1 x8 PCI Express – x8 lane with x8 connector, 3 x4 PCI Express – x4 lane with x8 connector, 2 x 64-bit/133MHz PCI-X – supports full-height, full-length 3.3v PCI or PCI-X cards

Full specs here.

Dell T610
CPU
Dual socket. Supports two quad-core (55xx) CPUs.

Memory
12 DIMMs (RDIMM or UDIMM). That's right 12. But, this model is slightly different in that you can only use 6 DIMMs per processor. However, you can get 8 GB sticks of RAM. So, for a single processor you can have up to 48 GB and for two processors up to 96 GB. If you are cost concious though, you will probably stick to the 4 GB sticks which cuts those numbers in half.

Hard Drives
Up to 8 X 3.5 inch SATA or SAS drives or Up to 8 X 2.5 inch SATA, SAS, or Solid State drives.

No Flex Bay option

Expansion Slots
No compact PCI or riser cards here. 5 PCIe Gen2 slots (Two full-height, full-length x8. Three full-height, half-length x4).

Full specs here.

Up Next: Part II - Configurations & Utilization