Posts

Posted on

Blades and the true hidden cost

So as you may know by now, I am not a fan of “blade” technology, and rather despise it. One reason is that they simply are not as “powerful” as some larger systems. So what is this “true hidden cost”. What hardware vendors won’t tell you is that, while they think that their hardware is powerful and “compact form”, is that software vendors will almost rape you on the license cost. So lets look at a good example.

Say you are building a “cloud” (another word I absolutely hate, as it is just a buzz word some one made up, because “network” sounds so simple) for your company. You decided to go with the “all mighty blades” as that is the “current buzz” amongst the IT industry. So I buy a blade chassis from company X which happens to hold 10 blade’s that each hold 4 processors of 8 cores a piece and 128GB of ram (probably fictitious and not a real world blade). You also plan on implementing a virtualization hypervisor on your blades to build your “cloud”. On top of this hypervisor you will be using multiple different operating systems and various middle-ware. Sounds good so far right, just like any typical “cloud” environment. So now lets look at the pricing:

  • For the virtualization layer, we don’t care about CPU’s, just memory in use. So we have to buy enough licenses to support 10x128GB of ram. Again, not too bad, but as you add blades and/or memory your price goes up.
  • For the OS layer, this seems pretty simple, 1 OS license per Virtual Machine. Probably so far the simplest of all
  • For the middle-ware, now this is where the big bucks come to play. Different vendors license their software in different ways so here are some examples:
  1. Per VM, seems pretty simple, 1 license per VM. Easiest
  2. Per User, probably the second simplest algorithm, assuming you have an easy user base, i.e. all users are internal company users, or all are external users, etc.
  3. Per physical host, the most complex and costly. Why so? Well lets look in to this in more depth.

 

So in #3 above I mention that licensing middle-ware per physical host is the most complex and costly. Some people may be thinking that I am absolutely crazy by now but hold on to your seats and watch the money start adding up.

Say we have a fictitious product from vendor Y, the licensing of it is $100 per core of physical server, and the vendor of the software does not “recognize” virtualization.  So if we weren’t doing virtualization to license this product on one of our fictitious blades, that product would cost $3,200, as we would have to pay for all 32 cores in the blade. Still not too bad. But here comes the kicker, say that we created a cluster in our hypervisor that contained all 10 of the blades in our chassis. In addition to this, we have determined by usage that to be able to run Y in our environment, we only really needed a VM with 1vCPU and 2GB of ram. In a physical world, if you could find a server with one CPU, then we would only have to pay $100 for this piece of software. In addition if the vendor  Y supported virtualization you would only have to pay $100 to run it. However vendor Y is all about the money, so to run this one software package on your “cloud”, you would have to pay $32,000.

Wow, $32,000 vs $100 is 320% markup because vendor Y doesn’t “support” virtualization. But you are probably thinking, but hold on a second, I know that VM will only run on one blade at a time, why do I have to pay for all 10? Well because your VM has the possibility of running on any of the 10 blades at any given time. So you have to think of it sort of like auto insurance. Say you have 3 cars, but you can only drive one at a time (because you are only one person). But you still have to pay insurance on all 3, because there is a chance that you could drive any of them.

Does this make sense, hell no… But hold on to your seats because it gets even better. The vendor of product Y also make a hypervisor that does the same thing as another companies hypervisor. But the kicker is that if you use vendor Y’s hypervisor which has less features and abilities that vendor Z’s hypervisor, but does nearly the exact same thing (virtualize an OS instance), they will allow you to only pay for the 1vCPU license to run their product. This is just plain wrong, especially when you have already invested in vendor Z’s platform.

So with “cloud” computing being the current wave of IT, why can’t software vendors recognize that nearly 75% or more of most environments are already virtualized or moving to a virtualized “cloud” environment. If they can’t recognize this, then chances are people are going to go else where for their software needs. Because as your “clouds” get bigger the cost is exponential. To see that just use this as an example, the environment above is for a development. Once we go to production, say we have to have 10 chassis of blades, and there is a possibility of that one application running on any one of the 10 blades on any of the 10 chassis. So now instead of $32,000 you end up paying $320,000 for one little application, that only requires a 1CPU machine to run.

But what the hell does this have to do with blades? Well if you used larger hardware, you could decrease the number of physical servers that were in a particular cluster by consolidating even more. In the simplest term building up vs out. As an example say I could replace all 10 chassis of blades with 6 large servers (large meaning that they could hold 512GB of ram vs my max of 128GB of ram that my “blades” do). Now instead of paying for 100 blades with 4 processors of 8 cores a piece I am only playing for 6 servers of 4 processors of 8 cores a piece, a cost of $19,200, or 6% of the cost of using blades.

I leave it to you to see how much you would save by getting rid of your blades …

Posted on

Major home repairs part duex…

So as a continuation of last years home repairs I did a couple more major repairs in 2011. This year was some doors and a new deck. I started with the doors in August, replacing the front door and basement door. The front door was leaking heat/cold so bad that it was time to be replaced with a more energy efficient one.

 

Old door removed, getting ready to seal the footer before putting the new door in .

 

New door and storm door installed

After the front door was installed, the basement door was next. It also leaked water, air and was not energy efficient.

Basement door, seen it's better days.
The jam of the old door.
What was left of the old door jam. nice water damage..
New door and storm door. Rot free jam as well.

 

 

After the doors were replaced, I noticed a dramatic difference in the house. The front door no longer was extremely hot or cold on the inside, which is awesome.  The next big project was to replace the deck that I removed last year around this time.

laying the decking boards.

 

stair stringers built.

 

Deck boards laid and railings up

 

Finished Deck, stairs and landings
finished deck
finished stairs and landings

 

The bonus project that was done was replacing the basement window with a new energy efficient one.

 

All told with the above work and fixing a water leak that was in the wall going to my kitchen sink, it was another $11,000 in home repairs this year.  Next year I hope to replace the patio door, fix the chimney and possibly get a concrete driveway done..

Posted on

What happens in Vegas, should have stayed in Vegas

Last week, I went to VMworld 2011 in Las Vegas. The conference was great, 20,000+ people all there and focused on one thing, VMware and every product they offer. This was my first time at the VMworld conference, and hopefully will get to go again some time in the future. The main reason I went was because of the recently released vSphere 5 and seeing what all it offered and what all was changed. Needless to say, there are many cool new features that were added, I am only going to mention a few here, but the full list is available in this PDF.

The first cool feature is : Auto Deploy. Simply said, (wish they would have chose a different name) it is PXE boot of the vSphere image from a TFTP server, so no local disk is required to “run” vSphere. For example if you have a “shit ton” of blades and don’t want to have to go update and install all of them, just get their MAC address, setup the host in DHCP with a couple of DHCP options to tell it where to boot from and have the blade boot from the network. It will download the image from the TFTP server and run automagically. Once up and running all config is stored in vCenter 5 (a requirement!). So need to upgrade your hosts? Just reboot them after updating the image. A couple of notes for this, make sure you have logging set up to go to your syslog server, and that you set up the Dump Collector incase of a PSOD.

Another cool feature is: vSphere 5 supports Apple Xserve servers running OS X Server 10.6 (Snow Leopard) as a guest operating system. This is because vSphere now supports UEFI “bios”. Now “supposedly” this does not require Xserve’s (since Apple no longer sells them), but it “requires” them because of Apple’s EULA for use of Mac OS X.

There are many other features that have been upgraded, or are new.. Too bad the conference wasn’t a little longer, as the amount of sessions I wanted to go to were greater than the amount of time I had available to go to said sessions. (I.E. only one instance of a session and 2 sessions I wanted to see were at the same time.)

The Hands on Lab area was “freaking huge”. There were over 800 workstations set up where you could do 1 of 16 LABS (you could do more, just had to stand in line, I was only able to do 1 in the week I was there). Ironically each “lab” station was a Wyse “chubby client” that had dual monitors so you could rdesktop to some windows XP and servers to do the work. The HOL area, sort of reminded me of the CTF area at DefCon, a huge big room, with nearly no light what so ever and hundreds of thousands of screens.

The most interesting part of the conference is that they have grown so big, that next year they have to go to San Francisco to host the event, as there is no place in Vegas that is big enough to house them. This year it was at the Venetian with some spill over to Wynn. They also had the Sands Expo hall, which is connected to the Venetian. The “dining” room was 1.5 million sq ft alone, you could barely see from one end to the other.

I will have to say out of the many conferences I have been to by different vendors, I will have to say so far VMware has been the best. Some of the things that has made it stand out from the rest:

  1. Food, while not “the greatest ever” it was far better than I have had at other places. They gave us breakfast and lunch every day. In addition the break periods between sessions had different items every day. One day they had fresh hot made pretzel sticks with cheese and different sauces.
  2. Hang out area: Most conferences if there is “downtime” you usually end up either walking around or going back to the hotel. VMware set up a “hang space” where they had a basketball court, badmitten court, huge chess sets, fake grass to sit on in front of a big screen (like 20+feet) TV. A Twitter vMeetup place, where you could meet other people that you have met on twitter.
  3. Scheduled sessions. While I was skeptical at first on “pre-registering” for the sessions you want to attend, I think in the end it was a good idea, as it “guaranteed” your spot in the session as long as you showed up 3 minutes before it started. (There were gaps between end and start, so you really had no reason not to be there.)
  4. Group Discussion: in some conferences, I have seen “group discussion” be these “huge” groups where it ends up being a more Q&A session. VMware had group discussions, where there were maybe max 30 people in a room, each one had a clicker, and everyone voted on how the session went and it was a free form for questions. One of the best ones was the Oracle on VMware vSphere one. I learned a lot from that session.
  5. P.A.R.T.Y. : By far the best conference / vendor party I have ever been to. First was the food, you name it, they probably had it. I didn’t realize this till I had already ate a couple of slices of pizza. Then I saw a station where they were making fresh cut cheese-steak sandwiches, another was doing fresh made crab cakes. Like I said, name it, and it was probably there. In addition, a huge open bar (not that I drink, but it was there). So now that we got past the food, they had at least 4 different acts during the night. Two people doing fire tricks, then the openers was Recycled Percussion, which I didn’t realize who they were till I got back to the hotel room that night, but they were on the America’s Got Talent show, and previously had a show nightly in Vegas. The headliners were The Killers. They played for an hour and did all the “popular” songs along with some that I hadn’t heard before.
    This part of the party ended around 9PM. Which was the start time to the “after party” which was at the Venetian pool. I did not go to it, but it sounded like people had a bunch of fun there too.

So if you are still reading by now, you are probably trying to figure out the second part of the title “… should have stayed in Vegas”. Well, it seems that some time either on Sunday or early Monday morning I either sprained or got a stress fracture in my left foot. Needless to say, the 30+miles of walking I did, (cause my hotel was 2 miles away from the conference hotel, it is a damn long walk from Planet Hollywood to the Venetian even if you take the monorail when your foot it hurting like a Mofo) did not help it any. By the time I got home it was still hurting and I noticed that the top of my foot started to have some swelling and bruising. I just iced it on Saturday and Sunday, but as of today it was still hurting and didn’t seem to change much, so I ended up going to the doctor to have it X-ray’d. They said it didn’t show any fractures, but thought it was just a really bad sprain or a damaged ligament. So it is more ice, and a ankle air cast for a while. So that is what I “wish that it should have stayed in Vegas.”

Posted on

ReplayTV, TiVo and the general state of DVR’s

I currently have 5 (yes 5) DVR’s for recording shows. This goes back some years, but I have 3 ReplayTV DVR’s (2 with 80 gb Drives, and one with a 200 gb drive that I hacked to get it to work after the original 40 gb drive died in it.). They were / still are great DVR’s. They were pioneers in many ways compared to TiVo. They have built in network connections long before TiVo did. They allowed streaming of shows between units, years before TiVo could. All around they are great little Standard Definition DVR units. Granted they could only record what was on the analog tuner, however they supported multiple inputs so you could hook a cable box to them or other device and record it.

Up until late last year, 2 of them were connected to a Comcast cable box so I could record any channel that I received on the cable box. The third unit was connected just to the cable, so it could only record the analog channels. Well as with the “rest of the world” Comcast decided to drop all analog channels from their cable line up, in favor of the “better” digital signals. (Which they compressed to hell and back….) Anyways, this would have made the one DVR a door stop. However, Comcast decided to give away 2 free “Digital Tuning Adapters”. So I thought this would be cool, I could just hook it up and put it in front of the DVR and be able to record the channels. Well, the DTA required me to “hack” the ReplayTV unit as it (the ReplayTV) did not have the IR codes to control the DTA. This took me a better part of a day one weekend to get working. So at least it is able to record the basic/extended cable line up.

So fast forward half a year, and I turned on the ReplayTV one night to watch a recorded episode of Top Gear [because Comcast doesn’t have BBC in HD 🙁 ] and I see a message stating that:

Important Announcement!

The ReplayTV Electronic Programming Guide (EPG) Service will be permanently discontinued on July 31, 2011. After this date, owners of ReplayTV DVR units will still be able to manually record analog TV programs, but will not have the benefit of access to the interactive program guide. Effective immediately, monthly billing for the ReplayTV service to remaining customers has been suspended.

The industry conversion to HDTV is complete and ReplayTV DVRs are unable to take advantage of the wealth of HDTV programming. Please contact your service provider for current offerings.

What pissed me off the most was the last line: “The industry conversion to HDTV is complete….” Wait just a minute, there are hundreds of SD channels on Comcast’s lineup, that aren’t available in HD. So now all of the sudden I go from having 5 DVR’s to 2. Granted ComCRAP just raised my bill by another $16 a month, so the saving in the lost of paying the ReplayTV monthly fee makes my cable cost go down a little, but this still makes me mad as the ReplayTV DVR’s are still useful and very much liked by their user’s.

Well it appears that some people are trying to get a fix to allow them to continue to work after the July 31, 2011 cut off. One of the workarounds is by using WiRNS and Schedules Direct. Since I had previously set up a WiRNS system to hack the one DVR to get the IR codes in it, I decided that it wouldn’t be too hard to set it up on the new VMware server I have at the house since it didn’t require much processor and disk space. Also the Schedules Direct method only charged $20 a year for guide data vs the $23+ a month I was paying now for the ReplayTV units. (So almost a $260 a year possible savings.)

This is all cool, however there is one thing that hasn’t been figured out yet. That is how to handle the encrypted clock connection on the ReplayTV unit. If this can’t be figured out, then the 3 ReplayTV’s, basically become the VCR’s of the 90’s.

So on now to TiVo. I have had one of my TiVo’s for a year now, the other for about 6 months. Over all it is pretty good, but there were items that the ReplayTV made so much easier that I can’t do yet with the TiVo. For example, there is a Java application called DVArchive that I run on one of my servers that “talks” to all the ReplayTV units and shows me a list of what all shows are recorded on them, what upcoming shows will be recorded, lets me transfer shows from the ReplayTV to the local server and lets me schedule recordings from one web interface to go to the ReplayTV’s instantly. This isn’t available on the TiVo. Yeah I can go to TiVo’s site, but it is some what of a kludge to see the entire ToDo list across both TiVo’s. Also the scheduling is based on the TiVo polling the Internet vs the push of the recording to the ReplayTV.

One of the big things that was missing on the TiVo side was the ability to “stream” between the two TiVo units. This was one of the reasons why I went the ReplayTV route instead of the “mainstream” TiVo route. Yeah you could “transfer” recordings between the TiVo’s, but this could only be done IF the cable company did not set the Copy Protection flag, which nearly every HD and SD digital channel has this set except for the local OTA channels. In the long run, this meant that if I recorded a program on one TiVo I had to watch it on that TiVo, instead of “where I wanted to” like with the ReplayTV’s. Well as of yesterday, this seems to have changed. It appears that TiVo with their latest software update has enabled “Streaming” between the TiVo’s (like the ReplayTV’s had probably a good 7+ years ago). Now you don’t have to “copy” the entire program to the other TiVo to watch it, in addition the Copy Protection flag does not apply to the “streaming” of the video between the 2 TiVo units.

This is excellent news as now I can record a movie on one and then watch it on the other and vice verse with my weekly shows that get recorded.

So you are probably thinking if you are even reading this far, what the hell does this have to do with the “General state of DVR’s”? Well it just shows how some DVR’s are pioneers, some are the “popular” ones and then some are ones that people are just “stuck with”. What I mean by “just stuck with” is those people who are unlucky enough not to realize how good ReplayTV was, or how much functionality the TiVo Premiere’s have VS a “Cable company” DVR. Seeing how I have had all three now for a while, (although I did get rid of the ComCRAP DVR) I would still rate the ReplayTV as the best DVR that I have had. Granted it doesn’t do HD picture, but then again not everything on Comcast’s lineup is in HD. I still use them to record all my SD content and use the TiVo’s only for HD content.

Comcast’s DVR is just plain the worse thing I have ever seen. They only have a 160 gig HD in their HD-DVR which means that after a week of shows, it is usually out of space. Not to mention, there was NO way to schedule anything on it except scrolling through the on screen guide. There was no “searching” for items to tape. No way to save programs. No way to stream it to other units.. Think of it as the VCR of the 90’s with the VCR+ module added in.

Overall I think that DNNA made a bad move by discontinuing the ReplayTV EPG, but I guess in this day and age every one has to way the good vs the bad at some point.

WiRNS (the Windows Replay Network Server) URL: http://wirns.com/
DVarchive URL: http://dvarchive.org/
Schedules Direct URL: http://www.schedulesdirect.org/
ReplayTV announcement: http://www.digitalnetworksna.com/replaytv/

Posted on

Wireless security

Been doing some research lately on WiFi and security of it. So I have been doing some scans and out of the 3,655 WiFi access points I have observed, here is the breakdown on the security of them:

Count Encryption Type
859 Not Encrypted
760 [WEP]
680 [WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP]
519 [WPA-PSK-TKIP]
301 [WPA2-PSK-CCMP]
110 [WPA-PSK-CCMP][WPA2-PSK-CCMP]
101 [IBSS]
36 [WPA-PSK-TKIP][WPA2-PSK-CCMP-preauth]
31 [WPA-PSK-TKIP][WPA2-PSK-TKIP]
30 [WPA-EAP-CCMP][WPA2-EAP-CCMP]
28 [WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP-preauth]
21 [WPA-PSK-TKIP+CCMP]
18 [WPA2-PSK-CCMP-preauth]
18 [WPA-PSK-CCMP]
18 [WPA-EAP-TKIP][WPA2-EAP-CCMP]
16 [WPA-PSK-TKIP][WPA2-PSK-TKIP+CCMP]
15 [WPA-PSK-TKIP][WPA2-PSK-CCMP]
14 [WPA-EAP-TKIP+CCMP][WPA2-EAP-CCMP]
12 [WPA2-PSK-TKIP+CCMP]
10 [WPA2-PSK-TKIP]
9 [WPA-EAP-TKIP]
8 [WPA2-EAP-CCMP]
8 [WPA2-EAP-CCMP-preauth]
8 [WPA-PSK-TKIP+CCMP][WPA2-PSK-CCMP-preauth]
8 [WPA-?]
5 [WPA-PSK-TKIP][WPA2-PSK-TKIP-preauth]
3 [WPA-PSK-WEP104+TKIP]
3 [WPA-EAP-TKIP][WPA2-EAP-TKIP]
2 [WPA2-PSK-TKIP-preauth]
1 [WPA-PSK-CCMP][WPA2-PSK-CCMP-preauth]
1 [WPA-EAP-TKIP+CCMP][WPA2-EAP-TKIP+CCMP]
1 [WPA-EAP-CCMP]
1 [WEP][IBSS]

It is amazing that nearly a quarter of them were unencrypted. What was even more interesting I saw a bunch of them on rural roads, so it was almost like “well no one lives around me, so why encrypt it”. So I would ask that everyone, no matter where you live, please enable encryption on your Wifi. In addition don’t use WEP, please use at least WPA and preferably WPA2. If I add in WEP as being basically “un-secured” you have over 44% of the WiFi access points not being “secured”. WEP just isn’t that strong, and with people doing banking and online shopping, you shouldn’t be doing any username, password or credit card info over a open or WEP encrypted WiFi connection.

Another factoid is the preference for WiFi channel:

Count Frequency (Channel)
1 2407 (??)
1 2472 (13 – Non US)
40 2457 (10)
41 2442 (7)
46 2432 (5)
52 2417 (2)
69 2447 (8)
141 2427 (4)
158 2452 (9)
229 2422 (3)
718 2462 (11)
731 2412 (1)
1428 2437 (6)

It appears that Channel 6 (aka 2437 Mhz or 2.437Ghz) is the “most popular”. Probably because that is what most routers come with as a default. It also appears that a lot of people don’t change their SSID either. I saw 214 “Linksys”, 106 “NETGEAR” and 22 “belkin54g”, which are all default SSID’s. 542 total were a combination of those 3 (spelling case and maybe a number added to it).

So in the end what does this all really mean? For one vendors need to be more proactive about helping inexperienced customers to properly secure their wireless network devices. In this day and age, routers should be sold “secure by default” and really not let the router connect to the Internet until the default admin password and ssid have been changed, and proper encryption has been set up. Why do I say this? Well there are ton’s of people who just buy a WiFi router, and don’t understand that if they don’t secure it that some one in their neighborhood could use their WiFi network, with or with out permission, and do something “bad” and the next thing you know the cops will be showing up at your door because the connection was traced back to your house, NOT your neighbor’s.

Some tips for SSID’s as well.

  1. Please don’t make the SSID your postal address, especially if you are in an apartment don’t tack on your apartment number.
  2. Don’t leave it as the default from the vendor. If you do this makes it a litter easier to guess that you haven’t done any security on it, and some one can now take control over it, because you more than likely have not changed the default password.
  3. Don’t name it your family name, or any ones name in your family. If you do, you can fall pray to some social engineering hacks
  4. Make it something that is not going to interfere with some one around you if you live in a crowded area.. Nothing like having 6 WiFi’s in a small apartment building all on channel 6 all with the SSID as Linksys and different passwords on all them, you will get horrible performance.