Wednesday, June 18, 2008 Appliances Part II Appliances

Last week I started blogging about an interesting new Microsoft partner I met on an Unified Communications seminar in the Netherlands. In a couple of episodes I’m going to share some of the interesting things these guys are doing.
Their main focus is building Information Worker (IW) based Appliances. Currently they produce both a Search and an OCS Appliance. I didn’t thought it was possible but I (they) will show that it is. In this episode I have an interview with Paul-Christiaan Diks who is responsible for the overall architecture and specialized in the unattended deployment and configuration of OCS.

Be aware that this is the second episode, so please read the first also to start on the right track.

How do you prepare the virtual machines before they can be started and what happens during this period in time?

Appliance Overview v0 2

We have chosen to use just one virtual machine template, a base installation of the OS. With this template we have the advantage that we are flexible in what kind of software we want to install on the OS. The disadvantage of this is that it takes a little bit more time to complete the installation of each virtual machine. We use Windows Workflow as our over-all process manager, so one of the actions is mounting the virtual disk on to the host OS. It then copies the relevant software like the specific customer configuration file (see last episode for more info on the customer configuration file) and the installation scripts. Also the sysprep.inf is modified with specific information like IP-addresses. After all this preparation, the virtual machine is started and the so called mini-setup (setup of a sysprep-ed machine) starts. Each virtual machine (we have 4 different virtual machines for the OCS appliance) is predefined and has the OCS or SCE CD and the Windows Server 2003 CD available to it.

What kind of technologies do you use for the installation and configuration of OCS?

After completing the previous step, we end up with virtual machines that have their own specific scripts on board. The technology we use for the scripts is Windows PowerShell and they automatically start running when the OS is started. We use one “main script” to kick of specific processes like installing OCS or configuring Active Directory. This “main script” also reports status information back to the customer user interface.

Is it possible to configure OCS with PowerShell?

Yes it is, that’s done by using WMI. WMI itself is great, although we had a learning curve to go through. For example, passing strings or numeric value´s as data types is something you have to be very precise in – during development we had some issues with this subject… Furthermore, we used the Powershell scripts from the OCS resource kit. These contain very useful examples and it saved us a lot of research time. The guys from the development teams did a great job in assembling this kit. For example, there is a script for configuring a “default route” in OCS. That is an example of something we were able to use without much editing. Great.

How did you work with software that could not be provisioned via WMI or Windows PowerShell?

In some rare cases we had to use a “click simulation”. But because we completely standardized our hardware and software platform, we can use these technologies without having to deal with the ordinary problems like ‘where is my button?’. It is interesting though to see that some Microsoft product adhere completely to our preferred method of interfacing and others, like SCE, seem to be build by a complete other company. With SCE, WMI is for most configuration aspects completely absent.

What kind of OCS edition do you install on the appliance?

By default we install the Standard edition of OCS on the appliance. This edition provides access to a maximum of 5000 users, without having to build a topology. We have not stress tested our appliance for these kinds of numbers but for now we are very confident to support up to a 1000 users. And for StartReady this is currently enough because we focus on the (upper) midmarket. And the beauty of virtualization is that we can scale out very easily and create a more enterprise focused appliance, when the opportunity comes along.

Can you describe some technical difficulties you experienced during development?

One of the first problems we encountered was the process of setting the virtual disk online. We need this to inject our specific files and information before the virtual machine is started. This is done by the .NET framework and a standard Microsoft tool, diskpart.exe. The strange thing was that it sometimes worked and sometimes didn’t. It seemed to be completely random, so it took a while to solve this problem. After a while we found that diskpart requires an Interactive Session, which we sometimes used for debugging and therefore caused the unstable behavior. We now always use this Interactive Session while starting the machine. So by default our administrative account is logged on to the appliance. We disable the attached keyboard and mouse, to extra secure the appliance. We need this workaround just to get diskpart.exe working, but we still do think there’s a better solution, so if anyone has a suggestion please let us know.

Another problem was the configuration of the internal and external IP addresses needed for the edge server. The edge needs to work with multiple virtual network cards. Addressing those cards correctly was the challenge. Because the server is patched before installation, mixing this up results in a non-working appliance. Of course, we wanted this process to be fully automatic and that wasn’t easy. I will spare you the details but we solved this challenge as follows: in the configuration of the virtual machine template we give the external and internal network adapters specific, preconfigured MAC-addresses. During the installation we can check whether this MAC-address is the correct one (internal/external) and take action if necessary. If you do not check this, you will randomly address your network adapters and that’s not a good thing.

I know from experience that every customers has a unique IT-environment. How is it possible that you can integrate you appliance in all these different environments?

Well, up front we have three simple prerequisites. The customer has to have an active directory installed, DHCP has to be configured and we need an internet connection. During the installation and configuration process we use several checks to adjust to the customers IT-environment. For example, we check if the customer has a Certificate Store installed. If not, we introduce one. Another check is done on the Active Directory. We look for the version that is used (Windows Server 2003 of 2008) and on what functional level they are on. If this level has the wrong value, we adjust it. So, we have to take all the customer variables into account and be prepared to fix this during the automatic deployment. Without exaggeration, we work with up to a dozen of those checks to tackle the most common infrastructure diversities.

Paul-Christiaan, thanks for your time and the elaborate answers you gave.

In the next episode I will have an interview with Erik Post and Arjan Hendriks who respectively are responsible for remote management and virtualization.

For more information check out their website on

No comments: