Lessons Learned for Windows EC2 Reserved Instances on AWS

March 2017 rolls around and AWS releases awesome new flexibility with reserved instances (RI). You can now split and merge RI’s as well as be automatically be pro-rated on-demand instance costs if you own a lesser RI. I also watch YouTube videos that also explain how this new flexibility works and how great it is. But in the excitement of it all I don’t realize that this new flexibility only applies to regional Linux/UNIX RIs with shared tenancy within the same instance class.

Here’s a case example:
You run an e-Commerce site that runs an m4.large instance. On January 1st 2017 you reserved a m4.large instance for one year. Come December 1st, traffic is expected to double for the Christmas season, so you scale up your instance to a m4.x-large instance type until January 1st.

If Running Linux:
Your annual savings is 38% over on-demand if you were to use m4.large during the entire 2017 year. However jumping up to m4.x-large will increase your bill by about what a m4.large instance would cost on-demand for the month of December 2017. This pro-rated charge is done automatically. There are a couple Linux OS exceptions and hourly Software charges are not calculated in this example.

If Running Windows:
Your annual savings is 20% over on-demand if you were to use m4.large during the entire 2017 year. However jumping up to a m4.x-large will increase your bill by about what a m4.x-large instance would cost on-demand for the month of December 2017. Essentially your savings now are negative due to the fact that your instance is not pro-rated with your RI. This is due to the fact that you are still paying for your reserved instance of m4.large, but it’s not being used. Then on top of that you’re paying for a m4.x-large. As an example, one year of a reserved m4.large costs $1349.04, a savings of $332.88. One month of m4.large not being used costs on average $140.16. This brings your 20% savings down to around 9%. Hourly Software charges are not calculated in this example.

Summary:
When running Linux you have fairly minimal risk involved when getting a reserved instance. However your risk goes up quite a bit reserving a Windows instance. There are a number of options to mitigate that risk level down. One option is to get a convertible RI. This allows you to exchange OS,  family or tenancy. But keep in mind your big picture. For you this may only be good if you think you’ll need to move from a t2 to a m4 family. Another option is you can sell your unwanted RI on the marketplace at a reduced price. When looking at this option, consider how much savings equates to dollars and how much time you’ll need to calculate the risk, estimated savings reduction and time spent selling when selling an RI. Of course different instance types have different savings levels. In the end, it comes down to either a statistician to calculate risk vs. benefit or theories and experience.

In conclusion, I likely wouldn’t bat an eye getting either a standard or convertible RI for Linux if I largely suspected the RI would be needed for at least a year. But I would likely keep a Windows instance on-demand if there was any chance for instability unless I had enough on-demand instances to off-set the risk if one instance no longer matches an RI for a time period.

Advertisements

#aws, #ec2, #instance, #linux, #reserved, #windows

Global Ransomware Outbreak Prevention

A new ransomware, using the same attack as WannaCry, is hitting the world hard today on Windows PC’s. Here’s some steps to prevent this from happening to you:
1. Don’t click on links inside emails that you aren’t 100% positive you know what they do.
2. Backup your important files so something disconnect from your computer like the cloud or USB drive you remove. crashplan.com is a great service to have.
3. Install Windows updates – this prevents this specific attack from taking hold
6. Have an antivirus program running. A free one is avast.com – been using it for many years.
5. If you’re still on XP/Vista/Windows 7/Windows 8 etc. now’s a good time to get upgraded to Windows 10

#ransomware, #windows

Resolving VMWare Converter File I/O Error

Here at CF Webtools we’ve been shifting towards Virtual Machines to replace our dedicated “iron” as Mark Kruger likes to say. Let me say for starters that I’m very impressed with the Dell PowerEdge VRTX Shared Infrastructure Platform. There is so much back-end power in that thing we’ve been able to move our entire set of staging platforms onto one M620 Server Node along with a RAID 6 shared PERC disk array. It handles it like a champ and each virtual server is extremely fast. After about a year of testing and no real issues we’ve been able to move some of our production servers onto another server node. We’re looking forward to adding a couple more server nodes as well. Each node runs VMware ESXi HyperVisor 6.0 via RAID 1 SD cards.

In addition we’re also migrating some workstation VM’s away from Hyper-V and onto a separate Dell Server that we’ve reclaimed.

vcenterconverter61But here’s the real reason I’m writing today:

FAILED: A file I/O error occurred while accessing ”.

I get this error when using “WMware vcenter Converter Standalone 6.0.0” to convert any powered-on Windows machines onto one of the ESXi instances. I don’t get this issue when converting power-on Linux machines. Very odd and Google results of forums haven’t been very helpful. Mostly just a lot of run chkdsk and check for fully qualified domain resolutions.

I’m not going to cover Linux conversions here since they work. But basically what a powered-on Windows conversion does is it installs a helper VM on the machine to be converted. It’s run as a service and you have the option to manually uninstall when finished or let it automatically uninstall.

Something, probably this helper service, then takes a snapshot of the source system. Then the helper VM does a block-level clone for each volume it finds.

Mine always failed after the snapshot and before the clone.

What I did was used the “Export logs…” link in the converter. The line I found interesting, reading the file vmware-converter-server-1.log, was:

error vmware-converter-server[01288] [Originator@6876 sub=Ufa.HTTPService] Failed to read request; stream: <io_obj p:0x03dc40ac, h:-1, <pipe ‘\\.\pipe\vmware-converter-server-soap’>, <pipe ‘\\.\pipe\vmware-converter-server-soap’>>, error: class Vmacore::TimeoutException(Operation timed out)

After some Google searching it dawned on me that I am using two IP subnets. One for the general network and one for management. My machine runs 10.0.0.* (general) and 10.1.1.* (management) subnets. The source system has 10.0.0.* assigned to it while the destination ESXi server has 10.1.1.* assigned to it.

Because my system can communicate with both networks, everything could communicate just fine with both the source and destination machines.

However once things get rolling, the process moves from my machine to communicating between the source and destination. My machine merely monitors the progress. Which makes sense. Keep out the middle man and you have efficient network data transfer.

So the fix here was to bind a temporary management subnet address (10.1.1.*) to the source machine’s NIC. Now the helper VM is able to communicate with the destination server over that management subnet. Continue reading

#convert, #esxi, #file-io-error, #vmware, #windows

Avoid Windows Server Data Storage Copy Pitfalls Using a Subfolder

Our normal web server consists of a OS and Program File drive (C:) and a data drive to hold website files (E:). This provides an extra layer of security, speed and helpful structure. Sometimes we will also add another data drive (F:) for clients with really large storage needs. For example all user uploaded photos goes onto a 2TB drive array.

So let’s say you have user upload photos dedicated to one drive. You may want to just place the data onto the root of the drive. Simple right?

Well here’s what you may run into: When migrating/copying that drive to a new drive/machine using Robocopy you’ll find a few issues: (robocopy \\OLD-SERVER\UserPhotos F:\Data\UserPhotos /e /copy:DT /MT:8)

  1. If you’re putting the data into a subfolder this time, that root subfolder will become a system-hidden folder. The reason is you are copying the root of a drive. Pretty annoying.
    1. You can fix this by running this after the copy starts: “attrib -H -S F:\Data”
  2. It will try copy “System Volume Information” and “Recycle Bin”. But you’ll find out that your process will just get stuck because it doesn’t have permissions to do so.
    1. You can fix this by not copying any system or hidden files/folders:
      “robocopy \\OLD-SERVER\UserPhotos F:\Data\UserPhotos /e /copy:DT /MT:8 /xd $Recycle.bin “System Volume Information”” FYI: I tried using “/xa:HS” instead of the /xd, but that didn’t work as expected.
    2. If you’ve already gone 8 hours into your copy operation just to find this out, speed things up by syncing things instead using: “robocopy \\OLD-SERVER\UserPhotos F:\Data\UserPhotos /mir /copy:DT /MT:8 /xd $Recycle.bin “System Volume Information” /xo /fft”

So my point is, don’t put your data folder/file structure in the drive root. It’ll get mixed up with hidden-system files and folders and one day throw you for a loop. Instead put that all in a subfolder such as “F:\data”. Another example might be “E:\websites”.

Side-note: There are other copy methods to avoid this situation, however Robocopy is going to be one of your fastest options.

#folder, #server, #windows

Manual Windows 2008 Registry Restore

After a Windows Update the lovely “Blue Screen of Death” appeared on one of our servers. Frantic to find a solution, “Boot to the last known working configuration” wasn’t working. A system restore was a last resort option.

Here’s what the error consisted of:

STOP: c0000218 {Registry File Failure}
The registry cannot load the hive (file):
\Systemroot\System32\Config\SOFTWARE
or its log or alternate.
It is corrupt, absent, or not writable.

To resolve the issue I:

  1. Boot to the Windows 2008 Server Install DVD
  2. Click “Repair Computer” on the second screen
  3. Open a command prompt on the second or third prompt
  4. Change directory to C:\Windows\System32\Config\
  5. Rename “SOFTWARE” to “SOFTWARE.BAK”
  6. Copy “RegBack\SOFTWARE” to that directory
  7. Reboot

This restored the SOFTWARE registry to its previous state before the Windows Update. I then had a pending list of Windows Updates to install again. But I’ll leave that for another day for now to see if anyone else is having issues.

#blue-screen-of-death, #microsoft, #registry, #update, #windows, #windows-2008-server

Installing Blue Dragon 9.0 Alpha

I have a new project that requires Blue Dragon 9.0 Alpha (.NET). I never used Blue Dragon before and it ended up taking me a few days to get up and running.

First of all there is no documentation and there is practically no discussion around it. So I’m writing this in hopes it helps someone out.

The files I’m using are located at ftp://ftp.newatlanta.com/public/bluedragon/9_0/ .

 

The first step is to install IIS and ASP.NET. You may need to have .NET Framework 3.5 turned on as well.

Windows_Features

 

The second step is to make sure you have .NET Framework v4.0 installed.

 

The third step is to make sure you have an IIS site setup and using the .NET Framework v4.0 in the Application pools.

Application_Pools

 

The fourth step is to run BlueDragon_NET_90_alpha.exe in administrator mode.

At that point in time you’ll find an error message when you run the site:

Example: “Access to the path ‘C:\inetpub\wwwroot\BD Test\App_Data\bluedragon\config’ is denied.”

You will need to create a directory structure underneath your website directory:

App_Data
-bluedragon
–config
—bluedragon.xml
–work
—cfchart
—cfcollection
—cfdocument
—cflog
—cfschedule
—temp

The bluedragon.xml file is the following:

<?xml version="1.0" encoding="UTF-8"?>
<server>
</server>

 

After you create the directories and file, you will then get the following error:

Object reference not set to an instance of an object.
ConfigurationErrorsException: Could not create NewAtlanta.BlueDragon.Diagnostics.LogTraceListener, NewAtlanta.BlueDragon, Version=9.0.0.0, Culture=neutral, PublicKeyToken=7551335de9fc3c36.

To fix this, you will need to add the app pool’s user and grant is modify or full permissions.

When you add the user, use your machine’s location  (as opposed to the domain), then enter the object name “IIS AppPool\[app pool name]”. For example “IIS AppPool\BD Test”. Then click “Check Names”. This will resolve the name to the app pool name.

App_Pool_User

 

 

This should get you up and running with BlueDragon.NET 9.0 Alpha.

There are currently two patch files in the FTP site. If you run them, you may end up with an error “Could not load type ‘System.ServiceModel.Activation.HttpModule'”. To correct this run this to re-register ASP.NET:

c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -iru

#net, #9, #alpha, #application-pools, #bluedragon, #coldfusion-2, #windows