Remote Desktop

It was only a matter of time, same as the stories that began emerging about SaaS.

Perhaps the greatest fears of the all-encompassing latest trend known as Cloud Computing is who owns your data, who actually has your data, and is your data safe & reliable?

The question really is, is the cloud meant for data storage, or is it a solution for highly-scalable on-demand distributed computing?  I vote for the latter.

Customers at The Linkup (formely MediaMax) just found this out the hard way.  On August 8th The Linkup apparently shutdown after losing almost half of their customer’s data. The data is gone, never to return.  This article from NetworkWorld mentions that the Industry Standard indicates The Linkup had 20,000 customers. Due to a company split data migration/integration was necessary.  When the migration went seriously wrong, they shut the doors.

So it appears that there is a bug in VMware’s licensing code (see below for updates) that will effectively not allow systems running ESX 3.5U2 in Enterprise configuration to run.  System’s that are already running should not be affected.

Matthew Marlowe has posted a blog entry indicating the following work around:

1. Find the host where a VM is located by getting the list:

   vmware-cmd -l

2. Issue the commands:

   service ntpd stop
   
   date -s 08/01/2008
   
   vmware-cmd /vmfs/volumes/vm path/vmname.vmx start
   
   service ntpd start

Updates from VMware can be found on this page (UPDATE: Due to timeouts, use this static page).  Apparently a fix is minimum 36 hours away…

More than just a bit scary if you ask me…

UPDATE:

Just received an e-mail from VMware.

Problem:

An issue has been discovered by many VMware customers and partners with ESX/ESXi 3.5 Update 2 where Virtual Machines fail to power on or VMotion successfully. This problem began to occur on August 12, 2008 for customers that had upgraded to ESX 3.5 Update 2. The problem is caused by a build timeout that was mistakenly left enabled for the release build.

Affected products:

1. VMware ESX 3.5 Update 2 & ESXi 3.5 Update 2
2. Reports of problems with ESX 3.5 U1 with the following 3.5 Update 2 patch applied.
   1. ESX350-200806201-UG
3. No other VMware products are affected.

Resolution:

VMware Engineering has isolated the root cause and is working to produce an express patch for impacted customers today. The target timeframe is 6pm, August 12, 2008 PST.

UPDATE:

The express patch can be found here.

UPDATE:

This message is to inform you that we are experiencing a delay in releasing the new version of ESX/ESXi 3.5 Update 2. Our testing of this release is taking longer than anticipated. We are now targeting to release the update between 2:00 AM PDT (0700 UTC) August 14 and 8:00 AM (1500 UTC) August 14 PDT.

UPDATE:

We have re-issued the entire ESX/ESXi 3.5 Update 2 release (ISOs, upgrade tar and zip files, and patch bundles). They are available for download at http://www.vmware.com/download/.

Please note this update is only relevant to customers who did not install the impacted release of ESX 3.5 Update 2 (build number 103908) or ESXi 3.5 Update 2 (build number 103909). If you have installed either of these please visit http://www.vmware.com/landing_pages/esxexpresspatches.html and install the express patch.

Looks like Russian Hacker Evgeniy Polyakov has successfully poisoned the latest version of BIND which was supposed to have been patched in that massive, coordinated release.  The release was supposed to randomize the ports to make it much more difficult to poison.  Using Evgeniy Polyakov’s exploit code and some common hardware, it took 10 hours.  Yikes.

The New York Times article by John Markoff has more details.

Following up on our previous post, pingdom has a blog post on downtime for the major news sites.  They cover all the big boys.  ABC News, Christian Science Monitor, International Herald Tribune and Times Online had the most downtime since Jan 1 with up to a whopping 23h 31m.  On the flip-side The Washington Post, CNN and the New York Times were all under 40m and Forbes came in with zero downtime.

You can checkout the pingdom blog post for an interesting analysis.

Data Center Knowledge picked up on a New York Times article about Internet downtime and the reality of trying to provide 24/7/365 uptime for the worlds most popular, and most relied upon, websites and services.

They run through a recent list of outages affecting The Planet, HostDime, ICE, Netflix, YouTube, T-Mobile, Yahoo Stores, Rackspace, Alabanza, ValueWeb, and 365 Main that took sites down anywhere from several hours to several days.

An interesting read to say the least.

We’re seeing a lot of recent activity related to an (unconfirmed) version of the 4 year old Bagle virus.  The impact is the blacklisting of IP subnets — and it’s unpleasant to say the least.

Essentially users get infected with the Bagle virus and it collects personal favorites including FTP URLs, usernames and passwords.  Spammers then run scripts which test the FTP connections and drop files like:

ftpchk3.php
ftpchk3.pl

which test functionality on the target website.  Their bot then covers its tracks by deleting the files.  Several days later, new files are uploaded to the site, which can include:

hot_video.exe
index1.php
index6.html
load.php
logs.txt
movie.gif
pindex.php

The file hot_video.exe contains the trojan horse Downloader.Tibs.9.V.  As soon as the above mentionned files are uploaded to the FTP of the site, SPAM starts to go out using the host server’s domain name and referencing the URL to the files uploaded by FTP.

The end result is most likely the blacklisting of your entire IP class, not by the RBLs, but by internal corporate networks.  A serious pain in the ass because there is no centralized location to verify and then delist your addresses like there is for RBLs.

So finally someone comes up with a cooling solution that makes perfect sense to me…and implements it.

Everyone is talking about the SuperNAP by Switch Communications that is supposed to be one of the largest and most efficient datacenters produced to-date, beating the likes of Microsoft and Google in terms of capacity per square foot.

Everyone is linking to Ashlee Vance’s articles in The Register (here and here) about 8-year old Switch Communications which has gone unheard of for all these years until now.  The gist is that they aquired Enron’s pipe-dream of “bandwidth as a commodity” datacenter for next to nothing and in doing so inherited the ideal foundation for colocation services.  They picked up military contracts and other, shall we say “big-time, low-key” customers, and built a business on it.

I have to say, I like what I’ve seen so far.

The two things that stand out are the use of ex-military personnel for security, the very presence of the actual military in the building, and their method of cooling, part of their success in the capacity-per-square-foot department.

In most datacenters the onsite security amounts to nothing more than a (sometimes) convenience to customers, scarecrow for security, and an eye witness account of what happened but couldn’t be prevented.  Ex-military with big guns tends to produce a different outcome.  Burst through a wall with your little tazor and be ready to be blow to Kingdom Come by the datacenter Rambo. The presense of the actual military gives you the upper in hand in early warning for world-wide events and threats.

And finally, with respect to cooling scenarios that never made any sense to me, we finally have a company designing a front room and a back room — it was about time.  The “front room” provides access to the front of the cabinet where you insert your servers and (I assume) plug any gaps with filler plates.  Cold air is pumped into the room from above and is completely isolated from the rear of the cabinet.  The “back room” is dedicated to managing hot air that is collected from above and cycled through the system.  Brilliant, if not obvious.

To top it off, they have four (4) different methods of cooling available to them, and they choose amongst the four (sometimes using two at a time) to most efficiently cool the equipment.  Again, brilliant, if not obvious.

The last bit to catch my eye was the use of color.  They color code the equipment and locations and then designate which color can be worked on during a given period.  All of the equipment is redundant and each component of the redundant system is in each of the colors.  Therefore they reduce the chance of human error by controlling which color can be maintained on that day.  Brilliant, again.

In any event, it makes a really good read and I would highly recommend Ashlee’s articles.  I can’t think of a better place for mission-critical remote desktop solutions.  Let’s see who else can catch up to Switch now that the bar has finally been raised.

Most of the information that is being collected for remotedesktop.com is more efficiently presented as a Wiki rather than a blog.

You can visit our new Wiki at:

http://wiki.remotedesktop.com/

There is now a dedicated page over at Microsoft Connect for the Remote Desktop Connection Client for Mac 2 Public Beta where you can download the new Beta and submit feedback (Windows Live ID sign-in required). 

David Liu has announced that Mac RDC 2 Beta 3 is now available.  And it’s good.

David has noted in his blog post on the Office for Mac Team Blog that there are some improvements to this latest release, including multi-language support, online help, and easier access to servers & multi-windows. He believes this should tide Mac users over until the official release of RDC 2. No word on the actual release date to my knowledge.

The ability to use the Mac’s keychain is probably one of the nicest features.  Automatic reconnect and the ability to choose which display it’s launched on are nice too.  Very cool is the control of the shared Mac folder — now you decide from where the share originates.  Printer too.  Mac menu bar and Dock visibility are also controllable.

A new security feature also exists that allows RDC to authenticate the computer to which you are connecting.  Because of the pop-ups, you have three settings: bypass,warn and no connection on fail.

Remember to uninstall Beta 2 before installing Beta 3.