Hi Andrew: Sorry the update didn't go well, but interesting issues. Previous to the update did you have a mix of 2K and 2K3 DCs or were you exclusively a 2K shop? If the former, did the 2K3 DCs work fine after the upgrade? I find templates to be very useful in VMWare. You need Virtual Center to have official template functionality, but there are ways of getting the same thing if you don't. With VC, if you turn a VM into a template, on the actual file system it is layed out just like an ordinary VM accept I think one filename has changed. With VC, when you're in the VIC you won't even see your templates unless you are in the virtual machines and templates view, this will show you all the VMs and templates in one view regardless of which actual ESX host they're on. Other than having different context menu options, there is no way to tell a VM from a template, although I'd imagine there's probably a different icon or some such. You can then clone VMs from the template and place them wherever you want. I'm still learning about the new functionality, so I'm probably missing some of the stuff you can do. When we didn't have VC, we had a way of simulating templates using regular virtual machines and the free downloadable VMWare Converter program. We would get an VM set up how we wanted it, give it a name like "2k3 template don't touch" or something like that. When we wanted to clone the template, we'd fire up converter, and use it to copy the esx VM to the machine we wanted. It took a little time for converter to do its thing, but we never had any issues with it. If you haven't already, I'd look into VMWare Converter, its free, and is very powerful, even beyond just converting physical machines to VMs and working with VMs. It can also restore VCB backups, and convert VMs from the format ESX uses to a format that can be loaded into Workstation, or even the free Player product. Another way you can get what you want without using Converter but a little more clumsy is to create the VM you want to use as your template, log into the service console, SU to root and cd to the directory containing the virtual hard disk files. Then use the vmkfstools -I command to move the hard disk image into a new directory. Then, go back into the VIC and create a new VM with the exact same hardware as the template, but instead of creating a new hard disk, point it at the .vmdk file you copied. This method is clumsier because you have to remember the hardware info for your template VMs and get it exact, but it works and can be slightly faster than converter. Personally I prefer the converter method as its more fool proofed. You can have ISO images live directly on the ESX server. There is a directory called /vmimages/tools-isoimages (I might be slightly off on spelling.) If you sftp the image to that directory, you can then use the VIC to mount the ISO. From the edit settings dialog, select the CD-DVD drive you want to mount the ISO in, select iso from the location radio buttons. When you're browsing for the ISO, in adition to the datastore all your VMs are in, you'll now see another one called vmimages, which will take you to the tools-iso images directory. BTW. You'll find some ISO images already in that directory, don't delete any of them, those are the VMWare Tools ISOs used when you choose the install/upgrade VMWare tools option. OK, so with all of this said, I'm surprised a WS2008 install took two hours even using the ISO on your local machine. Was your network running unusually slowly? Hope all this helps, let me know if you have more questions. Ryan -----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Wednesday, June 04, 2008 9:37 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Backgrounds Hi, The AD update was interesting. We updated to W2k8 yesterday and it went well. We came in this morning and the server had shut off completely, powering back on and the system had come out of a critical error. We fixed this, and then it happened again just before lunch. We believe it is the network teaming drivers from Broadcom, they are not very good, especially on the 64-bit platform, but each release they say they fixed the issue. Our one 2k DC also went horribly wrong overnight, it stopped replicating and wanted me to do a system state restore. I did this, but it still refused to replicate. This caused a myriad of other group policy errors throughout the clients, so in the end I demoted it, and just ran it as a workgroup member with a DNS forwarder on it, for those clients who still use it as a DNS server. I cancelled the replacement of the final 2k DC tomorrow :). I have a few group policy issues I need to address, our EFS certificate has expired, and I need to replace this, as well as go through all other group policy settings on the domain GPO. How exciting. I am interested in what you say about the Vmware templates, as I am interested in making a machine with W2k3, then copying the template to a range of other machines. Do we need the Virtual Centre to do this? I was also doing a W2k8 install under ESX today, and the install took just over 2 hours! I was getting the ISO image from my desktop, but I am not sure whether I can copy it to a directory on the ESX host? Andrew. -----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart Sent: 04 June 2008 16:08 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Backgrounds Hi Andrew: How did the AD upgrade go? Hopefully very well. Your company is like us until a week or so ago, we just got Virtual Center up and running, and our second ESX box will be up as soon as I can borrow a pair of eyes for a half hour or so to get through the installer until I can work with it on my own. For the most part, I find WSUS predictable as well, although the table could use some work. What gets me is Narrator actually reads parts of that application better than Window-Eyes, go figure. I'm a little disappointed at the filtering options though, I know you can create your own views but I've not figured out how to get the custom level I want, AKA show me updates that were released between dates X and Y, and that have been approved for groups A and B but are not approved for group C. We're on a system where we approve updates for one group, wait a while then approve them for another group, and so on, and that can be difficult to manage. WSUS's lack of good filters makes it difficult to figure out what updates are where, and using the mouse pointer doesn't help much. As I said before though, at least its doable, if long. You're right that VMWare's updater will only update virtual servers, but what impresses me so much about it is how powerful it is compared to WSUS, and how well it takes advantage of the fact that these are virtual machines. For example, before applying patches it will snapshot the VM, then if the update is successful it will wait for a period of time, then delete the snapshot, giving the administrators time to verify the patches worked. Plus it will patch your template VMs without you needing to worry about it, so when you clone a template you know its up to date. I'm looking forward to playing with it over the next few weeks, if it lives up to what its supposed to do I'm going to make a case for moving our servers away from WSUS to this product instead and use WSUS for workstations and the few servers that will stay physical. Ryan -----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Tuesday, June 03, 2008 9:34 AM To: blind-sysadmins Subject: Re: [Blind-sysadmins] Backgrounds Hi, DNS and DHCP is fine in a Core installation. At the moment I have one ESX machine running in a stand alone mode, and it is not connected to any infrastructure server. I have seen the Vmware update manager, but as you say it deals with virtual hosts only, and I don't think it will work for non virtual hosts, i.e, desktops, so we will continue to use WSUS for a while. I am using the mouse cursor in WSUS all the time, since the new 3.0 version came out, and they put it into a console arrangement, I can get Jaws to read some bits, on a good day, but most of the time I use the mouse cursor. Having said this, it is quite predictable in the mouse cursor, and as long as I deal with a screen of updates at a time, it is ok. Andrew. -----Original Message----- From: Ryan Shugart [mailto:rshugart@pcisys.net] Sent: 03 June 2008 16:00 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Backgrounds Andrew: Very interesting points. I don't think server core would be appealing to us if we weren't virtualizing it, actually, the only reason we're upgrading our AD to 2008 is to get the server core functionality. I believe Microsoft has a secure shell alternative for accessing remote commandlines, I think its called remote shell, what I don't know is if its Vista only. We've upgraded our schema, we'll deploy the new DCs when we get the ESX servers up and running. We'll run with both the 2003 and 2008 DCs in production for a while until we're sure things will work like we think they will, then decomition the 2003 DCs. In our case, we'll also need to find new homes for DNS and DHCP, but I believe these are all supported on server core, so there shouldn't be a problem there. On a different note, I'm curious what your WSUS management experience has been like from an accessibility standpoint? I've been able to get it to work, but I find it very clumsy as there seems to be this new type of table control that neither major screen reader is fully working with yet. I find its one of those apps you really need to use your mouse emulation commands to work with if you want any chance of success, and even then its very slow going. So far its been doable, but if you have any tricks you've used, do share. VMWare is now shipping their new Infrastructure Update Manager with new versions of Virtual Center, and this is looking like a really cool product. It not only updates ESX itself, but will patch any Windows or Linux VMs running on an ESX host that's managed by Virtual Center. I was reading up on it yesterday, and if it does half of what it claims, it'll give WSUS a serious run for its money where patching VMs are conserned. Ryan -----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Tuesday, June 03, 2008 6:22 AM To: blind-sysadmins Subject: Re: [Blind-sysadmins] Backgrounds Hi, Regarding server core. We tested server core on a test network, and there are a few reasons why I opted for the standard installation (had we ran this on Vmware, I may have made an alternative decision): 1. Our AD servers run a couple of other things as well. I do have one server holding all the FSMO roles, and that is just doing its thing, but the second controller will run WSUS. This I believe wasn't supported under Core. If this was under Vmware, I would Vmware the server and put another image running WSUS exclusively. 2. We don't have Vista clients, and so we are using the WS2003R2 SP2 management pack to manage the W2k8 controllers. I haven't found any program for 2008 that will run under XP for this, so we have to terminal service into the system to do some 2008 specific stuff. 3. There is no native SSH management of the core. So you are stuck with Telnet (which is a no brainer), RDP (which is frustrating just for CLI access, and anyway is not accessible with JFW/WE yet), or the remote management apps. Andrew. -----Original Message----- From: Ryan Shugart [mailto:rshugart@pcisys.net] Sent: 03 June 2008 06:42 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Backgrounds Hello: This has been a very interesting thread so far. I'm a relative newcomer to IT, I have a computer science degree and a MCSA for 2003. I didn't have to deal much with diagrams, and from what I'm reading it sounds like I've been lucky. I did MCSA (Microsoft Certified Systems Administrator) training through New Horizons of Colorado and overall I was pleased with the quality of my education and their willingness to work with me on accessibility issues. I went back for VMWare training and continued to be impressed. As to work now, I work at an 80 person software development company, our IT department has three people, one manager and two admins of which I'm one, so there's very little specialization. We're pretty much a Microsoft shop with a little Unix, I manage pretty much all of it from AD to Exchange to VMWare to general Unix, so I've kind of turned into a jack of all trades, although I'm not really specialized in any of them. I'd say my Microsoft knowledge is gr eater right now than my Unix knowledge. My biggest frustration is the lack of accessibility in a lot of the software I need to do my job. I'm pretty much totally blind and depend on speech exclusively. I can work around a lot of the issues, but it takes me longer than my sighted coworkers and there are a few I can't. For example, we have a SideWinder firewall from Secure Computing. The Sidewinder runs a modified FreeBSD OS, but modified is the key word. This product's manual states that Unix is a very insecure OS in their opinion. Anyway, this means the commandline is very different from most Unix's, and there's very little documentation for it since you're supposed to use the GUI, which is so inaccessible it isn't even funny. Best part, this product's biggest customer is the US government. Chuckle chuckle. Anyway, I do the best I can, and so far its been enough. Lately I've been really getting into VMWare, and I'm now heading up a project to convert 95% of our se rvers over to VMs running under ESX 3.5. I'm enjoying this project, and so far am not running into any accessibility issues I can't work around, if more slowly. The project itself is quite extensive, we're also migrating our AD infrastructure to server 2008 so that we can run server core for the smaller footprint, so I'll be interested in your thoughts Andrew. I also do a lot of the documentation for our network, again I avoid the diagrams simply because they've already been done and don't need much updating for now, once the VM project is done that might change, but so far I do will with procedural documentation. That's about it here, as I said I'm finding this thread interesting, so look forward to reading more. Ryan -----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Monday, June 02, 2008 10:07 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Backgrounds Hi, Good message. Having a bit of sight, I am able to hop round a bit from one piece to another, but I would recommend the specialisation bit if you can go down that road. On the other side, however, smaller companies may be more interested in employing you - the company that eventually employed me only had around 5 IT staff to start with, and we had to do everything from helpdesk, to server management. Personally I enjoy working with the front-end public facing servers, mainly web servers, but also some of the database servers, and backend servers which runs utility programs etc. This way I have managed to get exposure to a lot of applications, best practices, security requirements etc. I also enjoy seeing how the applications are fitting together, and in some cases helping to put the design together for the apps. Moving on, I am involved now in running the project upgrading our Active Directory to 2008 (I may write more on this in the next few weeks), and a possible Exchange migration. Security is very dry, it is good imho when you are on the firewall etc, but there is a lot of procedural stuff and going through logs you have to do, it isn't always easy to spot what is going on, especially when there is a lot of repetition. One of the things I do is to try and delegate work wherever possible. So for example, I don't do any of the cabling, or cabinet work. This may be just workable in my situation, but there are people who are very good at that sort of thing, and are quite happy to do it. When I first started out, I tried to get into as much as I could, to make people realise I was able to do the relevant jobs. Now, I am throwing the jobs to other people, as I have a full plate! Andrew. -----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Toner, Barry (LIT) Sent: 02 June 2008 15:10 To: Blind sysadmins list Subject: [Blind-sysadmins] Backgrounds Hi all, In the CISCO Networking thread Darren had asked for peoples experiences in the industry. I've included a short snapshot of mine from Degree and placement below. Hi Darren et al, I'm out on placement as a System Engineer with Liberty information Technology at the moment. I've completed an Associate Bachelors in Computing Science and am heading this September towards final year of my BSC HONS Computer Science Degree. Diagrams are the Bain of my life!
From DFD's, UML, Relational Models in Databases they drive me up the wall. Well to be honest it's not so much the diagrams BUT THE LECTURERS UNWILLINGNESS, (laziness), to provide me with reasonable alternative assessments.
I've been fortunate that I've had very technically capable PA's who have been able to use the CAD software under my instructions. This sometimes falls down when the same lazy lecturers have Graduates marking their papers and therefore I'm just a number. I had one lecturer stumble all over the place to try and explain my mark to me. It became evident he hadn't' marked it when he couldn't' even read the hand-writing on the marks given! Another area I struggled with as a non-Braille user is debugging large amounts of code in the software engineering modules. I got round this by having a very helpful lecturer who recognised the hours I was putting in in actually going to his classes and labs, plus the efforts I went to to understand the concepts of the data structures and algorithms he was teaching. He met with me on a one-to-one each week to cover materiel that had been done in that weeks class and give me a brief overview of what was coming up in the next weeks class. I found these sessions invaluable and would encourage any student to request this level of support if you find you are struggling. In my mind a good teacher will make every effort to accommodate a student, because it's important to them and they're passionate about their subject. It might not always be practical granted so you cant' say it's a bad or lazy lecturer if they genuinely don't have the time. Back to work. Sys Eng in the company I currently work for is very challenging if you can't see at all. There's only 8 in total in the Systems dept and that includes the manager. Larger IT Depts will have a team dedicated to Exchange, a team for VMWARE, a team for Licensing, a Networking team, a Helpdesk team etc etc. All our work has to be shared amongst the Sys Engs, Senior Sys Engs, and Principal Sys Eng. With so many proprietary environments it's difficult to get away from the desk and away from the Helpdesk and Sys Admin side of things if you cant' see. System Access To Go, Window Eyes/Jaws on pen drives even NVDA sound great but in the case of WEYE and JAWS they modify Video Drivers. If that's incompatible in any shape or form you have egg all over your face. EG. Some old Dell machines will flip the monitors image upside down (if the drivers haven't been kept up-to-date). If you think an ordinary users desktop environment can be iffy multiply that by ten and you might be close to a developers environment, which is what we deal with in here. Maybe I'm telling my granmother to suck eggs but I would advise anyone who's totally blind, doesn't' read Braille and thinking of going into the IT industry at a corporate level to specialise, specialise, specialise! It's quite difficult to turn your hand to tasks as quickly and on-demand as your sighted peers would. I'm not sure what I want to specialise in, possibly security. Sys Admin sounds OK but I'm not sure if I could sit and fiddle with Active Directory all day. Maybe Exchange but I'd be afraid it might get quite boring after 6 months. Barry. "Tell me and I will hear, show me and I will see, involve me and I will understand. Chinese Proverb" Barry Toner Placement Systems Engineer Liberty Information Technology Direct Line: 02890 167000 Adelaide Exchange Fax: 02890 445511 24-26 Adelaide Street Switchboard: 02890 445500 Belfast BT2 8GD Email: b.toner@liberty-it.co.uk _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins -- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@allpay.net This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins -- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@allpay.net This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/mailman/listinfo/blind-sysadmins