Microsoft Windows Critical Security Update

Microsoft has released security bulletin MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (KB 958644), to address a vulnerability in all currently supported versions of Microsoft Windows products, including Windows Server 2003, Windows Server 2008, Windows XP, Windows Vista, and all versions of Windows 2000.

Virtualization and the IBM x3850 Series

Virtualization is transforming technology solutions and is enabling businesses to literally do more with less. There are many reasons to be interested in virtualization - consolidation, flexibility with balancing workloads, and energy efficiency, to name a few. In this article, we present the merits of VMware virtualization technology on IBM System x3850 M2 hardware.

Preventive Maintenance & Broadview Managed Services

The Broadview Networks Preventive Maintenance and Managed Services program is designed to deliver comprehensive maintenance services for our customers' servers, desktops and firewall systems.

Windows Server 2008 - Failover Clustering

Providing highly available services to critical applications and services is a cornerstone for any IT department and as the size of the environment grows, the criticality of uptime escalates. Failover clusters can provide IT professionals a means to deliver high availability for services or applications.

Technical summary of the vulnerability

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests.

Recommendations

Broadview Networks recommends that all of our customers prepare their systems and networks and apply this security update immediately to help ensure that their systems are protected from criminal and/or malicious exploit attacks against this vulnerability. This is a very serious vulnerability and Broadview Networks strongly suggests that our customers plan accordingly and consider the impact this vulnerability may have upon their networked systems.

For more information

If you would like more information about this security bulletin, please contact Broadview Networks. If you would like to discuss any technical elements of this security update or the applicability of this bulletin to your networked servers and desktop/laptops, you may schedule an appointment with a member of our Technical Services department by calling 204.984.9897 or email service@broadviewnetworks.ca with your request.

Benefits - maximizing return on investment

Virtualized servers make the most of their underlying hardware - running multiple operating systems on one physical host can deliver business value through reduced ownership costs, and increased hardware utilization - and can enable organizations to dynamically allocate computing resources where and when needed. With each physical server hosting multiple virtual servers, a virtualized data center requires less physical space, less electricity, and it produces less heat. And as computing capacity of the host system increases, the potential to increase virtual system density grows while the total cost per server decreases - fewer hosts are required to support the same number of virtual systems.

Achieving the highest business value from any virtualization strategy requires targeted solutions which are designed for virtualization from the ground up.

Optimizing Virtualization Potential

IBM and VMware have collaborated to deliver enterprise-level virtualized solutions. The IBM System x3850 M2 is powered by the Intel Xeon 7400 processor series and runs VMware Infrastructure software, delivers outstanding virtualization performance with lower energy demands. This system offers up to four Intel Xeon processors, which can deliver as many as 24 cores and supports up to 256 GB of memory. And for intense workloads, add a ScaleXpander Option Kit and XpandOnDemand cable to convert an x3850 to an x3950 M2 system, and connect a second x3950 M2 chassis. This move doubles the capacity of the original system - and can be repeated to include up to 4 x3950 chassis' that can support up to 16 sockets (96 cores), up to one terabyte of memory, and 16 hard drives in a 16U rack space!

VMware's ESX 3.5 serves as an efficient interface between the underlying hardware and the virtualized systems. Memory performance now supports up to 256 GB across all virtual machines, and any one virtual system can have 64 GB allocated. And the IBM x3850 M2 is available with ESXi 3.5 (embedded form) - turn the system on and provision virtual servers out of the box.

High Reliability

As the number of services on any physical host start to rise, so does the criticality of the physical hosts upon which the virtual environment depends. VMware VMotion can move virtual machines from host to host as a means to ensure availability of key resources and systems. IBM provides Predictive Failure Analysis technology, which can increase reliability through monitoring devices, tracking component health, and proactively anticipating potential failure. Alerts are generated if a problem is likely to occur, and migration of a virtual machine to an alternate host can be automated from these alerts.

More Information

If your organization is looking for more information about IBM xSeries systems, VMware virtualization software, or services related to the design or implementation of a virtual environment, please contact Broadview Networks enterprise sales with your inquiry.

Preventive Maintenance

Computer systems benefit from routine and regularly schedule services. Much in the way an automobile functions better when it is regularly serviced by an automotive technician, servers and client systems can function better and longer if they are well maintained. Software and hardware based solutions require inspection, attention, and adjustment in order to run optimally, and when maintenance is ignored or left to an ad-hoc schedule, problems can arise. Without a pattern of maintenance it can be difficult after failure to determine the cause or the corrective action that might address the issue. The negatives can add up - downtime, lost productivity, failed equipment, and loss of data - in some cases, the issue can become disastrous to a business - and might have been prevented if detected in advance.

Broadview Networks recommends customers perform regularly scheduled and policy-driven checkups of servers, desktops, laptops, and network and firewall systems to ensure that business systems are inspected and documented. Our approach is designed to drive compliance through a checklist-driven process. Through consistent low effort checkups, our technicians assist customers in identifying changes to a network over time, and they provide services to help customers get more performance and extended usage out of systems. Work is scheduled in advance and is easy to forecast and budget for throughout the year.

Reporting and logging efforts

Broadview Networks has developed an efficient method to help companies maximize the investment in their existing IT infrastructure - actions and observations captured during Preventive Maintenance are compiled into a series of reports that can help a customer identify trends over time. Customers have all past Preventive Maintenance reports saved in a secured online portal where the reports are accessible and can be saved locally for internal documentation purposes.

So what's on a checklist, and what gets inspected? The Broadview Networks Preventive Maintenance checklist includes information such as server drive space consumption, BIOS and firmware revision levels, service health checks and logfile analysis and interpretation from a skilled consultant. Recommendations are outlined, and actions that were taken during the inspection are documented so that customers have a record of activity and changes to systems. Activities vary depending on the type of device - firewalls receive a different inspection list from desktops and servers. And our checklist is evolving as the hardware and software mix in our customer environments changes; a checklist on a virtualized server differs somewhat from the inspection performed on a host physical system.

Protecting your investment

From servers to firewalls, Broadview Networks' Preventive Maintenance program can provide your company with a detailed list of assets and their current system health. Whether you're a business owner or an IT Manager this efficient proven program can help ensure your network is functioning to its capacity, and you can have confidence that routine inspection is performed to help identify issues before they become critical to the operation of your infrastructure.

Broadview is here to help with all your Preventive Maintenance needs! Contact Us today for assistance with your network.

A failover cluster is a group of independent computers that work together to increase the availability of applications and services. The clustered servers (called nodes) are connected by physical cables as well as by software. If one of the cluster nodes fails, another node begins to provide service (a process known as failover). Through the use of failover clustering, users experience a minimum of disruptions in service, even if a system in the cluster becomes unavailable.

In Windows Server 2008, the improvements to failover clusters (formerly known as server clusters) are aimed at simplifying clusters, making them more secure, and enhancing cluster stability. Cluster setup and management are easier, and there have been improvements made in security and networking. And communications between failover clusters and storage has improved.

Microsoft supports a cluster solution only if all the hardware components in the solution carry the “Designed for Windows Server 2008” compatibility logo. In addition, the complete configuration (servers, network, and storage) must pass all tests in the Validate a Configuration wizard, which is included in the failover cluster management software. The validation process performs several test, for example it tests nodes (does the server meet requirements), it tests the network (are there at least two separate subnets), and it tests storage (does storage correctly handle scsi commands).

Improvements to Setup and Migration

Setup procedures for Server Failover Clustering follows a wizard-based installation procedure that is similar to other Windows Server 2008 functions, for example, like adding a server feature or role. This simple interface permits an administrator to setup a cluster in one simple process. Setup can also be scripted if you prefer to automate the deployment. And resource group settings can be captured from a cluster running Windows Server 2003 and can be easily applied to a cluster running Windows Server 2008.

Improvements to Cluster Management
The cluster management interface has been optimized to make managing the cluster easier and more intuitive. Cluster management can be performed from the command line as well as the Windows Management Instrumentation (WMI) management console. Managing clustered shared folders is now easier to do because it can create customized views to quickly see which shared folders are clustered and which cluster a shared folder is available on.

Multi - Site Clustering

With Windows Server 2008, Microsoft now supports geographically dispersed failover clusters. Even with a highly available infrastructure, organizations can still be vulnerable to very large service interruptions, such as natural disasters, wide-area network (WAN) infrastructure failures, or widespread power loss, for an extended period of time. Multi-site clustering addresses this risk and allows geographically dispersed clusters. This High Availability solution allows for the connection of cluster nodes through a local-area network (LAN) or WAN, spanning many miles, for a solution that not only achieves High Availability, but also provides automatic disaster recovery.

Failover Clustering in Windows Server 2008 provides many new and improved features that an organization can use to implement a high availability strategy making cluster servers a smart business choice for the enterprise. If your organization is interested in learning more about this technology or if you are considering clustering to address your availability needs, please contact Broadview Networks for more information.