The vNetwork Distributed Switch (vDS) streamlines the process of setting up virtual machine networking by providing you with a centralized point of control for provisioning, administration and monitoring through vSphere's vCenter. In today's video and how-to article, vExpert Jason Nash walks you through the configurations required to setup a new vDS in your vSphere environment.

Let's start by briefly reviewing the relevant information associated with the main switch and the uplinks group. First up is the main switch.

Hyper-V™ vs. vSphere™

Problem: Microsoft’s planned enhancements for Hyper-V version 3 have more and more customers planning for a dual hypervisor environment. Unfortunately, multiple management consoles are hard to use, clunky, and don’t provide the flexibility needed in measuring & managing virtual infrastructures.

Solution: SolarWinds Virtualization Manager now allows you to see both VMware and Hyper-V environments in a single pane of glass.

FREE 30-Day Trial - SolarWinds Virtualization Manager 5.0

vCenter vDS - Summary Tab

The Summary tab is where you’ll find information telling you the number of hosts, number of VMs, number of networks, total ports, available ports, and so on. As you start rolling out hosts and VMs, those numbers will go up.

vCenter vDS - Networks Tab

The Networks tab contains all your networks, which equate to port groups. Other information includes port binding, VLAN ID, number of VMs, number of ports used, and whether alarms are enabled.

vCenter vDS - Ports Tab

This tab contains vital information related to Port Mirroring and Netflow. When you plug a VM into a vSwitch or a VMs NIC into a vSwitch (as a VM may have multiple NICs), it gets assigned a port. That is, a port ID on the distributed switch.

So, for example, MediaXP is assigned Port 11, while Media SAB is assigned Port 10. Domain Controller (DC) is Port 1 and ViewCon is Port 0.

One scenario wherein these port IDs are going to come in handy is when you’re doing some troubleshooting concerning Port Mirroring and Netflow. That’s because those two reference these port IDs.

So, for instance, you notice that Port 11 is sending a whole lot of traffic. You can go in here and see what Port 11 is. Then you can check what its corresponding VM is, what its MAC is, and what its DirectPath I/O is.

You can also see whether the link is up and which VLAN it corresponds to.

vCenter vDS - Resource Allocation Tab

This is where you configure Network I/O Control and other related stuff.

vCenter vDS - Configuration Tab

The Configuration tab features a GUI showing your current configuration. On the left are your port groups and any VMs you’ve got plugged into them.

Then on the right are your physical uplinks, which vmnic is plugged in, and which servers they are.

Now, if you click on a port group (e.g. FT), it will show you which physical uplinks are being used.

Also, if you click on an “i” icon (enclosed by a blue circle) on the right side, you’ll be able to pull up say CDP for Cisco or LLDP for non-Cisco.

On the other hand, if you click on a similar “i” icon on the left side, you’ll get basic information about the port group in question.

vCenter vDS - Virtual Machines Tab

This tab will just show you all the VMs that are using your distributed switch.

vCenter vDS - Hosts Tab

Similarly, this will show you all the hosts using your distributed switch.

The rest of the tabs include Tasks & Events, Alarms, and Permissions.

Now let’s look at the main options for the main switch. We right-click on the main switch and select Edit Settings from the context menu.

vDS Settings - Properties Tab

In the General section of the Properties tab, you can set the number of uplink ports.

You can also edit the uplink names by clicking on the Edit uplink names button and then changing the uplink names you find in the window that pops up. Notice that there are 4 boxes in our screenshot. That’s because we have 4 uplink ports. The number of boxes will always be equal to the number of uplink ports.

In the Advanced section, one thing you can set there is the Maximum MTU. If you want to do Jumbo Frames (9000-byte frames), you can set it right here.

You can also enable the Discovery Protocol and then set the type to either CDP (Cisco Discovery Protocol) or LLDP (Link Layer Discovery Protocol). In addition to that, you can set its Operation to Listen, Advertise, or Both.

Finally, you can enter some Administrator contact information, such as the Name and other details like email address, phone number, etc. This can show up in CDP or other similar protocols.

vDS Settings - Network Adapters Tab

Here, if you select a host on the left, it will show you vmnics on the right and how they match up with the uplink numbers.

vDS Settings - Private VLAN Tab

This is where you configure stuff like Layer-2 Segmentation or VLANs within VLANs.

vDS Settings - Netflow Tab

This is where you configure the system to send IP statistics to what’s known as a NetFlow collector.

vDS Settings - Port Mirroring Tab

These settings allow you to do traffic sniffing.

Those are your main switch settings.

vDS Uplink Port Group Settings

Then you have what are called Uplinks. For the distributed switch, you only have one set of uplinks. This is in contrast to, say, the Cisco Nexus 1000V, which does allow you to have multiple uplink groups. You may have one uplink group connected to a DMZ network and a second one connected to the production network.

The DMZ uplink group cares about all the VLANs in the DMZ. The one for the production network cares about the VLANs found there. You can’t do that with the vSphere Distributed Switch. If you have a DMZ network and a separate physical production network, you’ll need to segment that, but you only have one uplink group in each vDS.

Let’s now see what we can set for uplinks. You can get to those settings by clicking the Manage this uplink port group link.

vDS Uplinks - General Section

The General section is where you set the uplink’s name. It’s also where you put in a Description, Number of ports, and the Port binding option.

vDS Uplinks - Policies Section

This is where you’ll see a whole bunch of policy settings, including: Security, Traffic Shaping, VLAN, Teaming and Failover, Resource Allocation, Monitoring, and Miscellaneous. The items in the subsections (e.g. Security, Traffic Shaping, etc.) are exactly the same items you’ll see in the main Policies section, except that they’re just grouped accordingly.

One thing to take note of is that most of the items are going to be uneditable. That’s because they’re mainly going to be set at the port group level.

There are still a couple of things you can set. One of them is the VLAN trunk range. The default for that setting is 0 - 4094, meaning, everything. That includes tagged and untagged VLANs. If you follow your security best practices, you should only be configuring this for VLANs that the switch should actually expect to see on the physical world.

Most people leave the setting to the default (0 - 4094), but you can actually set it as shown in the screenshot.

vDS Uplinks - Advanced Section

In the Advanced section, you can allow the system to override certain port policies. You specify which policies can be overridden by clicking the Edit Override Settings link.

Then as you can see, you simply choose either Yes or No if you want to allow or disallow overrides for a particular item.

Basically, there are a lot of things under the uplink settings. But really, the only thing you’ll ever set there is the one concerning VLANs.

Creating a New Distributed Port Group

Let me show you now how to create a new Distributed Port Group.

Just select the main switch and then click New Port Group under the Summary tab.

Give that port group a name.

Next, assign a number for the Number of ports. Remember that when you plug in a VM's NIC, a VM kernel, or something like that, and then you attach it into one of these port groups, it uses a port.

Make sure you set that number to something reasonable. For instance, vMotion might only need 1 port per server. So for that, you can probably set 10 or even 5 and still be OK. If you’re setting for production VM traffic and that particular VM had a /24-network, you might have to put 256 in there.

Just don’t go crazy. Don’t set it to some wacky number like 1024 when all you’ve got is a /24 network. You’re going to use up more ports as you go, and you don’t want to get to that 30,000-limit right away.

For the VLAN type, the choices are None, VLAN, VLAN Trunking, and Private VLAN. None means un-tagged.

VLAN means that as a frame leaves this distributed switch, it’s going to stick a tag unto it for the VLAN number, and the uplink switch is gonna expect those frames to be tagged.

So for instance, in my case, I would set the VLAN ID to 110.

Another option is VLAN Trunking. So if I want to do a trunk, I set VLANs up to my VMs. My VMs are going to expect to see tagged frames. They can have that special guest tagging driver installed.

Finally, there’s Private VLAN. If you see a notice saying Private VLAN is not configured, you then have to configure it in the main switch. Once you’re done with that, you go back here and set the relevant options.

After you click Next, you’ll be shown a summary of the things you just set. Click Finish to proceed with creating the port group.

Configuring a New Distributed Port Group

Now, let’s say you want to configure some settings. Select that newly created port group and then click Manage this distributed port group.

The first settings you can specify, which are found in the General section, are the Name, Description, Number of ports, and Port binding type. Port binding type can be set to either Static, Dynamic, or Ephemeral. This has to do with how it assigns those port numbers that we just talked about. Mostly, you’re going to leave that on Static.

When you proceed to the Policies section, you’ll notice a lot of familiar settings. You’ll see the policy settings for Security, Traffic Shaping, VLAN, and so on.

Here’s where you change your VLAN tagging information and number.

Here’s your Teaming and Failover, set at the port group level. This kind of confuses people because they think you set this at the uplink level. The answer to that is, No. You don’t, because you may do different hashing types and things like that. This depends on the type of traffic and the port group.

By default, it’s just going to be set like a standard vSwitch, and that is Route based on originating virtual port ID. There are actually several options, like:

• Route based on IP hash;
• Route based on source MAC hash;
• Route based on physical NIC load; and
• Use explicit failover order

Route based on physical NIC load is what is known as Load-based Teaming, which is the coolest one because it really looks at the NICs’ load.

All the rest, including Network Failover Detection, Notify Switches, Failback, and others, are standard VMware vSwitch settings.

In the Failover Order list, you can do things relevant to Traffic Separation. For example, if we just want to just use dvUplink4 for vMotion traffic, we can select dvUplink1, 2, and 3 and then click the Move Down button until they’re under the Unused Uplinks.

Or we can select dvUplink3 and move it to Standby Uplinks.

Once you’re done, you just click OK and the changes you made will be automatically saved.

The tabs you see for that port group are basically just the same ones you saw in the main switch, except that they’re specific to the port group for certain things.

Conclusion

Well, that’s it. We’ve gone through nearly all the settings for the main switch, uplinks, and port groups, and so we’re done. See you again next time.

Configuring and managing servers these days can be a time consuming process, unless you work more efficiently and smarter. For example, suppose you need to add a new server feature. Are you going to go to the server, open up server manager, scroll around to find where to add a feature or role and then click through the wizard? Or would you prefer to type a few commands and go to lunch?

With the increasing role of Server Core machines, GUIs aren't even an option. Sure, you could use the Server Manager console from RSAT, but that still takes time to get going. What if you need to manage a feature on 10 servers?

Hyper-V™ vs. vSphere™

Problem: Microsoft’s planned enhancements for Hyper-V version 3 have more and more customers planning for a dual hypervisor environment. Unfortunately, multiple management consoles are hard to use, clunky, and don’t provide the flexibility needed in measuring & managing virtual infrastructures.

Solution: SolarWinds Virtualization Manager now allows you to see both VMware and Hyper-V environments in a single pane of glass.

FREE 30-Day Trial - SolarWinds Virtualization Manager 5.0

Manage Windows Server 2008 R2 with PowerShell

Your answer lies with Windows PowerShell - what else! I'm also talking about managing servers running Windows Server 2008 R2, ideally from a Windows 7 desktop. What makes this all possible is the ServerManager module. Unfortunately, this module only resides on server operating systems. I've never been able to find a way to load it on Windows 7, but that's ok. Because the server is also running PowerShell 2.0 with remoting enabled, I can do everything from a remote PowerShell session.

If you need to automate the process across a number of servers, you can use the following as part of a script or scriptblock that you could execute with Invoke-Command. For now I'm going to deal with a single server.

PS C:\> enter-pssession CHI-FP01 -Credential globomantics\administrator
[chi-fp01]: PS C:\Users\administrator.GLOBOMANTICS\Documents> cd \
[chi-fp01]: PS C:\> dir

I now have a remote session using alternate credentials. The next step is to load the necessary module.

[chi-fp01]: PS C:\> import-module ServerManager

There are only 3 commands we have to work with, but that is plenty.

[chi-fp01]: PS C:\> get-command -Module ServerManager | Select Name

Name
----
Add-WindowsFeature
Get-WindowsFeature
Remove-WindowsFeature

The cmdlet names should be self-explanatory. First, let’s see what features are already installed using Get-WindowsFeature.

[chi-fp01]: PS C:\> Get-WindowsFeature

You’ll see a nicely formatted listing of all features with an X indicating those that are installed. See Figure 1:

But don’t let the output fool you: we’re still dealing with objects.

[chi-fp01]: PS C:\> get-windowsfeature dns | select *

DisplayName          : DNS Server
Name                 : DNS
Installed            : True
FeatureType          : Role
Path                 : DNS Server
Depth                : 1
DependsOn            : {}
Parent               :
SubFeatures          : {}
SystemService        : {dns*}
Notification         : {}
BestPracticesModelId : Microsoft/Windows/DNSServer
AdditionalInfo       : {HelpLink, FeedbackLink, TechCenterLink, NumericId...}

Knowing the property names, I can modify the command to only find installed features.

[chi-fp01]: PS C:\> get-windowsfeature | Where {$_.Installed} | Sort FeatureType,Parent,Name | Select Name,Displayname,FeatureType,Parent

This one line command finds all installed features, sorted by a few properties in order and then displays a subset of object properties. Figure 2 shows the result:

Thinking of building an audit trail? It isn’t much more work to export results to a CSV, XML or plain text file.

Or you might want to drill down to a specific feature or role.

[chi-fp01]: PS C:\> $fs=get-Windowsfeature File-Service
[chi-fp01]: PS C:\> $fs | select *

DisplayName          : File Services
Name                 : File-Services
Installed            : True
FeatureType          : Role
Path                 : File Services
Depth                : 1
DependsOn            : {}
Parent               :
SubFeatures          : {FS-FileServer, FS-DFS, FS-Resource-Manager, FS-NFS-Services...}
SystemService        : {}
Notification         : {}
BestPracticesModelId :
AdditionalInfo       : {HelpLink, FeedbackLink, TechCenterLink, NumericId...}

Some of these properties are going to be nested objects. For example, SubFeatures will provide a list of additional features.

[chi-fp01]: PS C:\> $fs.SubFeatures
FS-FileServer
FS-DFS
FS-Resource-Manager
FS-NFS-Services
FS-Search-Service
FS-Win2003-Services
FS-BranchCache

But these are simply names, which means I can pipe them to Get-WindowsFeature to see if any of them are installed.

[chi-fp01]: PS C:\> $fs.SubFeatures | Get-WindowsFeature

Display Name                                            Name
------------                                            ----
    [X] File Server                                     FS-FileServer
    [ ] Distributed File System                         FS-DFS
    [ ] File Server Resource Manager                    FS-Resource-Manager
    [ ] Services for Network File System                FS-NFS-Services
    [ ] Windows Search Service                          FS-Search-Service
    [ ] Windows Server 2003 File Services               FS-Win2003-Services
    [ ] BranchCache for network files                   FS-BranchCache

Now I can see what needs to be installed.

Conclusion

Configuring and managing servers is a task made easier by using Windows PowerShell. In the next article, we’ll look at adding and removing features.

When learning IPv6 addressing, one of the first things that people notice is that it is much more complex to look at than the previous IPv4 addresses; this is compounded by the fact that a single address can be notated in a number of different ways and still refers to the same device. This article takes a look at IPv6 notation, how a single IPv6 address can be notated in a number of different ways, and how to expand and compress them correctly.

Hyper-V™ vs. vSphere™

Problem: Microsoft’s planned enhancements for Hyper-V version 3 have more and more customers planning for a dual hypervisor environment. Unfortunately, multiple management consoles are hard to use, clunky, and don’t provide the flexibility needed in measuring & managing virtual infrastructures.

Solution: SolarWinds Virtualization Manager now allows you to see both VMware and Hyper-V environments in a single pane of glass.

FREE 30-Day Trial - SolarWinds Virtualization Manager 5.0

IPv6 Address Notation

An IPv6 address has a total of 128 bits that are represented in hexadecimal form, using 8 – 4 hex character groupings.  Figure 1 below shows a fully expanded IPv6 address:

There are two ways that an IPv6 address can be additionally compressed: compressing leading zeros and substituting a group of consecutive zeros with a single double colon (::). Both of these can be used in any number of combinations to notate the same address. It is important to note that the double colon (::) can only be used once within a single IPv6 address notation. Figure 2 below shows what the same address shown in Figure 1 would look like if the leading zeros were removed.

Another method is to use the double colon (::).  Figure 3 shows how the use of a double colon (::) could be used to compress the IPv6 address:

The final compression method removes the leading zeros and uses the double colon (::) to provide the shortest IPv6 notation. Figure 4 shows what this completely compressed IPv6 address would look like:

IPv6 Mask Notation

To notate the number of bits to mask with an IPv4 address, a decimal subnet mask or a CIDR notation was used. For example, to notate an IPv4 C class network range, the subnet address, 172.16.1.0, plus an additional subnet mask, 255.255.255.0 (or /24), were placed and configured together to notate the network range from 172.16.1.0 through 172.16.1.255.

For IPv6, the decimal subnet mask is not used anymore, and only a CIDR notation is used. Figure 5 shows an example of a 64 bit network prefix:

What this means is that all addresses with the prefix 3001:ABC0:FE00:0034 will be included within a single subnetwork. This works out to be 18,446,744,073,709,551,616 total addresses, which is by far larger than needed on any single organizational network (at least at the moment).

Summary

The main stumbling block for most individuals starting to learn IPv6 is getting over looking at a large number of hexadecimal numbers. IPv6 addresses and subnetting work the same as with IPv4 address when converted to binary, and anyone familiar with IPv4 binary addressing and subnetting should be able to understand these IPv6 concepts.

The proliferation of mobile devices today is exploding. The consumerization of IT is only accelerating the amount and types of mobile devices we encounter every day. This evolution in IT creates many new opportunities along with many need demands. A perfect example is the need to print easily, effectively, and seamlessly, from our mobile devices. However, enabling print capability from tablets and phones is not as complex as one might think and doesn't require buying a new printer.

Hyper-V™ vs. vSphere™

Problem: Microsoft’s planned enhancements for Hyper-V version 3 have more and more customers planning for a dual hypervisor environment. Unfortunately, multiple management consoles are hard to use, clunky, and don’t provide the flexibility needed in measuring & managing virtual infrastructures.

Solution: SolarWinds Virtualization Manager now allows you to see both VMware and Hyper-V environments in a single pane of glass.

FREE 30-Day Trial - SolarWinds Virtualization Manager 5.0

Challenges of Printing from Mobile Devices

The challenges of printing from mobile devices such as tablets or phones include concerns like dealing with different OSes and printing from widespread locations. With conventional PCs, we often find ourselves on common networks that we visit frequently such as work, home, or even the local Starbucks. We set up printing for these networks once and reuse whenever we connect to that network. Mobile devices explode that method since they may connect to dozens, or possibly hundreds, of different networks every day.

For instance, it isn't too common to find someone with a laptop wandering an aisle at a department store trying to capture a picture of a dress with their webcam. It is, however, becoming more and more common to find someone snapping a picture of a dress, pair of shoes, or some other item they like using the multi-megapixel camera on their smartphone. The same scenario plays out in industry every day. It wouldn't be safe or smart to wander a busy manufacturing floor carrying your laptop trying to capture pictures of some part or process. Managers and executives, though, could capture those things easily using the camera on their phone or tablet. In either of these examples, what happens if these users want to print out their newly captured image without running back to their PC or notebook?

The one common network most phones and tablets connect to is the Internet. That makes the Internet a great option for carrying print data from the mobile device to the printer. Many current printer models are web enabled out of the box. If you own one of these devices, they connect directly to the Internet and support printing by sending documents from a mobile device to a custom email address, or by using a mobile platform app. HP's ePrint capable printers are great examples of this type of technology.

Don't worry, as mentioned early on in this article, there's no need to run out and buy one of these printers if your old non-web enabled printer is still working great. Google Cloud Print enables virtually any printer to become web enabled.

Setting up Google Cloud Print

Setting up Google Cloud Print to web enable an older printer requires only a few things. First and foremost is a Google account. Add to that a PC (Windows XP or higher) or a Mac, along with the latest version of Google’s Chrome Browser, and that’s everything needed to get an old workhorse printer pumping out documents from an iPhone, iPad, or Droid.

If you already have a Google or Gmail account, skip this step. Otherwise, the first thing to do is sign up for a free Google account. If you’d like free e-mail with it, then create a Gmail account at https://accounts.google.com/SignUp. If you’re perfectly happy with your existing email account and don’t want another, just sign up using your existing email address at https://accounts.google.com/NewAccount.

Step two on our journey to mobile printing happiness is to download and install the Chrome browser from https://www.google.com/chrome. It’s not too large of a download, and installation is both quick and easy. If you have a Mac, use this link instead https://www.google.com/chrome?platform=mac&hl=en.

Now it’s time to get things configured.

1. Double-click the Google Chrome icon on your desktop to start it.
2. On the far right side of the browser toolbar, click the wrench icon.
3. Select Options if you're running Windows, or Preferences if you have Mac OS X.
   
   
4. Click the Under the Hood tab.
5. Scroll down to the “Google Cloud Print” section. Click Sign in to Google Cloud Print.
   
   
6. In the window that appears, sign in with your Google Account to enable the Google Cloud Print connector.
   
   
7. A printer confirmation message will appear. Click the Finish printer registration button.
   
   
8. Success! A confirmation window appears showing that Google Cloud Print has been enabled!
   
   

Printing with Google Cloud Print

Cloud Print will automatically set itself up for all the printers (networked or local) that the PC or Mac running Chrome has configured. You do not need to leave Chrome open once the above steps are complete. You do, however, need to leave your PC or Mac running and connected to the Internet in order to print to its connected printers.

On any PC or Mac, you can print to Cloud Print from within Chrome, by using any other Cloud Print enabled application, or by visiting https://www.google.com/cloudprint/manage.html and using the upload a file process. That’s not why we did this though; we want to print from mobile devices!

On an Android phone or tablet, you can print to your Cloud Print printers using any number of apps such as Google Docs, Cloud Print, or PrinterShare™. Many other apps are available and the list grows almost every day.

iPhone and iPad users should check out PrintCentral Pro in the App Store. This $9.99 app not only allows printing to Cloud Print printers, but also performs a number of other handy functions.

Summary

Printing from smartphones and tablet computers is becoming less of an option and more of a necessity. Using Google Cloud Print is a simple, free way to answer this need. For those using iOS devices, stay tuned for a coming article where I’ll dive into AirPrint troubleshooting.

Microsoft does such a great job of having a full solution for enterprises. I’ve heard some people question the costs of the licenses in contrast to other vendors or open source solutions, but there is no open source solution or vendor that can cover everything that Microsoft products can.

Security Threats Aren’t Subtle!

Your Security Information & Event Management (SIEM) software shouldn’t be either! SolarWinds makes it easy to manage and analyze log files, mitigate threats, and automate compliance processes with our powerful SIEM software, Log & Event Manager (LEM).

SolarWinds LEM quickly identifies attacks, highlights threats, and uncovers policy violations with real-time log analysis and powerful event correlation.

Learn More or Download a Free 30 Day Trial!

It can be really easy to love Microsoft if you’re an IT professional that works on their products. Easy to use GUIs, free training and documentation, and market share that can find you a job in any location.

Still, there are a few nagging questions that can get you wondering, "Is Microsoft ever going to get this right?" Sometimes it seems like Microsoft just messed up a feature, or they just don’t understand what we want to do.

So now, in honor of Windows 8, here are my top 8 questions that Windows 8 has an answer to.

Question 1: Why can’t I have Hyper-V on my laptop? What ever happened to Virtual PC?

Client Hyper-V, full featured virtualization software, is finally coming to workstations in Windows 8! Client Hyper-V is installed as a feature, so you don’t have to buy it separately. It includes all of the features that you expect from your virtualization software: virtual networking, shared drives, and most importantly, snapshots.

You can also use the advanced features of Hyper-V on your installation of Windows 8 desktop. For example, Client Hyper-V allows you to automate your virtual environment using PowerShell, and if you’ve got a multipoint touch-enabled device that you’re running client Hyper-V on, you can also use your touch screen on your VMs.

Question 2: When will I be able to use my own tablet as my work computer?

One of the key devices Windows 8 has been aimed at is the tablet. It’s touch ready, and ready for you to take it with you. It has also been designed to help IT departments manage the huge rush of personal devices into the workplace. The consumerization of IT is making end-users the champions of new technology devices, a role that was previously held by the IT staff.

Determining whether or not a computer is yours, or one you’re just using temporarily, is handled by the Windows 8 feature “User Device Affinity.” User device affinity uses usage percentage, amount of time logged in, and number of times logged in to determine if the computer belongs to you enough to call it “your computer.” If it is the computer that you usually use, regardless of who actually owns the computer, your Windows 8 tablet will identify it as a primary device. A new feature in System Center Configuration Manager 2012 allows administrators to target those primary devices for software installations, whether they are company owned or employee owned.

Question 3: How can my Blu-Ray player and TV “boot up” in under a second, but my computer still takes a full minute?

Windows 8 is faster overall, and in many areas. One area in particular where it is dramatically improved is in its startup time. Using partial hibernation, which stores a set of system files and RAM on the hard drive (but not all of the running programs and RAM that would be used in a full hibernation), Windows 8 systems have been booting up from a cold start in under 10 seconds. Solid State Drives report it even faster, almost instantly.

Question 4: Why can’t I take my programs with me to whatever computer I’m at?

Brand new with Windows 8 is Windows To Go. Windows To Go allows IT staff to load a full version of Windows 8 on a USB drive, including the operating system, personal data, and installed programs!

There are some differences in using Windows To Go: You’re presented with a pre-boot password prompt; If you remove the USB device, the computer freezes in place until the USB device is plugged back in; and booting into your Windows To Go disables hard drives on the physical computer to help prevent your data from being compromised.

Question 5: Where is the factory reset button?

If you’ve wished that your HP or Dell PC came with a factory reset button like your home wireless router does, you’ll be happy to see that Windows 8 provides two features that provide functionality for doing just that: Reset and Refresh. Both are now accessible from the Control Panel metro app, and both will fix problems with your PC. Reset takes it back to the day it was purchased: all apps are gone and all user data is gone. Refresh performs a full reinstall of Windows, but saves your user data, most of your preferences, and saves your installed metro apps.

Question 6: Why does malware start on a PC before anti-malware does?

In Windows 8, there looks to be some great strides taken to prevent malware that starts early in the boot process from being able to mess up your system. Trusted Boot in Windows 8 digitally signs your bootup environment, validating the entire process. The loading of anti-malware software is one of the earliest actions performed by Windows 8, so it is running before malware even has a chance to start.

Question 7: How can the world’s largest software company not have an app store?

Microsoft finally reveals an App store on their desktop operating system with Windows 8. Microsoft has already had an app marketplace that is still used with Windows Phone (via Zune software), but you can now have apps purchased, stored, and delivered directly to your desktops, laptops, and tablets running Windows 8.

Question 8: Why in the world can I not mount an ISO on a Windows machine?

Now, after many years that I have been asking this question, you can finally mount ISOs in Windows 8 as part of the operating system. There are no third party utilities required. You can also mount VHDs (Virtual Hard Disks) natively in Windows 8.

ISOs show up as a new CD or DVD drive, while VHD shows up as a new hard drive. You can access either ISOs or VHDs by either double-clicking them, right clicking them and selecting “mount,” or by selecting the “mount” from the ribbon in Windows Explorer.

Conclusion

Improvements such as improved boot times, new features like Windows To Go, and long overdue basics such as the ability to mount an ISO make Windows 8 a very exciting operating system.

What question about Windows is still unanswered for you?

In this video, Group Policy MVP Jeremy Moskowitz walks us through his Group Policy add-on, PolicyPak, and shows how you can deliver Group Policy settings over VDI to lock down applications.

Jeremy Moskowitz on PolicyPak

Hi everybody. This is Jeremy Moskowitz, Group Policy MVP and founder of PolicyPak software. My friends at TrainSignal grabbed me by the ear; they said "you got to show this to our friends and viewers and stuff," and I am happy to bring this to you. So let's set the stage about what we are about to see and why you should care.

Test Drive: Exchange & Mobile Device Management Tool

Mailscape is an award-winning Exchange and mobile device management tool that provides monitoring, reporting and administrative capabilities in a single, affordable solution.

Installed in minutes, easy to deploy, and intuitive enough for the help desk to use, Mailscape lets you manage your entire environment in a sleek, one look dashboard.

Test Drive Mailscape Today!!

A lot of folks now are being told they have to support this idea of "bring your own device" or BYOD to work, and I know what a huge pain in the neck that can be. You don't know if they are bringing in an iPhone or iPad or a tablet computer. You don't know what is around the bend even, or whatever is next basically.

So what I've got here, what I am about to show you is I don't have a real iPad; I have a fake iPad, and so, you just have to play pretend with me. I hope that will be ok. On my fake iPad, you know that if you use a VDI-based solution to remotely give somebody an entire desktop environment, you have to support the applications. Now getting those applications on those target computers, really those target VDI sessions, is kind of like what actually happens from third party vendors. Microsoft, Citrix and VMWare all have solutions around VDI. But this is what I showed my friends at TrainSignal they kind of fell over, which was that they are missing the last mile. And that's what I wanted to show you.

If you've got a Windows 7 rollout planned or if you've got VDI around the edges, kind of getting warmed up, if you've got desktops and laptops or even terminal server, like I said, when I showed my friends at TrainSignal; they wanted me to show you, too.

Here's the good news. Everything I am about to show you is actually absolutely free, up to a point. So there is a free edition of PolicyPak Professional and there is a pay edition. But the kind of stuff I am going to show you here is free up to a point, and you can find out more about what's free and what's not on our website.

I am going to go ahead and get started here. So here is my fake iPad. As you can see, it's got the fake-like iPad background and you can see here, I've got my real applications here. I've got my Adobe Reader. I've got my Firefox and I've got my WinZip. Again, we are pretending that this is like an iPad that actually is using a VDI session with one of those three vendors to remotely give access to our Windows desktop.

In this case, let me go ahead and run WinZip as an application right away, and the user gets kind of a crappy experience as you can see here. They sort of instantly get a popup asking them a question. They don't know what to do and that's what we are going to talk about. We just want to get rid of all the fuzzy edges around the user's experience when they get new applications and get a new laptop, desktop, or VDI session.

So if we got an options config here, we'll see if there is well, actually a lot of settings for a user to screw up. I happen to be using these three applications as sort of like my baseline. I've got WinZip. I've got Firefox and I've got Acrobat Reader. But actually you could think of these as any application you have to deploy.

Now if you have corporate IT settings that you want to make sure that your users can't work around, as a lot of you know, I am a Group Policy MVP and man, I love Group Policy. But it just doesn't do what it's supposed to do for the actual applications on your machine. It does a great job for the stuff in the box, but it kind of falls apart for the actual applications on your machine. And that's what we are going to see.

Here you can see, I've got this password section, this passwords tab, and on the passwords tab, there are some security settings. I am using WinZip and you might not think of WinZip as a big security app but you can think of any application that you have as comparable. In other words, some applications have security, and how you're going to dictate that security to that application.

Here we've got WinZip just waiting to be configured. Unfortunately, and we could see here, we've got the cameras tab and we don't use cameras at our company, so maybe we'll make sure that the cameras tab is locked out. Let's go ahead and get started with this first directive and initiative.

The best part is that PolicyPak hooks rights into your Group Policy engine, so we are going to create a new GPO called "lock down WinZip" here. And I'll go ahead and edit this guy here. I'll just right click there, and here we go. You'll see that I've got the built-in policies, the built-in preferences and now PolicyPak.

PolicyPak applications is a new node that just will snap right into the GPMC; it comes part of what of you get. PolicyPak actually ships with 35 pre-configured applications that lots and lots of folks really want to get delivered. I know a lot of folks are using Acrobat Reader, which we are about to cover. Java, you want to make Java pop-ups go away. You've got Firefox; we are going to show how to configure Firefox in this little video, that's right. When I've shown some people that they can actually configure Firefox using Group Policy, their head is popped right off. So I'll show you that.

Let's go right to WinZip right here and I'll double click on that. Look at that, it looks exactly like the actual application we want to configure. If we kind of hustle over to passwords here, let's go ahead and bump up the minimum password length to 11, thus making this actual application more secure. Again, you can think of this as any application you have that needs increased security. I'll click on all these check boxes and that's cool. I am delivering a setting.

We are going to go one big step greater and we are going to actually lock the setting down so a user can't work around it. Let me go ahead for this middle check box here, this third check box here. And I am going to hide the corresponding setting in the target application. I am literally going to remove it so that it's not available for the user at all to screw up. I'll do the same thing for the last check, except I am going to disable the corresponding control in the target application, and what the heck, I'll do the same thing for minimum password length as well. I'll really crank that guy down and really make sure that user can't work around it.

Remember cameras; we don't want to use cameras at our company, so I'll right click and I'll disable the whole tab in the target application. So that's it. It's as simple as that.

We've got this preconfigured packs ready to rock; just go on to your new VDI session. You can log off or log back on. In this case, I am running GP update. That's going to get me the latest greatest group policy settings and let's go ahead and see what happens.

All right. Only took a second. So now what we do is we'll go ahead and run Winzip and let's check it out as this user. Now again, if the user is running as a standard user or as an admin user, we want to make sure that they are locked down. So let's go to options config, take a look at passwords and look at that. You can see right there that all four check boxes are checked. One of them is completely missing, which is what we said and one is grayed out. And that 11 guy or that minimum password length is jammed up to 11. That's pretty cool because now there is no way for user to work around our settings for the things that we set. And cameras, you can't click on cameras at all. What I want to show next is what happens if you go offline.

So if you've got a standard desktop or a standard laptop, or you are running one of those VDI sessions that you can take offline with you, what happens if the user works around your setting?

Well, if you just run GP update and you don't have the access to the domain controller, the GP update is just going to fall over and die. Now you just saw me uncheck those two checkboxes, but it turns out PolicyPak has a secret weapon.

And this again is all in the box in both the free version and the paid version. You can just run PP update and boom, it took zero seconds, and it will redeliver those settings just like that. I want to go to options config, head on over there, and boom.

Those checkboxes that were unchecked are now checked. So you can keep your corporate and IT settings delivered and maintained even when you are offline. Let's go through another example real quick here.

Let me show you another one that is like constantly in people's minds, which is the security of the actual applications like Acrobat Reader.

I am sure you got the same kind of memo I did, which is that this Java Script thing, this is enable Acrobat Java Script. If it's checked on, which is the default by the way, if some secretary double clicks a PDF that's infected, what's going to happen? They are going to blast infection to the rest of their team. You don't want that.

So what you are going to do is make 500 phone calls asking the secretaries or the other members of your world to uncheck the checkbox. No way. You are going to use the power Group Policy to deliver that setting and then also lock it down so users can't work around it.

That's what we are going to do right now. We are going to make your world more secure, just like that.

Let's go ahead. We'll go back over to the Group Policy editor. We'll right click, new, application, and we'll go ahead and we'll pick Acrobat Reader. Again you can see we've got a whole lot of application preconfigured packs ready to go. We are going to pick Acrobat Reader or Adobe Reader X.

We'll go over right to the Java Script guy, uncheck that enable Adobe Java Script, right click over it and disable that guy. We'll go ahead and click OK, locking and loading that directive right in the group policy land.

Again, the very next time a user runs GP update or logs off or logs back on, they magically get the settings. Let's run GP update and see what happens.

All right. Let's go head over to Adobe Reader, go right to edit preferences. Remember that check box was checked, and we don't want that. If we go look at that, we can see right there it's unchecked, and it's grayed out.

The best part is this stuff doesn't just work for your desktops and laptops, which you have a lot of them. It also works for those kinds of things we were just talking about - having iPads and tablets and actually, it also works for environments like this.

This environment, which is another PC here, is actually using Citrix terminal service dial stuff. If you just click on that and we've got Winzip, published. This is coming from my Citrix server. All I got to do is log on, run it, and the Citrix server would get the same signal that the desktop does to restrict that application, and lock it down exactly the way you expect.

So you can see, the application is starting up right here, and as soon as it's done, the application will be presented from that server over to the workstation. The best part is the workstation, or if it's a Thinbox or if it's a terminal or if it's a tablet or anything like that, as soon as that application is started, it's going to have the actual application locked down and ready to rock.

Alright. There is the Winzip started from our Citrix machine. If you go to options config, go over to passwords, boom, there it is. So you can see, this application doesn't actually live on our machine at all. It's actually installed over there on the terminal server.

PolicyPak can do the exact same thing for your virtualized application, so if you've got thin app from VMware, if you've got a Citrix streaming, or if you have Microsoft App V, we can deliver the settings inside your virtual applications and lock it down.

Summary

I think that's all we have time for today. I know I chewed your ear off. We got a lot of stuff in the website. I'd love to see you come to one of my hour long weekly webinars on PolicyPak and if you do, we'll hand over the bits and you can play with it yourself and see if it's right for you. We have a lot of folks who think it's great.

My friends at TrainSignal saw this and they fell over and said we have to show this to our friends. I am really glad they did. So thank you very much for having me here. Appreciate it.

In my previous article, I demonstrated how to create a local user account with Windows PowerShell. In today's article, I want to cover some basic management tasks that can be done with PowerShell.

Your Windows Infrastructure Will Want This Nifty Tool!

Wouldn't you love it if you could automatically discover and restart an FTP service before even 30 seconds of it being down?

OpManager through over 500 built-in monitors, event log rules, SNMP traps and remote troubleshooting tools, gives admins a tight grip over Windows server performance, including even MS Exchange, SQL and Active Directory.

Monitor 10 Servers for Free! Download a 30-day Trial Here »

Using ADSI

The first step is to use ADSI and get the local user account object.

PS C:\> [ADSI]$HelpDesk="WinNT://CHI-FP01/HelpDesk,User"

Remember, the WinNT moniker is case sensitive.

Changing Password

One task you are most likely to need is changing the local account password. If you pipe the ADSI object to Get-Member, you won't see any methods; you just have to know they are there, such as SetPassword(). This is the same method we called when we set up the account.

PS C:\> $HelpDesk.SetPassword("P@ssw0rd")

The change is immediate and there is no need to call SetInfo(). By the way, if you want to see how old a password is, you can look at the PasswordAge property.

PS C:\> $helpDesk.PasswordAge
1775

This is a value in seconds. So if you wanted to get the age in days all you need to do is divide it by 86400.

PS C:\> [ADSI]$Admin="WinNT://CHI-FP01/Administrator,user"
PS C:\> $admin.PasswordAge.value/86400
269.749664351852

Changing Group Membership

When I set up the HelpDesk local account, I added it to the Power Users group. Well, the account needs to belong to the local Administrators group so I need to fix group membership. First, I’ll remove the account from the Power Users group.

PS C:\> [ADSI]$power="WinNT://CHI-FP01/Power Users,group"
PS C:\> $power.Remove($HelpDesk.Path)

The change is immediate. Now I’ll get a reference to the local administrators group and add the Help Desk account.

PS C:\> [ADSI]$Admins="WinNT://CHI-FP01/Administrators,group"
PS C:\> $Admins.Add($HelpDesk.path)

I don’t think it can get any easier.

Disabling the Account

There may come a time when you need to disable the local account. This is part of the accounts’ userflags bitmask value, which requires some little bitwise operations. We’ll need to work with the value that indicates if an account is disabled.

PS C:\> $AccountDisable=0x0002

First, I’ll verify the account is currently enabled by performing a bitwise AND operation:

PS C:\> ($HelpDesk.UserFlags.Value -band $AccountDisable) -as [boolean]
False

I cast the result as a Boolean to make it easier to interpret the results. To disable the account, I’ll need to do a bitwise OR and assign the value to the userflags property.

PS C:\> $new=$HelpDesk.UserFlags.Value -bor $AccountDisable
PS C:\> $HelpDesk.put("userflags",$new)
PS C:\> $HelpDesk.SetInfo()

I can verify by refreshing my cached copy of the object and re-running my –band expression.

PS C:\> $helpdesk.refreshcache()
PS C:\> ($HelpDesk.UserFlags.Value -band $AccountDisable) -as [boolean]
True

To re-enable it almost uses the same steps, except you need to use a bitwise XOR operation.

PS C:\> $new=$HelpDesk.UserFlags.Value -bxor $AccountDisable
PS C:\> $HelpDesk.put("userflags",$new)
PS C:\> $HelpDesk.SetInfo()
PS C:\> $helpdesk.refreshcache()
PS C:\> ($HelpDesk.UserFlags.Value -band $AccountDisable) -as [boolean]
False

Deleting the Account

Finally, the day may come when you want to delete the account all together. Remember, the account is a child object of the computer so that’s where we need to do the deletion. First, get an ADSI object for the computer.

PS C:\> [ADSI]$server="WinNT://CHI-FP01"

Then call the Delete() method, specifying the type of object and its name.

PS C:\> $server.delete("user",$helpdesk.name.value)

The change is immediate and there is no need to call SetInfo().

Overview

Managing local user accounts obviously can also be done just as easily with the legacy NET commands, which you could easily incorporate into a PowerShell remoting command or session. If you have a larger PowerShell based task that involves local user accounts, using ADSI object is the right approach.

Whether you’re an IT pro, a normal home user, or a photographer, you have probably accidentally deleted an important file from a hard drive or memory card before.  Maybe you didn’t mean to delete it or maybe you did delete the file intentionally but changed your mind.  Maybe the storage device is beginning to corrupt and become unreliable. The result is always the same; panic.

In this post, we’re going to try and put your panic at ease. With Stellar Phoenix Windows Data Recovery, virtually any file can be recovered from a storage device, generally within just a few minutes.

Recover Lost Files With Windows Data Recovery Pro

Stellar Phoenix Windows Data Recovery will:

• Recover lost and formatted logical drives & partitions


• Recover accidentally deleted files


• Recover MS Outlook and Outlook Express files


• Fix boot Sector Corruption


• Works with FAT and NTFS file systems

Free Trial - Download Windows Data Recovery Pro

What Happens When a File is Deleted?

While the idea of dragging a file to the “Recycle Bin” seems pretty straightforward and certainly feels final, the reality is that the file doesn’t actually go anywhere.  When you delete a file, you are simply telling your computer that the file is no longer needed and your operating system simply acts as though the file isn’t there.  The deleted file will actually remain intact until the hard drive needs that space and overwrites it.

The bad news is that if you are really trying to get rid of a file, you’re going to need to do a little more than just move it to and emptying the recycle bin.  The good news is that if you accidentally deleted a file, you have a pretty good chance of recovering it.  Here’s how…

Real World Data Recovery Scenario

Even with the recent growth of cloud storage solutions, portable and external storage devices continue to be very convenient.  Additionally, multi-gig thumb drives are about as affordable as your weekly latte budget.  So to demonstrate how to use Data Recovery Pro, we've set up a sample scenario utilizing a simple 2GB USB thumb drive.

In our sample scenario, you have a 2GB thumb drive that contains several folders and documents, including a work folder which contains a folder with files from a recent convention in which you helped sell some product for your company.

Most important is an image of a graph showing some sales figures that you need to present to your boss tomorrow morning.

What you didn’t anticipate is that your daughter has recently used the drive to transfer her recent Word document, an essay she’s writing for an upcoming final.  Whether she meant to or not, she deleted all of your files in place of her own.

Although your studious child deleted the file, there is a very good chance that the image you need is still on this storage device and can easily be recovered. All you need is some help, and that's where Windows Data Recovery Pro comes in.

Recovering Files With Data Recovery Pro

Open Stellar Phoenix Windows Data Recovery Pro. We suggest that you have administration rights when using the program.

Here you’re presented with several options:

• Quick Recovery is, as the name suggests, the quickest form of data recovery.  In most cases this will be sufficient whether you are trying to recover an accidentally deleted file, or cases in which the storage device has some corruption issues.
• Deleted File Recoverywill specifically scan for recently deleted files.  It will perform a “quick” or “deep” scan.  In my experience, the quick scan is sufficient but the deep scan certainly recovers more files.
• Formatted/Lost File & Folder Recovery is a very comprehensive scan of the storage device. I have found that when the drive is in fact formatted, this is the best option (not surprisingly).
• Search Lost Volume is the deepest type of scan. It searches every sector on the drive and will try and piece together lost or deleted volumes on the drive.

For our example, we’re going to select the “quick” recovery.  For starters, this will scan the drive very quickly, so rather than waiting around for the deep scan, it’s worth waiting the few seconds to see if this quick scan can find your file and if it doesn't, you can then start using the deeper (and more time consuming) scans.

Start the scan.

You’ll notice that it hasn’t completely recovered the original folder structure.  A deeper scan would most likely recover all of the folders as they were last set up but this doesn’t mean it can’t recover our deleted files with the quick scan.  To check, we search for the file name.

Fortunately we knew the name of the file, and Data Recovery Pro found 2 versions of the file.  We can verify that this is the right file because a thumbnail is provided.  This is useful if you can’t remember the exact name too, that way you don’t have to waste time recovering files you don’t need.

Once we have found the file, we select the file we want and then click on “recover”. This prompts us with a few options.  A nice perk is the recover to FTP server, for today we don’t need this. Instead we simply recover the file to a new folder we created on our desktop. For simplicity, I named it “Recovery”.  Inside we find images, in-tact and there for our use.

Other features and Use Cases

Windows Data Recovery Pro will also:

• Recover deleted emails (PST and DBX files).
• Create disk images and clones
• Recover Data from OS drives that will no longer boot

Registration Warning

Windows Data Recovery Pro is not a free program, however you can run the scans before you are required to pay.  This means you can try it before you buy it. Simply download the program and run the scan. If you want to use Windows Data Recovery Pro to recover any files that it finds, then you can register for the product.

In this screen shot, you can see that the program scanned a hard drive and only prompts you to register for the product after you know it can recover the files you need.

Conclusion

And that’s it!  For this example, the entire process took less than 2 minutes.  We were working with a small (2gb) USB 2.0 thumb drive.  The larger the drive and the slower the interface, the longer the scan will take.  The software is not free and requires registration.

When studying IPv6, one of the main things that differs from IPv4 is the complexity of the IPv6 header compared with that of its predecessor’s header. The IPv6 header was designed to be less complex and easier to process than the IPV4 header, and with efficiency as one of the main design elements. This article takes a look at the contents of the IPv6 header and how they compare with the contents of the IPv4 header.

Get More Out of System Center Configuration Manager

Extend the power of System Center Configuration Manager (SCCM) with SolarWinds Patch Manager.

• Automate patching applications across tens of thousands of servers and workstations
• Perform enterprise-wide discovery and inventory quickly and identify rogue, unauthorized, and unpatched computers instantly
• Get visibility into patch compliance with an extensive collection of simple, built-in reports
• Leverage your existing WSUS and System Center Configuration Manager (SCCM) deployments

Download a FREE 30-Day Trial >>

IPv6 Header

Figure 1 below shows the contents of the main contents of the IPv4 header and will be used as a comparison to the IPv6 header elements.

Figure 1 - IPv4 Main Header

The main IPv6 header is shown in Figure 2 below:

Figure 2 - IPv6 Header

There are a number of unfamiliar fields within the IPv6 header but each of them replicates some of the functionality of the IPv4 header fields. Table 1 takes a look at each of these fields and what they are used for:

Summary

With the exhaustion of the IPv4 address space just a short time away, it is in the best interest of any current or future network engineers to become familiar with IPv6. This includes the different header fields and address types, as well as how the different routing protocols are configured compared with their IPv4 counterparts. Keep on the lookout for a number of different IPv6 based articles, which should be coming out shortly.

Resilient File System (ReFS) is a new file system introduced in Windows Server 2012. Initially, it is being targeted for implementation as a file system that is primarily used for file servers. However, starting as the file system for a file server is just the beginning. Like its predecessor, NTFS, ReFS will begin as a file server system, then become a mainstream file system. Before long, we will all be using ReFS on our boot partitions.

So why would you want to change file systems? If NTFS is working, why should anybody even consider switching to ReFS? ReFS is better and faster in many ways than NTFS, but in one way more than all others: its resiliency.

Resilient File System will likely replace NTFS completely within the next versions of Windows, and here are some reasons why you are going to really love the new file system.

4) ReFS Supports Long File Names and File Path. Really Long.

Capacity is just one of the ways that ReFS is making changes. There will no longer be a limitation of 255 characters for a long file name. A file name in ReFS can be up to 32,768 unicode characters long! The limitation on full path size has also been updated from 255 characters for the total path size to 32K (32,768).

The legacy 8.3 naming convention is no longer stored as part of the file data. There is only one file name, and it can be a very long name.

Other changes have increased the capacity as well, though it is unlikely that the maximum size of a single volume will impact a real person. NTFS already had a maximum volume size of 16 Exabytes. The ReFS format allows a maximum volume size of 262,144 Exabytes.

3) ReFS is Much Better at Handling Power Outages

NTFS stores all of its file information in metadata. The filename is stored in the metadata. The location on the hard disk is stored in the metadata. When you rename a file, you’re changing the metadata. Likewise, ReFS stores its file information in metadata.

One big difference in how NTFS and ReFS are different is in the way they update the metadata. NTFS performs like metadata updates, which means that the metadata is updated “in-place.” The metadata says your new folder is named “New Folder,” and then you rename it to “Downloaded Files.” When you make the change, the actual metadata itself is written over. When a power outage occurs at the time you’re updating a disk, the metadata can be partially or completely overwritten, causing data corruption (called a “torn write”). You may experience a BSOD when you try to restart, or you may find that your data is no longer accessible.

ReFS does not update the metadata in-place. Instead, it creates a new copy of the metadata, and only once the new copy of the metadata is intact and all the writes have taken place does the file update itself with the new metadata. There are further improvements to the way that ReFS handles writes to the metadata, but for the most part the other changes are performance improvements. This new way of updating metadata allows you to reliably and consistently recover from power outages without disk corruption.

“We perform significant testing where power is withdrawn from the system while the system is under extreme stress, and once the system is back up, all structures are examined for correctness. This testing is the ultimate measure of our success. We have achieved an unprecedented level of robustness in this test for Microsoft file systems. We believe this is industry-leading and fulfills our key design goals.”

- Surendra Verma, “Building the Next Generation File System for Windows 8”
Development Manager, Storage and File Systems
Microsoft

2) ReFS works with Storage Spaces to Better Detect and Repair Problems

Storage Spaces is a storage virtualization technology. Storage Spaces was not made to run exclusively with ReFS, but they do work great together. ReFS has improved functionality when used in conjunction with Storage Spaces. Likewise, some of the redundancy features that Storage Spaces offers are able to be leveraged because of the abilities of ReFS.

So ReFS can be used without Storage Spaces, and Storage Spaces can be used without ReFS, but when they are used together, both ReFS and Storage Spaces both work more effectively. Storage Spaces uses mirroring, spreading copies of data across multiple physical data drives. When Storage Spaces finds a problem with even one piece of corrupt data on a drive, the corrupt data will be removed from the drive, and will be replaced with a known good copy of the data from another one of the physical drives.

ReFS uses checksums on the metadata to ensure that the data has not been corrupted. When Storage Spaces finds mismatched data between two or more copies of the same file, it can rely on the built-in metadata checksums that are a feature of ReFS. Once the checksums are validated, the correct data is copied back to the other physical drives, and the corrupted data is removed.

Occasionally, an ReFS drive controlled by Storage Spaces will undergo routine maintenance called “scrubbing.” Scrubbing is a task that runs on each file in a Storage Space. Checksums are verified, and if there are any checksums that are found to be invalid, the corrupted data is replaced with known good data from a physical drive that has a valid checksum. Scrubbing is on by default, but can be customized and configured even on individual files.

1) ReFS Volumes can Stay Live even if they have Irreparable Corruption

With NTFS, even a small amount of data corruption can cause big problems. With ReFS you are much less likely to have problems. In a case where a system is not using Storage Spaces and mirroring, or if for some strange reason one part of the data across the whole mirror is corrupt, only the corrupt parts will be removed from the volume, and the volume itself will stay active, thanks to “salvage.”

Salvage can remove even a single file that is corrupt. Once the corrupt data is removed, the volume is brought back. This turns what is usually a server that is brought offline for time consuming disk checking utilities to find and repair the entries, to a volume which is repaired except for the corrupt data files and brought back online in under one second.

Conclusion

Just like NTFS, ReFS brings with it some major improvements which will become a normal part of our industry for the likely future. Specifically, ReFS brings improvements in the way that metadata is updated, and by using checksums to ensure that corrupt data is easily found and repaired.

ReFS is the most robust file system from Microsoft to date, with reliability built in to make the most of our time and reduce the total cost of ownership on Windows Servers.