The Desktop as a Donut (or How to Explain Virtualization to Others)

This beauty hails from a donut shop called Voodoo Doughnut in Portland, OR. Somewhere in here is a lesson in virtualization. I promise. :-)

Just got back from a trip to Portland where I got to share with our regional office there the concepts of application virtualization and application streaming. It’s not very easy to communicate these ideas to folks who have never heard of or experienced it before. 

Right before the show started, there was this box of donuts that had this gem, and I was so in awe of it that I had to take a picture. I wish I had kept it as part of my presentation, but the gent who held it ate it already. I don’t blame him. It looks delicious. Apparently there’s a donut from this same shop that’s basically a maple bar with two strips of bacon on top. 

How can you NOT like this??? 

I digress. In short, I used the donut as an analogy for how traditional desktops are built today: with the OS (donut), Apps (glaze) and Data (Fruit Loops) stuck together. With virtualization, layers of abstraction are created between the donut, the glaze and the fruit loops, so it makes it easier to swap either of the three without affecting the others. 

So in the event you ever have to explain to your boss or to others how virtualization works, just think of the desktop as a donut. :-)

6 notes

Posted at 11:06pm
Tagged virtualization


Intel Buys McAfee for $7.6B: Why I’m Cautiously Pessimistic

Just read the news about Intel buying McAfee for $7.6B. John Chambers of Cisco is always cautiously optimistic about how events will unfold. Here are three reasons why I’m cautiously pessimistic about the Intel/McAfee deal.

Intel buying McAfee smells like a (hypervisor) monopoly. Intel and Citrix were working on creating a client hypervisor ecosystem, of which McAfee was developing a hypervisor security “appliance”. Creating an ecosystem is a fantastic idea, Intel. Ecosystems create innovation through competition. So why did you just buy a vendor in that space, and close off everyone else? Bad Microsoft Intel, bad!

Security software is notoriously CPU intensive, so why buy the hand that feeds you? Weekly virus scans. Hard drive encryption. All of these tank the user experience, which is why we buy faster, more powerful processors. So why did Intel buy McAfee? Maybe to make their software even more notoriously CPU intensive?

Security can’t be commoditized. This is a contentious position, but I’m open for debate. Security is a never-ending 2-fold proposition. The external threats are dynamic and ever changing. And the quality required for security vendors to respond to those threats is a signifcant undertaking (see McAfee’s DAT file causing XPSP3 reboots debacle). You can’t just burn behavioral heuristics into a chip. Does that mean we’ll have to flash a BIOS or EEPROM everytime there’s an update to McAfee? That doesn’t scale.

While I’m bearish on the deal, it can’t be all bad. One thing I’m looking forward to?

Offload Encryption into a chip (aka bring back Danbury, Intel!). AES-256 is a standard. Intel, why not get back to building encryption into a chip? But please, don’t use Safeboot to manage it. Ugh…

Hardware vendors getting into the software game is an interesting precedent. I’m curious to see how other vendors in the space react. If I ever get commenting to work on this thing, I’d be curious what your thoughts were.

7 notes

Posted at 9:21am
Tagged Intel Microsoft McAfee Encryption


Using Altiris to Report on BitLocker Status on Windows 7 x86 Clients

Most every systems management tool grabs the basic data points (e.g. Add Remove Programs data, Serial Number, IP address, Primary User, etc.) from your Windows client environment. But the real value is the extension of this functionality, and the capture of custom data points from your environment.

I recently had the requirement to capture (and report on) BitLocker status in my environment. After a lot of testing (read: banging my head on the table), I was able to craft the following Altiris custom inventory snippet that will return the BitLocker WMI ProtectionStatus value of a Windows 7 32-bit client to the Altiris Notification Server.

 <%foreach wmiobject=”o” namespace=”ROOT\CIMV2\Security\MicrosoftVolumeEncryption” wql=”sync:SELECT * FROM Win32_EncryptableVolume”%>
 <z:row c0=”BitLocker Status” c1=”wmi” c2=”wmi:o.ProtectionStatus” />

Fyi, this doesn’t work on 64-bit Windows 7 clients. I’m not sure why. But in the meantime, you should now have the ability to report on how well you’re covered from a BitLocker perspective. Enjoy!


Why (Endpoint) Virtualization Matters in Healthcare

The Healthcare bill is probably 10x this size. Once the lawyers get done reading through the legalese, will your organization be ready to adapt and implement the changes?

Everyone who works in Healthcare IT knows the pain of regulation and audits. The regular visits from the HIPAA folks and the Office of the Inspector General (OIG), while a necessary evil, are never fun. Depending on the maturity of the organization, every reaction to their visit can be a mild inconvenience, to very painful. Everything from generating reports, or extracting data from your systems (e.g. How many people are on the latest patch? What’s your remediation plan for the exceptions?)… even something as simple as provisioning laptops for the auditors to use while they’re auditing you can be a hassle.

And if we think regulation is painful today, what happens when someone finally gets around to reading through the recently passed Healthcare bill, and how it will apply to your organization?

Organizational agility. This is why virtualization matters in Healthcare. Virtualization allows you to quickly move the pieces around (data, applications, operating systems and hardware) so you can quickly adapt your organization to whatever regulation or piece of legislation comes down next. How?

Need to quickly provision desktops to your auditors? Set up a few Wyse terminals or heck, just have them log into their virtual desktops from their own company PCs via Citrix or VMWare.

A new federal mandate says all user data needs to be sucked into the data center? Use a virtual profile/data management product like RTO Software and intelligently where ePHI could potentially sit.

The bird flu pandemic hits, and we need to keep workers at home. How do we keep them productive? You guessed it. VDI, or some iteration of it.

Healthcare today is where the financial industry was maybe 10 years ago. More regulation is coming, not less. If you think it’s painful now, wait until someone actually parses through the Healthcare bill and figures out what your org needs to do to maintain compliance. 

Start looking at endpoint virtualization solutions folks. Speed up your ability to adapt. The less your healthcare organization has to worry about meeting compliance, the more it can worry about doing what it was built for: helping patients lead a better life. 


3 (Application Virtualization) Vendors and a (Office 2007) Baby

Ed: The bearer of the Tom Selleck Moustache is not necessarily the winner in this bakeoff.

Windows 7 is the perfect opportunity to introduce application virtualization into your company’s desktop computing experience. With Office 2010 just around the corner (and because you’re doing the right thing and not releasing Office 2010 until SP1), it’s even more prudent to virtualize the Office 2007 suite as part of the Windows 7 build process so you can seamlessly transition to the next rev without much of an impact.

But which application virtualization solution is the easiest to use? Which technology allows you to virtualize Office 2007 without significantly affecting Windows logon times, application launch times and any integration with the shell (does right click -> send to work)? 

Tons of questions. Not a lot of answers in one place. So here’s my attempt at solving my own problem, aggregating the data, and hopefully give you insight on what may work best in your environment.

Over the next few days, I’ll be documenting my attempts at virtualizing Office 2007 using Symantec’s Workspace Virtualization, VMWare’s ThinApp and Microsoft’s App-V. I’ll be comparing the solutions based on ease of use, performance, compatibility with shell operations and integration with other applications.

In short, does this stuff actually work as advertised, or not?

First up will be Symantec’s SWV product. Let’s see how this all plays out. :-)


Top 3 Reasons Why Industry Conferences Are Better Than Training

Ever had a hard time convincing your boss to send you to your industry conference of choice, beit Symantec Vision, MMS, Citrix Synergy, VMWorld or BriForum? Ever sat in a 5 day training session your boss sent you to, only to find out you knew more than the instructor, that the instructor had no real world experience, and that you were just wasting your time and money?

Here are my top three reasons that I’ve used to educate the powers that be that industry conferences are better than training. I hope you find them useful.

  1. You get taught by the experts. And not just any experts, the folks who write or manage the software you use to make a living. Where else can you complain about a bug, or suggest a feature, and have that bug fix actually go into the product? Maybe even that day?
  2. You learn a ton from your peers. I truly believe you learn just as much, if not more, from your peers at industry conferences than you do from the sessions. A 5 day training session gives you a limited pool of people to learn from. A 5 day industry conference? You’re only constrained by your hustle.
  3. Breadth of knowledge. Most industry conferences have various tracks and sessions available. You can deep dive in a particular topic. Or you can play generalist and learn about the peripheral solutions to what you use today. It’s up to you. You make the call. 

Not to say that I’m totally against going to a 5-day training course. They do have their value (e.g. immediate need, the conference has already passed, etc.), but if you have a choice, head over to the industry conference. You won’t regret it.

2 notes

Posted at 12:01pm
Tagged Training Conferences Managing up


This is Brian Madden of fame at Symantec Vision. I saw the master at work filming in front of the Symantec SWV booth and had to say hello.

If you’re a desktop guy, and you’re not reading his stuff, you should be.

(And my apologies to Brian for having to stare at my USC iPhone case while taking this picture. Even though you’re a Buckeye, I hope we can still be friends. :-) )

Posted at 6:02am


Hoping to see Virtualization in Symantec’s Vision

Like Brian Madden, I’m also headed to Symantec Vision this week on a quest to find out what Symantec is doing from an app/os/personality virtualization perspective.

Because really, the better they do in that space, the easier my life gets as a consumer of their products. Here’s why.

I’ve been an avid Altiris user since 2001, all the way back to the 5.5 days. While I’m a fan, I’m not a fanboy. There’s still a ton of stuff that could be better about the product (No NS Windows 7 support at RTM of Windows 7? Just DS? Really?). And now that Symantec has acquired Altiris, I’m terribly worried that Symantec is going to focus less on systems management, and more on code-bloating their proven cash cows of Veritas/NetBackup and Symantec Endpoint Protection.

While that makes sense in the near term, I’m afraid they’ll end up missing out on the long term value that will virtualization provide.

At the very least, I’m hoping to hear more about what they’ll do to replace RTO Software’s killer Profile Management product. Symantec were so close with that partnership. Now they’re just back to streaming and app virtualization, which while cool, is just one slice of the big virtualization pie.

Driving into Las Vegas this evening. More updates tomorrow.


Posted at 9:49am
Tagged Symantec Virtualization Systems Management


How to disable IPv6 on Windows 7

Your networking admins bugged out about ipv6 tunnels on Windows 7? Don’t fret. 

You can manually disable ipv6 reading KB929852, or you can just run the following command line: 

reg add HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents /t REG_DWORD /d 4294967295

Fyi, I inserted this as a Run a Command Line Task Sequence in my MDT 2010 install for building up Windows 7. More on that later. 

Tadaa! Now you can stay friends with your network admin. :-)

1 note

Posted at 1:13pm
Tagged Windows 7 IPv6 MDT 2010


MIT Sloan Sales Competition Round 1

I didn’t make it past round 1. I had it in my mind that I only had 5 minutes to pitch and close, hence the “rush”, but I think my judge, Gene Russell, would have been more lenient on that. 

He gave me some great feedback though:

Feedback: Gene Russell

A good call overall. Wil felt rushed and got faster and more nervous as the call went on. Therefore, I dinged him 2 and 3 in particular. Asking the right questions and clarifying requires an even pace and careful listening. This impacted the final score of good. Great detail, and knowledge, pretty good responses to my interruptions and questions, but way to fast. I think he would get an appointment in a real world environment.

Thanks to Gene for the fun conversation and to the staff at the MIT Sloan Sales Competition for organizing a great event.

And to my fellow Trojans that are moving on to the 2nd round in Boston, Fight On!!!


Posted at 6:37am
Tagged Sales