I can’t copy and paste anything but it explains how the latest intel “Security” addons aren’t secure at all….they make it trivially easy for your system to be hardware rooted..making it impossible for you to regain control of your system.
Intel Small Business Advantage is a security nightmare | SemiAccurate.
I got Hyper-v working finally here at my office. I now have one box hosting 3 virtual mahcines. VM 1 is my Astaro firewall. VM 2 is my main AD file/print/authentication server. VM 3 is my Astaro Command Center which aggregates status and updates from my astaro and my other client installs to me. This allows me to monitor all of my Astaro easily in one spot without having to constantly individually touch each machine. My power usage used to idle at nearly 130 watts. My idle power now hovers around 60 watts. I now average less than 90 watts which means nearly half of my power budget is now gone. The host machine is running server 2008 R2 enterprise with Hyper-v. It has three physical nics. It also mirrors all functions of the main server except for file serving.
As for resource allocation here is the breakdown:
VM1: 4 vcpus, 2 gigs of ram(static), 3 virtual nics, 80 gigs of dynamic storage on RAID 1, 25% total system cpu ghz reserved with the ability to burst to 50% usage with medium priority.
VM2: 2 vcpus, 2 gigs ram(static), 1 virtual nic, 500 gigs of dynamic storage assigned on it’s own raid 1 array, 0% cpu reservation with burst to 25% cpu with medium priority.
VM3: 4 vcpus, 1 gig ram(static), 1 virtual nic, 120 gigs of dynamic RAID 1 storage, 0% cpu reservation with burst to 25%.
Right now the host machine spends most of it’s time at idle. Considering how little power this draws it will pay for itself in under 1 year.
Vmware is really easy but it doesn’t work with machines that do not have hardware assisted RAID. Most of my clients(including myself) don’t have enough I/O demands tht a hardware accelerated card is required. This is when the beauties of Linux MD(NOT DM) RAID come into play. VMware doesn’t support MD raid…but the Linux kernel does. After ordering up a new server and much initial testing I have decided to standardize on Ubuntu LTS and KVM for my MD RAID Clients. The control panel is the great cloudmin product made by the folks who bring you webmin and virtualmin. The final leg of testing this solution is to use the vmware convertor and then pulling that image into kvm. If that goes well then the ECC platform has two interations:
For clients with larger budgets that include hardware assisted RAID: VMware ESXI along with a third party backup script
For clients with smaller budgets that use MD RAID: Ubuntu LTS w/KVM and Cloudmin.
I’m hoping to wrap up testing in the next month or two then ECC will release the official product announcement.
While “clouds” on the internet are a terrible idea they do have their place INSIDE the building. I am currently building and researching exactly this type of internal cloud. In my shop I have two servers. At idle(which is where most of them spend their time) they draw nearly 135 watts from my electrical system. That’s nuts. I have ordered a new server that i am going to put both of my servers onto as virtualized machines. My idle power shold be cut at least in half. Here are the specs of the baseline host I am going to be building from:
Dell Poweredge T110
Ram: Upgraded to 8 gigabytes
Network: at least two network interfaces
Hard disk: 2 x 2 Tterabyte SATA drives
RAID: Linux softwar RAID 1 or H200 hardware raid card depending on client needs(i am going to use Linux software raid)
processor: Intel XEON x3430
Applications:
Windows server standard
Zimbra
Astaro
Untangle
others as determined by client needs.
Hypervisors Undergoing Evaluation:
1. Microsoft Hyper-V
2. KVM
3. Citrix XEN
Cost of hypervisor software: Zero
This is just the bare minimum that ECC will specify for business clients going forward. ECC is currently building the baseline for operational testing in house. Once testing is completed an announcement of release will follow. ECC will be migration all clients to this internal baseline cloud over time.
as technology and pricing changes this will change. Right now here is what i would reccomend for somebody like me…a light gamer with heavy multitasking single threaded programs:
| Qty. | Image | Product Description | Unit Price | Savings | Total Price | |
|---|---|---|---|---|---|---|
 |
|
$124.99 | $124.99 | |||
 |
|
$77.99 | $77.99 | |||
 |
|
$89.99 | $89.99 | |||
 |
|
$269.99 | $269.99 | |||
| Subtotal: | $562.96 | |||||
Of course I already have a hdd, video card, optical drive that i am carrying over..:)
So Intel is going to continue to sell defective products. The new fixed parts won’t be out until Apr-June timeframe. Yes you can work around the defect by not using the sata-2 ports…why should we have to do this? If anyone buys a sandy bridge part before the new chipsets come out you are rewarding Intel for selling you defective parts.
In other words, Intel will keep shipping these faulty chip sets, but only to motherboard manufacturers that promise to put them in systems that don’t use the SATA 2 ports. Note that SATA 3 ports aren’t affected by the bug. It isn’t clear — at least, I couldn’t tell by reading the press release — whether Intel is insisting that the mother board not have any functioning SATA 2 ports or if those ports must be electronically disconnected or even physically removed. The statement is vague enough that Intel may be shipping faulty chip sets to PC vendors who promise to put their hard drives on the SATA 3 connection, not the SATA 2 connection.Unless Intel modifies or clarifies its position, here’s where you stand. If you buy an i5- or i7- based PC in the next few months, the motherboard may have this basic defect. Chances are good you won’t bump into the SATA 2 problem — depending on how Intel defines “not impacted” — but if you install a SATA 2 device in the future, that device may some day start misbehaving. If you do anything else that requires a SATA 2 connection, maybe you’ll get lucky — or maybe you won’t. The description we have at this point isn’t detailed enough to tell what kind of restrictions will be put in place and how Intel will monitor those 8 million chip sets to make sure they’re treated properly.
via Intel pulls a fast one in Sandy Bridge fiasco | Processors – InfoWorld.
Ever wondered what all those acronyms are that are behind your CPU description? I’ll try to put them down in this FAQ. I am missing a few. Sorry for that, I’ll keep on hunting though. 
To see the options on your CPU, use the following:
For Windows: CPUZ can help.
For Macintosh PPC (OS X): CPUID Mac can help (will point to a zip file).
For Linux: in the console type cat /proc/cpuinfo
- 3DNOW
A multimedia extension created by AMD for its processors, based on MMX.
- 3DNOWEXT
3DNOW Extensions. Could also pertain to AMD’s 3DNow! Enhanced/Extended.
- ACPI
Advanced Configuration and Power Interface.
- APIC
Advanced Programmable Interrupt Controller.
- CID+
Most probaly this stands for Certified Interconnect Designer. (A certification for experienced PCB design professionals.)
- CLFSH/CLFlush
Cache Line Flush.
- CMOV
Conditional Move/Compare Instruction.
- CMP_Legacy
Register showing the CPU is not Hyper-Threading capable.
- Constant_TSC
on Intel P-4s, the TSC runs with constant frequency independent of cpu frequency when EST is used.
- CR8Legacy
??
- CX8
CMPXCHG8B Instruction. (Compare and exchange 8 bytes. Also known as f00f (pronounced “foof”), an abbreviation of f0 0f c7 c8, is the hexadecimal encoding of an instruction that exhibits a design flaw in the majority of Intel Pentium, Pentium MMX, and Pentium OverDrive processors).
- CX16
CMPXCHG16B Instruction. (CMPXCHG16B allows for atomic operations on 128-bit double quadword (or oword) data types. This is useful for high resolution counters that could be updated by multiple processors (or cores). Without CMPXCHG16B the only way to perform such an operation is by using a critical section.)
- DE
Debugging Extensions.
- DS
Debug Store.
- DS_CPL
CPL qualified Debug Store.
- DTS
Digital Thermal Sensor.
or
Debug Trace Store.
- EM64T
Intel Extended Memory 64 Technology. Intel’s derivative of AMD’s 64bit CPU technology. Uses 64bit CPU registers and 64bit physical RAM addresses (page addresses) to support up to 1 tebibyte of RAM, which can later be extended (through future processor revisions) to 1 Pebibyte.
- EIST
Enhanced Intel SpeedStep.
- FID
Frequency IDentifier.
- FPU
x87 Floating Point Unit built into the CPU. This is where most mathematically intense calculations take place. Used to be a separate chip on the 80486SX and earlier (called the 80487 or 80387, etc. 80486DX had FPU built-in as well). All Pentium CPUs and later have this functionality built in.
- FXSR
FXSAVE/FXRSTOR. (The FXSAVE instruction writes the current state of the x87 FPU, MMX technology, Streaming SIMD Extensions, and Streaming SIMD Extensions 2 data, control, and status registers to the destination operand. The destination is a 512-byte memory location. FXRSTOR will restore the state saves).
- FXSR_OPT
??
- HT
Hyper-Transport.
- HTT
Hyper-Threading Technology. The ability to use one physical CPU as two separate logical CPUs by taking advantage of unused CPU registers during typical operation in an attempt to make the CPU more efficient. If multiple programs use the same registers by both logical CPUs, Hyper-threading can actually be known to slow down overall performance in some cases.
- LAHF_LM
Load Flags into AH Register, Long Mode.
- LM
Long Mode. (64bit Extensions).
- MCA
Machine Check Architecture.
- MCE
Machine Check Exception.
- MMX
It is rumoured to stand for MultiMedia eXtension or Multiple Math or Matrix Math eXtension, but officially it is a meaningless acronym trademarked by Intel.
- MMXEXT
MMX Extensions.
- MNI
Modular Network Interface.
or
Merom New Instruction. See SSSE3.
- MON (MONITOR)
CPU Monitor.
- MSR
RDMSR and WRMSR Support.
- MTRR
Memory Type Range Register.
- NNI
Nehalem New Instructions (NNI). See SSE4.
- NX
No eXecute. (the ability to not run code.)
- PAE
Physical Address Extensions. PAE is the added ability of the IA32 processor to address more than 4 GB of physical memory using Intel’s 36bit page addresses instead of the standard 32bit page addresses to access a total of 64gibibytes of RAM. Most AMD chips support PAE as well.
PAE is the second method supported to access memory above 4 GB (PSE36 being the first); this method has been widely implemented. PAE maps up to 64 GB of physical memory into a 32-bit (4 GB) virtual address space using either 4-KB or 2-MB pages. The Page directories and the page tables are extended to 8 byte formats, allowing the extension of the base addresses of page tables and page frames to 24 bits (from 20 bits). This is where the extra four bits are introduced to complete the 36-bit physical address.
Windows supports PAE with 4-KB pages. PAE also supports a mode where 2-MB pages are supported. Many of the UNIX operating systems rely on the 2 MB-page mode. The address translation is done without the use of page tables (the PDE supplies the page frame address directly).
- PAT
Page Attribute Table.
- PBE
Pending Break Encoding.
- PGE
PTE Global Bit.
- PNI
Prescott New Instruction. This was the codename for SSE3 before it was released on the Intel Prescott processor (which was later added to the Pentium 4 family name).
- PSE
Page Size Extensions. (See PSE36).
- PSE36
Page Size Extensions 36. IA-32 supports two methods to access memory above 4 GB (32 bits). PSE (Page Size Extension) was the first method, which shipped with the Pentium II. This method offers a compatibility advantage because it kept the PTE (page table entry) size of 4 bytes. However, the only practical implementation of this is through a driver. This approach suffers from significant performance limitations, due to a buffer copy operation necessary for reading and writing above 4 GB. PSE mode is used in the PSE 36 RAM disk usage model.
PSE uses a standard 1K directory and no page tables to extend the page size 4-MB (eliminating one level of indirection for that mode). The Page Directory Entries (PDE) contains 14 bits of address, and when combined with the 22-bit byte index, yields the 36 bits of extended physical address. Both 4-KB and 4-MB pages are simultaneously supported below 4 GB, with the 4-KB pages supported in the standard way.
Note that pages located above 4 GB must use PSE mode (with 4-MB page sizes).
- SEP
SYSENTER and SYSEXIT.
- SS
Self-Snoop.
- SSE
Streaming SIMD Extensions. (70 new Single Instruction, Multiple Data instructions built in in the CPU.) Debuted with the Intel Pentium III processor. AMD’s first chip to support SSE was the Athlon XP.
- SSE2
Streaming SIMD Extensions 2. (An additional 144 SIMDs.) Debuted with the Intel Pentium 4 processor. AMD’s first chip to support SSE2 was the Athlon 64.
- SSE3
Streaming SIMD Extensions 3. (An additional 13 instructions) Debuted with the “Prescott” revision Intel Pentium 4 processors. AMD’s first chip to support SSE3 was the Athlon 64 “Venice” revision.
- SSSE3
Supplemental Streaming SIMD Extension 3. (SSSE3 contains 16 new discrete instructions over SSE3. Each can act on 64-bit MMX or 128-bit XMM registers. Therefore, Intel’s materials refer to 32 new instructions.) Debuted on Intel Core 2 Duo processors. No AMD chip supports SSSE3 yet.
- SSE4
Streaming SIMD Extentions 4. Future Intel SSE revision adding 50 new instructions which will debut on Intel’s upcoming “Nehalem” processor in 2008. Also known as “Nehalem New Instructions (NNI)”.
- SVM
Secure Virtual Machine. (AMD’s virtualization extensions to the 64-bit x86 architecture.)
- SYSCALL
System Call. (the mechanism used by an application program to request service from the operating system.)
- TNI
Tejas New Instruction. See SSSE3.
- TM
Thermal Monitor.
- TM2
Thermal Monitor 2.
- TPR
Task Priority Register.
- TS
Thermal Sensor.
- TSC
Time Stamp Counter. (is used whenever possible to further improve the accuracy of the speed measurement.)
- TTP
Thermal Trip.
- VID
Voltage IDentifier.
- VME
Virtual-8086 Mode Enhancement.
- VMX
An AltiVec floating point and integer SIMD instruction set. (Used by Apple, IBM, Motorola and Freescale Semiconductor.)
- XTPR
TPR register chipset update control messenger. Part of the APIC code.
Ok folks. Here it comes. MS and Intel(Wintel is NOT dead) wants to have everything signed by it so that there’s no more bad or malicious code. Of course this would put an end to the open source movement and several other industries in the software arena(which MS would LOVE to have happen). I don’t know how but somebody needs to clean engineer another ISA and we need to move from x86 yesterday at this point. If you like Apple’s we control everything…then this is going to be for you. I like the free, open way of doing things…frankly when something like this goes through it’s going to spell the end of choice on your own pc’s.
In describing the motivation behind Intel’s recent purchase of McAfee for a packed-out audience at the Intel Developer Forum, Intel’s Paul Otellini framed it as an effort to move the way the company approaches security “from a known-bad model to a known-good model.” Otellini went on to briefly describe the shift in a way that sounded innocuous enough–current A/V efforts focus on building up a library of known threats against which they protect a user, but Intel would love to move to a world where only code from known and trusted parties runs on x86 systems. It sounds sensible enough, so what could be objectionable about that?
Depending how enamored you are of Apple’s App Store model, where only Apple-approved code gets to run on your iPhone, you may or may not be happy in Intel’s planned utopia. Because, in a nutshell, the App Store model is more or less what Intel is describing. Regardless of what you think of the idea, its success would have at least two unmitigated upsides: 1) everyone will get vPro by default (i.e., it seems hard to imagine that Intel will still charge for security as an added feature), and 2) it would put every security company (except McAfee, of course), out of business. (The second one is of course a downside for security vendors, but it’s an upside for users who despise intrusive A/V software.)
via Intel’s walled garden plan to put A/V vendors out of business.
They are jumping right into virtualization. Their biggest concern is they are hitting the limits of their colos power envelope before they start getting charged. They are going to reduce their server footprint by about half and hopefully save some power as well. I’ll be tracking this however feel free to watch form Anandtech directly.
AnandTech 2010 Server Upgrade: The CPUs – AnandTech :: Your Source for Hardware Analysis and News.
You can read about the donation here. I have three IBM x335′s on the way with dual p-4 xeon 2.8 ghz cpu’s, dual 36 gig 10k rpm SCSI drives with hardware raid 1, 4 gigs of ram, all the cables needed including ILO, and rails. All for the cost of shipping. Why am I posting about it here? I run the network at my church. This will be the first time I can start something like this from the ground up and document what I do, how I do it, and what hardware and software I do it with. I will also be able to show just how much free software can do and still integrate with an established Active Directory layout as well. It’s something for other potential NPO clients to be able to see what some creative thinking can accomplish for little or no cost…:) Stay tuned I’ve created a whole new category for this..:)
