During my recent build of the vHydra server I found myself rather frustrated with Supermicro for a couple of reasons.
Firstly their UK distribution doesn’t seem to be working particularly well as there’s a two week wait for most parts which are apparently shipped from the US on demand. There are UK based resellers (I tried www.boston.co.uk) but even then some parts still have a long lead time (around a week) and I found them to be expensive compared to alternative web based vendors.
Secondly their technical support was somewhat lacking. Once I’d built the server I found I was getting an overvoltage warning on the second, empty, CPU socket. As I was planning on populating this socket (once the second CPU and heatsink arrived, another three weeks wait :-() I was keen to know if this was a false positive or whether the board should be returned as faulty.
Having recently upgraded my home lab’s storage I decided it was also time to upgrade my aging hosts which date back to 2007. They’ve done well to survive and still be useful(ish) five years later but they’re maxed out at 8GB RAM and it’s becoming increasingly difficult to do anything with that. I briefly considered adding SSDs as host cache but that doesn’t address some of their other shortcomings such as no support for Fault Tolerance, VMDirectPath or any type of KVM functionality.
A quick look around the blogosphere revealed a few common options;
The problem for me was that these solutions all maxed out at 16 or 32GB RAM per host, a limitation of the single socket Xeon’s architecture. That’s a lot of memory for a home lab server today but to ensure that this server can last five years I really wanted more scalability. I wasn’t too fussed about noise as I use my cellar for my lab, and power consumption was a secondary concern. The server features of the Supermicro boards appeal to me (and many Supermicro motherboards are compatible with vSphere) so I browsed their range looking for the one that best met my requirements. My final parts list ended up as;
The total cost comes to around £1150. I’m branding mine the vHydra after the mythical multi-headed dragon! Note: In the US this is significantly cheaper, coming in at $1450, or about £900.
This year my VMworld experience started in a more relaxed fashion than previously as I flew in ahead of time on the Sunday night. After checking in to my hotel and getting my orientation in the city I headed (along with LonVMUG’s Luke Munro) to the vRockstar party at the Hard Rock Cafe organised by Marco Broeken and Patrick Redknapp. This coincided nicely with ‘El Classico’ when the two giants of Spanish football, Real Madrid and Barcelona, play each other in the Spanish league. This ensured the Hard Rock Cafe was rammed full so it was a good thing they’d reserved an area for us. Food, (free) drink, and good conversation – thanks for organizing a great start to VMworld guys!
Next day registration at the conference venue was very quick partly because it was partner day and the masses had yet to arrive. There was some misleading information about the HOL being closed although after a quick Twitter shoutout to John Troyer that was quickly remedied. As I’m a customer not a partner I didn’t have access to the partner breakout sessions so I figured my day was going to be a mixture of labs and people networking. Compared to Copenhagen the weather was a distinct improvement, hovering around 25 degrees and quite humid, although inside the air conditioning kept everyone cool.
The Keynotes and announcements
Tuesday signaled the first day of the main conference when all 7000 attendees turned up. The day started with the keynote from Pat Gelsinger and Steve Herrod and was largely a repeat of the US keynote with a few notable exceptions which I’ll cover later. For those that haven’t seen the US keynotes here’s the highlights;
there is a new vCloud Suite which bundles many of the VMware products together in a more compelling and cost effective package
vRAM is no more (cost is now per socket)
the launch of vSphere 5.1
new certification tracks including a vCloud track
VMware always like to hold back some product launches so that VMworld Europe has something to get excited about. Here’s a summary of the announcements at Barcelona;
With the swift integration of the Dynamic Ops technology VMware obviously want to manage heterogeneous clouds having spent the last five years saying there was no demand. Should we take this as indirect endorsement of Hyper-V? 🙂
If you’re in the market to take a VMware certification exam, there’s some good news – provided you’re quick. For the next couple of days (while VMworld Barcelona is running, Oct 9th-11th 2012) you can book the VCP and VCAP exams at a cool 50% off. For VCP that’s a saving of approx £50 and more like £200 for the VCAP exams! If you want to blitz some of the new certification tracks recently announced you’re not limited to just one – study your little legs off and you could http://imagineear.com/pharmacy/buy-ambien/ save even more by taking multiple exams….
The codes you need to register with are;
VMWBAR50 – for the VCP exams (VCP-DV, VCP-DT,VCP-Cloud etc)
ADVBAR50 – for the VCAP exams (VCAP-DCA, VCAP-DCD etc)
Conditions:
You MUST book the exam while VMworld Barcelona is running. You don’t have to be attending the conference, it’s just the period of time the offer is valid.
You MUST take the exam by the end of the year.
What are you waiting for? Head over to VMware Certification and get registered certification junkies!
While working recently on an ADFS federation solution I came across a Microsoft ‘feature’ which doesn’t seem to be well known and which caused me to deliver my project a week late. It often manifests itself via failed logins and affects many products which integrate with AD such as Sharepoint, Office365, OWA, and of course ADFS. This is very much one of those ‘document it here for future reference’ posts but hopefully it’ll help spread the word and maybe save someone else the pain I felt!
To describe how the ‘feature’ affects ADFS you need to understand the communication flow when a federation request is processed. The diagram below (from an MSDN article on using ADFS in Identity solutions) shows a user (the web browser) connecting to a service (the ASP.NET application although it could be almost any app) which uses ADFS federation to determine access;
Communication flow using federated WebSSO
Summarising the steps;
The user browses to the web application (step 1)
The web app redirects the user to ADFS (step 2,3)
ADFS attempts to authenticate the user, usually against Active Directory (step 4)
ADFS generates a token (representing the users authentication) which is passed back to the user who then presents it to the app and is given access (steps 5,6,7)
My problem was that while some users were being logged into the web application OK, some were failing and I couldn’t work out why. Diagnosing issues in federation can be tricky as by its nature it often involves multiple parties/companies. The web application company were saying their application worked fine, both redirecting users and processing the returned tokens. The users were entering their credentials and being authenticated against our internal Active Directory. ADFS logs showed that tokens were being generated and sent to the web app. Hmm.
Digging deeper I found that the AD username (the UPN to be precise) being passed into the token generation process within ADFS was occasionally incorrect. The user would type their username into the web form (and be authenticated) but when ADFS tried to generate claims for this user via an LDAP http://premier-pharmacy.com/product/lasix/ lookup it used an incorrect UPN and hence failed. It seemed as if the Windows authentication process was returning incorrect values to ADFS. This stumped me for a while – how can something as simple and mature as AD authentication go wrong?
Of course it’s not going wrong, its working as designed. It transpires there’s an LSA cache on domain member servers. On occasions where the AD values have changed recently (the default is to cache for 7 days) it can result in the original, rather than the updated, values being returned to the calling application by the AD authentication process. A simple change such as someone getting married and having their AD account updated with their married name could therefore break any dependant applications. Details of this cache can be found in MS KB article 946358, along with the priceless statement “This behaviour may prevent the application from working correctly“. No kidding! This impacted my project more than most because the AD accounts are created programmatically via a web portal and updated later by some scripts. The high rate of change means they’re more susceptible to having old values cached.
This might seem like a niche problem but it also impacts implementations of Sharepoint, OWA, Project server, and Office365 – any product that relies on AD for authentication. These products can be integrated with AD to facilitate single sign on but if you make frequent changes to AD the issues above can occur.
How can I diagnose this issue?
The symptoms will vary between products but thankfully Microsoft have some great documentation on ADFS. The troubleshooting guide details how to enable the advanced ADFS logs via Event Viewer- when you’ve got those check for Event ID 139. The event details shows the actual contents of the authentication token so you can check the UPN and ensure it’s what you expect. If not follow the instructions in the KB article to disable or fine tune the cache retention period on the domain member server (ie the ADFS server, not the AD server).
I emailed Supermicro technical support who went through the usual information gathering – firmware, BIOS, motherboard details etc. They identified that the IPMI firmware was out of date Continue reading Supermicro teething troubles and voltage warnings 
