Key Performance Counters and their thresholds for Windows Server (suggested by Microsoft).

When you need to measure how many system resources your application consumes, you need to pay particular attention to the following:

• Disk I/O. Amount of read and write disk activity. I/O bottlenecks occur if read and write operations begin to queue.
• Memory. Amount of available memory, virtual memory, and cache utilization.
• Network. Percent of the available bandwidth being utilized, network bottlenecks.
• Processor. Processor utilization, context switches, interrupts and so on.

The next sections describe the performance counters that help you measure the preceding metrics. System Overview (General operating system performance analysis. Use this for a general analysis of the operating system performance counters) Formatting:

• Counter (Explanation)
  • Thresholds

• Disk

  • \LogicalDisk(*)\Avg. Disk sec/Read (Avg. Disk sec/Read is the average time, in seconds, of a read of data to the disk. This analysis determines if any of the physical disks are responding slowly)
    • Average disk responsiveness is slow – more than 15ms
    • Average disk responsiveness is very slow – more than 25ms
    • Disk responsiveness is very slow (spike of more than 25ms)
  • \LogicalDisk(*)\Avg. Disk sec/Write
    (Avg. Disk sec/Write is the average time, in seconds, of a write of data to the disk. This analysis determines if any of the physical disks are responding slowly)
    • Average disk responsiveness is slow – more than 15ms
    • Average disk responsiveness is very slow – more than 25ms
    • Disk responsiveness is very slow (spike of more than 25ms)
  • \LogicalDisk(*)\Disk Transfers/sec (Disk Transfers/sec is the rate of read and write operations on the disk)
    • Less than 80 I/O’s per second on average when disk latency is longer than 25ms. This may indicate too many virtual LUNs using the same physical disks on a SAN.
    • Less than 80 I/O’s per second on average when disk latency is longer than 25ms. This may indicate too many virtual LUNs using the same physical disks on a SAN. This was a spike – not an average.
  • \PhysicalDisk(*)\Avg. Disk sec/Read (Avg. Disk sec/Read is the average time, in seconds, of a read of data to the disk. This analysis determines if any of the physical disks are responding slowly)
    • Average disk responsiveness is slow – more than 15ms
    • Average disk responsiveness is very slow – more than 25ms
    • Disk responsiveness is very slow (spike of more than 25ms)
  • \PhysicalDisk(*)\Avg. Disk sec/Write (Avg. Disk sec/Write is the average time, in seconds, of a write of data to the disk. This analysis determines if any of the physical disks are responding slowly)
    • Average disk responsiveness is slow – more than 15ms
    • Average disk responsiveness is very slow – more than 25ms
    • Disk responsiveness is very slow (spike of more than 25ms
  • \Process(*)\IO Data Operations/sec
    (The rate at which the process is issuing read and write I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os)
    
    • This process is using more than 1000 data I/O’s per second
  • \Process(*)\IO Other Operations/sec
    (The rate at which the process is issuing I/O operations that are neither read nor write operations (for example, a control function). This counter counts all I/O activity generated by the process to include file, network and device I/Os)
    
    • This process is using more than 1000 data I/O’s per second

• Memory

Kernel Mode Memory

• \Memory\Available MBytes (Available MBytes is the amount of physical memory available to processes running on the computer, in Megabytes, rather than bytes as reported in Memory\Available Bytes. The Virtual Memory Manager continually adjusts the space used in physical memory and on disk to maintain a minimum number of available bytes for the operating system and processes. When available bytes are plentiful, the Virtual Memory Manager lets the working sets of processes grow, or keeps them stable by removing an old page for each new page added. When available bytes are few, the Virtual Memory Manager must trim the working sets of processes to maintain the minimum required)
  • Low on available memory – less than 10% available
  • Very low on available memory – less than 5% available
  • Decreasing trend of 10MB’s per hour. This could indicate a memory leak.
• \Memory\Free System Page Table Entries (Free System Page Table Entries is the number of page table entries not currently in used by the system. This analysis determines if the system is running out of free system page table entries (PTEs) by checking if there is less than 5,000 free PTE’s with a Warning if there is less than 10,000 free PTE’s. Lack of enough PTEs can result in system wide hangs)
  
  • Running low on PTE’s – less than 10,000 (If the free PTEs are under 10,000 the system is close to a system wide hang)
  • Critically low on PTE’s – less than 5000 (If the free PTEs are under 5000 the system is close to a system wide hang)
• \Memory\Pages Input/sec (Pages Input/sec is the rate at which pages are read from disk to resolve hard page faults. Hard page faults occur when a process refers to a page in virtual memory that is not in its working set or elsewhere in physical memory, and must be retrieved from disk. When a page is faulted, the system tries to read multiple contiguous pages into memory to maximize the benefit of the read operation. Compare the value of Memory\\Pages Input/sec to the value of Memory\\Page Reads/sec to determine the average number of pages read into memory during each read operation)
  
  • More then 10 page file reads per second
• \Memory\Pages/sec (If it is high, then the system is likely running out of memory by trying to page the memory to the disk. Pages/sec is the rate at which pages are read from or written to disk to resolve hard page faults. This counter is a primary indicator of the kinds of faults that cause system-wide delays. It is the sum of Memory\Pages Input/sec and Memory\Pages Output/sec. It is counted in numbers of pages, so it can be compared to other counts of pages, such as Memory\Page Faults/sec, without conversion. It includes pages retrieved to satisfy faults in the file system cache (usually requested by applications) non-cached mapped memory files)
  
  • High pages/sec – greater than 1000 (If it’s higher than 1000, the system is could be beginning to run out of memory. Consider reviewing the processes to see which processes are taking up the most memory or consider adding more memory)
  • Very high average pages/sec – greater than 2500 (If this is greater than 2500, the system could be experiencing system-wide delays due to insufficient memory. Consider reviewing the processes to see which processes are taking up the most memory or consider adding more memory)
    
  • Critically high average pages/sec – greater than 5000 (If this is greater than 5000. If so, the system is most likely experiencing delays due to insufficient memory. Consider reviewing the processes to see which processes are taking up the most memory or consider adding more memory)
  • Spike in pages/sec – greater than 1000 (If this is greater than 5000. If so, the system is most likely experiencing delays due to insufficient memory. Consider reviewing the processes to see which processes are taking up the most memory or consider adding more memory)
• \Memory\Pool Nonpaged Bytes
  • Low on Pool NonPaged memory
    - less than 40% available (If the systems exceeds more that 60% of the Pool Non-paged bytes memory pool, then consider removing the /3GB switch or consider migrating to a 64-bit system.
  • Critically low on Pool NonPaged memory – less than 20% available (If the system exceeds 80% of the Pool Non-paged bytes memory pool. If so, consider removing the /3GB switch or consider migrating to a 64-bit system.
• \Memory\Pool Paged Bytes (if the system is becoming close to the maximum Pool paged memory size. Pool Paged Bytes is the size, in bytes, of the paged pool, an area of system memory (physical memory used by the operating system) for objects that can be written to disk when they are not being used)
  
  • Low on Pool Paged memory – less than 40% available
  • Critically low on Pool Paged memory – less than 20% available
    

User Mode Memory

• \Process(*)\Private Bytes (Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes)
  
  • For Windows 32 Bit: 250MB delta between Minimum Size and Maximum Size
    (Maximum – Minimum = !>(not greater than) 250MB)
    
  • For Windows 64 Bit: 500MB delta between Minimum Size and Maximum Size
    (Maximum – Minimum = !> (not greater than) 500MB)
    
• \Process(*)\Working Set (Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory)
  
  • For Windows 32 Bit: 250MB delta between Minimum Size and Maximum Size
    (Maximum – Minimum = !>(not greater than) 250MB)
    
  • For Windows 64 Bit: 500MB delta between Minimum Size and Maximum Size
    (Maximum – Minimum = !> (not greater than) 500MB)
    

• • • • \Process(*)Thread Count (The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that         executes instructions. Every running process has at least one thread.)
        
        • For Windows 32 Bit: 500MB delta between Minimum Size and Maximum Size
          (Maximum – Minimum = !>(not greater than) 500MB)
          
        • For Windows 64 Bit: 1000MB delta between Minimum Size and Maximum Size
          (Maximum – Minimum = !> (not greater than) 1000MB)

        \Process(*)\Handle Count (How many handles each process has open and determines if a handle leaks is suspected. A process with a large number of handles and/or an aggresive upward trend could indicate a handle leak which typically results in a memory leak. The total number of handles currently open by this process. This number is equal to the sum of the handles currently open by each thread in this process)

        • • For Windows 32 Bit: 500MB delta between Minimum Size and Maximum Size
            (Maximum – Minimum = !>(not greater than) 500MB)
            
          • For Windows 64 Bit: 1000MB delta between Minimum Size and Maximum Size
            (Maximum – Minimum = !> (not greater than) 1000MB)
            

        • Network

          • \Network Interface(*)\Output Queue Length
            • High Network I/O – more than 1 thread waiting on network I/O (If the output queue length is greater than 1. If so, this system’s network is nearing capacity. Consider analyzing network traffic to determine why network I/O is nearing capacity such as *chatty* network services and/or large data transfers)
            • Very high network I/O – more than 2 threads waiting on network I/O (if the output queue length is greater than 2. If so, this system’s network is over capacity. Consider analyzing network traffic to determine why network I/O is nearing capacity such as *chatty* network services and/or large data transfers)
          • Network Utilization Analysis (Bytes Total/sec is the rate at which bytes are sent and received over each network adapter, including framing characters. Network Interface\Bytes Received/sec is a sum of Network Interface\Bytes Received/sec and Network Interface\Bytes Sent/sec. This counter indicates the rate at which bytes are sent and received over each network adapter. This counter helps you know whether the traffic at your network adapter is saturated and if you need to add another network adapter. How quickly you can identify a problem depends on the type of network you have as well as whether you share bandwidth with other applications.
            
            • \Network Interface(*)\Bytes Total/sec
            • \Network Interface(*)\Current Bandwidth
              • Thresholds:
                • High average network utilization – more than 50%
                • Very high average network utilization – more than 80%
                  
          • Server\Bytes Total/sec (This counter indicates the number of bytes sent and received over the network. Higher values indicate network bandwidth as the bottleneck. If the sum of Bytes Total/sec for all servers is roughly equal to the maximum transfer rates of your network, you may need to segment the network)
            
            • Not be more than 50 percent of network capacity.
              

        • Processor:

          • Processor\% Processor Time (This counter is the primary indicator of processor activity. High values many not necessarily be bad. However, if the other processor-related counters are increasing linearly such as % Privileged Time or Processor Queue Length, high CPU utilization may be worth investigating)
            
            • Significant Processor Use Suspected – more than 60% CPU utilization
              
            • Excessive Processor Use Suspected – more than 80% CPU utilization
          • \Processor\% Privileged Time
            
            • Consistently over 75 percent indicates a bottleneck.
              
          • \System\Context Switches/sec (Context switching happens when a higher priority thread preempts a lower priority thread that is currently running or when a high priority thread blocks. High levels of context switching can occur when many threads share the same priority level. This often indicates that there are too many threads competing for the processors on the system. If you do not see much processor utilization and you see very low levels of context switching, it could indicate that threads are blocked)
            
            • High context switches/sec – more than 5000 context switches per second
              
            • Very high context switches/sec – more than 15,000 context switches per second
              
          • \Processor(*)\% Interrupt Time
            (This counter indicates the percentage of time the processor spends receiving and servicing hardware interrupts. This value is an indirect indicator of the activity of devices that generate interrupts, such as network adapters. A dramatic increase in this counter indicates potential hardware problems)
            
            • High CPU Interrupt Time – more than 30% interrupt time (A high amount of % Interrupt Time in the processor could indicate a hardware or driver problem)
            • Very high CPU Interrupt Time – more than 50% interrupt time (A very high amount of % Interrupt Time in the processor could indicate a hardware or driver problem)
          • System\Processor Queue Length (If there are more tasks ready to run than there are processors, threads queue up. The processor queue is the collection of threads that are ready but not able to be executed by the processor because another active thread is currently executing. A sustained or recurring queue of more than two threads is a clear indication of a processor bottleneck. You may get more throughput by reducing parallelism in those cases. You can use this counter in conjunction with the Processor\% Processor Time counter to determine if your application can benefit from more CPUs. There is a single queue for processor time, even on multiprocessor computers. Therefore, in a multiprocessor computer, divide the Processor Queue Length (PQL) value by the number of processors servicing the workload. If the CPU is very busy (90 percent and higher utilization) and the PQL average is consistently higher than 2 per processor, you may have a processor bottleneck that could benefit from additional CPUs. Or, you could reduce the number of threads and queue more at the application level. This will cause less context switching, and less context switching is good for reducing CPU load. The common reason for a PQL of 2 or higher with low CPU utilization is that requests for processor time arrive randomly and threads demand irregular amounts of time from the processor. This means that the processor is not a bottleneck but that it is your threading logic that needs to be improved)
          • Each processor has 10 or more threads waiting.(Determines if the average processor queue length exceeds the number of processors by 10. If this threshold is broken, then the processor(s) may be at capacity)

        Each processor has 20 or more threads waiting(Determines if the average processor queue length exceeds twenty times the number of processors. If this threshold is broken, then the processor(s) are beyond capacity)

Uninstall updates or hotfixes in Windows 7

I found a question on a Dutch forum,my home country where a user was asking how to uninstall an hotfix or update in Windows 7.
The old way, with looking into registry hive HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall doens’t work anymore, he noticed Normally there was a reference to a msiexec guid string, which you could you use to uninstall an update or hotfix.

After some research I found out that Windows 7 included an new commando to uninstall updates, called. The syntax is a follows:
wusa.exe /uninstall /kb:(kb number)

Prior to Windows 7, wusa.exe included install support only. In Windows 7, wusa.exe includes uninstall support so that administrators can uninstall updates from a command line. Users can uninstall an update by providing the package number (from the Microsoft Knowledge Base) of the update to be uninstalled.

Vulnerability in SMBv2 (File Sharing)

There is at the moment an unpatched zero-day vulnerability in SMBv2. Windows Vista and newer Windows comes with a new SMB version named SMB2. At attacker is able with a Python script to generate a remote BSOD(Blue Screen of Death). I advise everyone who has not done it,to block the TCP ports 139 and 445 at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. Several Windows services use the affected ports. Blocking connectivity to the ports may cause various applications or services to not function.Also disable SMBv2 using this commands in a DOS prompt:

sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc config mrxsmb20 start= disabled

If there is a patch you can enable them back.SMB 2.0 for Windows Vista or Windows Server 2008 systems and newer that are the “client” systems run the following commands:

sc config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc config mrxsmb20 start= auto

What is exact technical cause:

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for futher communication.

For more information see this security advisory:

Microsoft Security Advisory (975497)

Update:

• Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability.
• In Windows Vista, if the network profile is set to “Public”, the system is not affected by this vulnerability, since unsolicited inbound network packets are blocked by default.

Windows 7 Keyboard Shortcuts (Accelerator Keys or Hotkeys) Full Listing

Here’s the full list of Windows 7 keyboard shortcuts or accelerator hotkeys available on the operating system level and also for several built-in application programs in Windows 7, as published by Microsoft. I hope this will be useful for my readers.

Ease of Access keyboard shortcuts

• Right Shift for eight seconds: Turn Filter Keys on and off
• Left Alt + Left Shift + PrtScn (or PrtScn): Turn High Contrast on or off
• Left Alt + Left Shift + Num Lock: Turn Mouse Keys on or off
• Shift five times: Turn Sticky Keys on or off
• Num Lock for five seconds: Turn Toggle Keys on or off
• Windows logo key + U: Open the Ease of Access Center

General keyboard shortcuts

• F1: Display Help
• Ctrl + C (or Ctrl + Insert): Copy the selected item
• Ctrl + X: Cut the selected item
• Ctrl + V (or Shift + Insert): Paste the selected item
• Ctrl + Z: Undo an action
• Ctrl + Y: Redo an action
• Delete (or Ctrl + D): Delete the selected item and move it to the Recycle Bin
• Shift + Delete: Delete the selected item without moving it to the Recycle Bin
  

  first

• F2: Rename the selected item
• Ctrl + Right Arrow: Move the cursor to the beginning of the next word
• Ctrl + Left Arrow: Move the cursor to the beginning of the previous word
• Ctrl + Down Arrow: Move the cursor to the beginning of the next paragraph
• Ctrl + Up Arrow: Move the cursor to the beginning of the previous paragraph
• Ctrl + Shift with an arrow key: Select a block of text
• Shift + any arrow key: Select more than one item in a window or on the desktop, or select text within a document
• Ctrl + any arrow key + Spacebar: Select multiple individual items in a window or on the desktop
• Ctrl + A: Select all items in a document or window
• F3: Search for a file or folder
• Alt + Enter: Display properties for the selected item
• Alt + F4: Close the active item, or exit the active program
• Alt + Spacebar: Open the shortcut menu for the active window
• Ctrl + F4: Close the active document (in programs that allow you to have multiple documents open simultaneously)
• Alt + Tab: Switch between open items
• Ctrl + Alt + Tab: Use the arrow keys to switch between open items
• Ctrl + Mouse scroll wheel: Change the size of icons on the desktop
• Windows logo key + Tab: Cycle through programs on the taskbar by using Aero Flip 3-D
• Ctrl+ Windows logo key + Tab: Use the arrow keys to cycle through programs on the taskbar by using Aero Flip 3-D
• Alt + Esc: Cycle through items in the order in which they were opened
• F6: Cycle through screen elements in a window or on the desktop
• F4: Display the address bar list in Windows Explorer
• Shift + F10: Display the shortcut menu for the selected item
• Ctrl + Esc: Open the Start menu
• Alt + underlined letter: Display the corresponding menu
• Alt + underlined letter: Perform the menu command (or other underlined command)
• F10: Activate the menu bar in the active program
• Right Arrow: Open the next menu to the right, or open a submenu
• Left Arrow: Open the next menu to the left, or close a submenu
• F5 (or Ctrl + R): Refresh the active window
• Alt + Up Arrow: View the folder one level up in Windows Explorer
• Esc: Cancel the current task
• Ctrl + Shift + Esc: Open Task Manager
• Shift when you insert a CD: Prevent the CD from automatically playing
• Left Alt + Shift: Switch the input language when multiple input languages are enabled
• Ctrl + ShiftL: Switch the keyboard layout when multiple keyboard layouts are enabled
• Right or Left Ctrl + Shift: Change the reading direction of text in right-to-left reading languages

Dialog box keyboard shortcuts

• Ctrl + Tab: Move forward through tabs
• Ctrl + Shift + Tab: Move back through tabs
• Tab: Move forward through options
• Shift + Tab: Move back through options
• Alt + underlined letter: Perform the command (or select the option) that goes with that letter
• Enter: Replaces clicking the mouse for many selected commands
• Spacebar: Select or clear the check box if the active option is a check box
• Arrow keys: Select a button if the active option is a group of option buttons
• F1: Display Help
• F4: Display the items in the active list
• Backspace: Open a folder one level up if a folder is selected in the Save As or Open dialog box

Windows logo key keyboard shortcuts

• Windows logo key: Open or close the Start menu.
• Windows logo key + Pause: Display the System Properties dialog box.
• Windows logo key + D: Display the desktop.
• Windows logo key + M: Minimize all windows.
• Windows logo key + Shift + M: Restore minimized windows to the desktop.
• Windows logo key + E: Open Computer.
• Windows logo key + F: Search for a file or folder.
• Ctrl + Windows logo key + F: Search for computers (if you’re on a network).
• Windows logo key + L: Lock your computer or switch users.
• Windows logo key + R: Open the Run dialog box.
• Windows logo key + T: Cycle through programs on the taskbar.
• Windows logo key + number: Start the program pinned to the taskbar in the position indicated by the number. If the program is already running, switch to that program.
• Shift + Windows logo key + number: Start a new instance of the program pinned to the taskbar in the position indicated by the number.
• Ctrl + Windows logo key + number: Switch to the last active window of the program pinned to the taskbar in the position indicated by the number.
• Alt + Windows logo key + number: Open the Jump List for the program pinned to the taskbar in the position indicated by the number.
• Windows logo key + Tab: Cycle through programs on the taskbar by using Aero Flip 3-D.
• Ctrl+Windows logo key + Tab: Use the arrow keys to cycle through programs on the taskbar by using Aero Flip 3-D.
• Ctrl+Windows logo key + B: Switch to the program that displayed a message in the notification area.
• Windows logo key + Spacebar: Preview the desktop.
• Windows logo key + Up Arrow: Maximize the window.
• Windows logo key + Left Arrow: Maximize the window to the left side of the screen.
• Windows logo key + Right Arrow: Maximize the window to the right side of the screen.
• Windows logo key + Down Arrow: Minimize the window.
• Windows logo key + Home: Minimize all but the active window.
• Windows logo key + Shift + Up Arrow: Stretch the window to the top and bottom of the screen.
• Windows logo key + Shift+ Left Arrow or Right Arrow: Move a window from one monitor to another.
• Windows logo key + P: Choose a presentation display mode.
• Windows logo key + G: Cycle through gadgets.
• Windows logo key + U: Open Ease of Access Center.
• Windows logo key + X: Open Windows Mobility Center.

Windows Explorer keyboard shortcuts

• Ctrl + N: Open a new window
• Ctrl + W: Close the current window
• Ctrl + Shift + N: Create a new folder
• End: Display the bottom of the active window
• Home: Display the top of the active window
• F11: Maximize or minimize the active window
• Ctrl + Period (.): Rotate a picture clockwise
• Ctrl + Comma (,): Rotate a picture counter-clockwise
• Num Lock + Asterisk (*) on numeric keypad: Display all subfolders under the selected folder
• Num Lock + Plus Sign (+) on numeric keypad: Display the contents of the selected folder
• Num Lock + Minus Sign (-) on numeric keypad: Collapse the selected folder
• Left Arrow: Collapse the current selection (if it’s expanded), or select the parent folder
• Alt + Enter: Open the Properties dialog box for the selected item
• Alt + P: Display the preview pane
• Alt + Left Arrow: View the previous folder
• Backspace: View the previous folder
• Right Arrow: Display the current selection (if it’s collapsed), or select the first subfolder
• Alt + Right Arrow: View the next folder
• Alt + Up Arrow: View the parent folder
• Ctrl + Shift + E: Display all folders above the selected folder
• Ctrl + Mouse scroll wheel: Change the size and appearance of file and folder icons
• Alt + D: Select the address bar
• Ctrl + E: Select the search box
• Ctrl + F: Select the search box

Taskbar keyboard shortcuts

• Shift + Click on a taskbar button: Open a program or quickly open another instance of a program
• Ctrl + Shift + Click on a taskbar button: Open a program as an administrator
• Shift + Right-click on a taskbar button: Show the window menu for the program
• Shift + Right-click on a grouped taskbar button: Show the window menu for the group
• Ctrl + Click on a grouped taskbar button: Cycle through the windows of the group

Magnifier keyboard shortcuts

• Windows logo key + Plus Sign or Minus Sign: Zoom in or out
• Ctrl + Alt + Spacebar: Preview the desktop in full-screen mode
• Ctrl + Alt + F: Switch to full-screen mode
• Ctrl + Alt + L: Switch to lens mode
• Ctrl + Alt + D: Switch to docked mode
• Ctrl + Alt + I: Invert colors
• Ctrl + Alt + arrow keys: Pan in the direction of the arrow keys
• Ctrl + Alt + R: Resize the lens
• Windows logo key + Esc: Exit Magnifier

Remote Desktop Connection keyboard shortcuts

• Alt + Page Up: Move between programs from left to right.
• Alt + Page Down: Move between programs from right to left.
• Alt + Insert: Cycle through programs in the order that they were started in.
• Alt + Home: Display the Start menu.
• Ctrl + Alt + Break: Switch between a window and full screen.
• Ctrl + Alt + End: Display the Windows Security dialog box.
• Alt + Delete: Display the system menu.
• Ctrl + Alt + Minus Sign (-) on the numeric keypad: Place a copy of the active window, within the client, on the Terminal server clipboard (provides the same functionality as pressing Alt + PrtScn on a local computer).
• Ctrl + Alt + Plus Sign (+) on the numeric keypad: Place a copy of the entire client window area on the Terminal server clipboard (provides the same functionality as pressing PrtScn on a local computer).
• Ctrl + Alt + Right Arrow: “Tab” out of the Remote Desktop controls to a control in the host program (for example, a button or a text box). Useful when the Remote Desktop controls are embedded in another (host) program.
• Ctrl + Alt + Left Arrow: “Tab” out of the Remote Desktop controls to a control in the host program (for example, a button or a text box). Useful when the Remote Desktop controls are embedded in another (host) program.

Paint keyboard shortcuts

• Ctrl + N: Create a new picture
• Ctrl + O: Open an existing picture
• Ctrl + S: Save changes to a picture
• F12: Save the picture as a new file
• Ctrl + P: Print a picture
• Alt + F4: Close a picture and its Paint window
• Ctrl + Z: Undo a change
• Ctrl + Y: Redo a change
• Ctrl + A: Select the entire picture
• Ctrl + X: Cut a selection
• Ctrl + C: Copy a selection to the Clipboard
• Ctrl + V: Paste a selection from the Clipboard
• Right Arrow: Move the selection or active shape right by one pixel
• Left Arrow: Move the selection or active shape left by one pixel
• Down Arrow: Move the selection or active shape down by one pixel
• Up Arrow: Move the selection or active shape up by one pixel
• Esc: Cancel a selection
• Delete: Delete a selection
• Ctrl + B: Bold selected text
• Ctrl + +: Increase the width of a brush, line, or shape outline by one pixel
• Ctrl + -: Decrease the width of a brush, line, or shape outline by one pixel
• Ctrl + I: Italicize selected text
• Ctrl + U: Underline selected text
• Ctrl + E: Open the Properties dialog box
• Ctrl + W: Open the Resize and Skew dialog box
• Ctrl + Page Up: Zoom in
• Ctrl + Page Down: Zoom out
• F11: View a picture in full-screen mode
• Ctrl + R: Show or hide the ruler
• Ctrl + G: Show or hide gridlines
• F10 or Alt: Display keytips
• Shift + F10: Show the current shortcut menu
• F1: Open Paint Help

WordPad keyboard shortcuts

• Ctrl + N: Create a new document
• Ctrl + O: Open an existing document
• Ctrl + S: Save changes to a document
• F12: Save the document as a new file
• Ctrl + P: Print a document
• Alt + F4: Close WordPad
• Ctrl + Z: Undo a change
• Ctrl + Y: Redo a change
• Ctrl + A: Select the entire document
• Ctrl + X: Cut a selection
• Ctrl + C: Copy a selection to the Clipboard
• Ctrl + V: Paste a selection from the Clipboard
• Ctrl + B: Make selected text bold
• Ctrl + I: Italicize selected text
• Ctrl + U: Underline selected text
• Ctrl + =: Make selected text subscript
• Ctrl + Shift + =: Make selected text superscript
• Ctrl + L: Align text left
• Ctrl + E Align text center
• Ctrl + R:: Align text right
• Ctrl + J: Justify text
• Ctrl + 1: Set single line spacing
• Ctrl + 2: Set double line spacing
• Ctrl + 5: Set line spacing to 1.5
• Ctrl + Shift + >: Increase the font size
• Ctrl + Shift + <: Decrease the font size
• Ctrl + Shift + A: Change characters to all capitals
• Ctrl + Shift + L: Change the bullet style
• Ctrl + D: Insert a Microsoft Paint drawing
• Ctrl + F: Find text in a document
• F3: Find the next instance of the text in the Find dialog box
• Ctrl + H: Replace text in a document
• Ctrl + Left Arrow: Move the cursor one word to the left
• Ctrl + Right Arrow: Move the cursor one word to the right
• Ctrl + Up Arrow: Move the cursor to the line above
• Ctrl + Down Arrow: Move the cursor to the line below
• Ctrl + Home: Move to the beginning of the document
• Ctrl + End: Move to the end of the document
• Ctrl + Page Up: Move up one page
• Ctrl + Page Down: Move down one page
• Ctrl + Delete: Delete the next word
• F10: Display keytips
• Shift + F10: Show the current shortcut menu
• F1: Open WordPad Help

Calculator keyboard shortcuts

• Alt + 1: Switch to Standard mode
• Alt + 2: Switch to Scientific mode
• Alt + 3: Switch to Programmer mode
• Alt + 4: Switch to Statistics mode
• Ctrl + E: Open date calculations
• Ctrl + H: Turn calculation history on or off
• Ctrl + U: Open unit conversion
• Alt + C: Calculate or solve date calculations and worksheets
• F1: Open Calculator Help
• Ctrl + Q: Press the M- button
• Ctrl + P: Press the M+ button
• Ctrl + M: Press the MS button
• Ctrl + R: Press the MR button
• Ctrl + L: Press the MC button
• %: Press the % button
• F9: Press the +/– button
• /: Press the / button
• *: Press the * button
• +: Press the + button
• -: Press the – button
• R: Press the 1/× button
• @: Press the square root button
• 0-9: Press the number buttons (0-9)
• =: Press the = button
• .: Press the . (decimal point) button
• Backspace: Press the backspace button
• Esc: Press the C button
• Del: Press the CE button
• Ctrl + Shift + D: Clear the calculation history
• F2: Edit the calculation history
• Up Arrow key: Navigate up in the calculation history
• Down Arrow key: Navigate down in the calculation history
• Esc: Cancel editing the calculation history
• Enter: Recalculate the calculation history after editing
• F3: Select Degrees in Scientific mode
• F4: Select Radians in Scientific mode
• F5: Select Grads in Scientific mode
• I: Press the Inv button in Scientific mode
• D: Press the Mod button in Scientific mode
• Ctrl + S: Press the sinh button in Scientific mode
• Ctrl + O: Press the cosh button in Scientific mode
• Ctrl + T: Press the tanh button in Scientific mode
• (: Press the ( button in Scientific mode
• ): Press the ) button in Scientific mode
• N: Press the ln button in Scientific mode
• ;: Press the Int button in Scientific mode
• S: Press the sin button in Scientific mode
• O: Press the cos button in Scientific mode
• T: Press the tan button in Scientific mode
• M: Press the dms button in Scientific mode
• P: Press the pi button in Scientific mode
• V: Press the F-E button in Scientific mode
• X: Press the Exp button in Scientific mode
• Q: Press the x^2 button in Scientific mode
• Y: Press the x^y button in Scientific mode
• #: Press the x^3 button in Scientific mode
• L: Press the log button in Scientific mode
• !: Press the n! button in Scientific mode
• Ctrl + Y: Press the y√x button in Scientific mode
• Ctrl + B: Press the 3√x button in Scientific mode
• Ctrl + G: Press the 10x button in Scientific mode
• F5: Select Hex in Programmer mode
• F6: Select Dec in Programmer mode
• F7: Select Oct in Programmer mode
• F8: Select Bin in Programmer mode
• F12: Select Qword in Programmer mode
• F2: Select Dword in Programmer mode
• F3: Select Word in Programmer mode
• F4: Select Byte in Programmer mode
• K: Press the RoR button in Programmer mode
• J: Press the RoL button in Programmer mode
• <: Press the Lsh button in Programmer mode
• >: Press the Rsh button in Programmer mode
• %: Press the Mod button in Programmer mode
• (: Press the ( button in Programmer mode
• ): Press the ) button in Programmer mode
• |: Press the Or button in Programmer mode
• ^: Press the Xor button in Programmer mode
• ~: Press the Not button in Programmer mode
• &: Press the And button in Programmer mode
• A-F: Press the A-F buttons in Programmer mode
• Spacebar: Toggles the bit value in Programmer mode
• A: Press the Average button in Statistics mode
• Ctrl + A: Press the Average Sq button in Statistics mode
• S: Press the Sum button in Statistics mode
• Ctrl + S: Press the Sum Sq button in Statistics mode
• T: Press the S.D. button in Statistics mode
• Ctrl + T: Press the Inv S.D. button in Statistics mode
• D: Press the CAD button in Statistics mode

Windows Journal keyboard shortcuts

• Ctrl + N: Start a new note
• Ctrl + O: Open a recently used note
• Ctrl + S: Save changes to a note
• Ctrl + Shift + V: Move a note to a specific folder
• Ctrl + P: Print a note
• Alt + F4: Close a note and its Journal window
• Ctrl + Z: Undo a change
• Ctrl + Y: Redo a change
• Ctrl + A: Select all items on a page
• Ctrl + X: Cut a selection
• Ctrl + C: Copy a selection to the Clipboard
• Ctrl + V: Paste a selection from the Clipboard
• Esc: Cancel a selection
• Delete: Delete a selection
• Ctrl + F: Start a basic find
• Ctrl + G: Go to a page
• F5: Refresh find results
• F5: Refresh the note list
• F6: Toggle between a note list and a note
• Ctrl + Shift + C: Display a shortcut menu for column headings in a note list
• F11: View a note in full-screen mode
• F1: Open Journal Help

Windows Help viewer keyboard shortcuts* Alt + C: Display the Table of Contents

• Alt + N: Display the Connection Settings menu
• F10: Display the Options menu
• Alt + Left Arrow: Move back to the previously viewed topic
• Alt + Right Arrow: Move forward to the next (previously viewed) topic
• Alt + A: Display the customer support
• page
• Alt + Home: Display the Help and Support home page
• Home: Move to the beginning of a topic
• End: Move to the end of a topic
• Ctrl + F: Search the current topic
• Ctrl + P: Print a topic
• F3: Move the cursor to the search box

System Center Service Manager

System Center Service Manager is a new product in the System Center product line from Microsoft.That is were this blog post will take a look at.

System Center Service Manager, currently in beta 1 and scheduled to ship in 2010, is a flexible IT automation platform that provides built-in workflows based on industry best practices for incident and problem resolution, change control, and asset lifecycle management.System Center Service Manager works with other System Center products to provide a desktop-to–data center perspective for orchestrating processes and knowledge. This unified approach helps reduce the effort required for improving the user experience as well as the performance and reliability of IT services.

Process management packs contain the necessary workflows, views, forms, templates, reports, and process activities to extend System Center Service Manager with the information necessary to implement all or part of a service-management process.

Here you will see a picture of architecture of System Center Service Manager

System Center Service Manager Architecture

1. User Experience Layer: Users can interact with Service Manager in two ways:

1. Self-service Portal: Targeted to end users, the self-service portal allows users to search the knowledge base, submit requests, and view the status of their requests.  The portal is based on ASP.NET.
2. Service Manager Console: Targeted to administrators and analysts, the Service Manager console resembles the other System Center products. Administrators use the Service Manager console to manage and configure Service Manager according to the organizational needs. Analysts use the Service Manager console to manage the day to day operational functions such as opening/resolving incidents, change requests and problems.

2. Solution Layer:  The middle layer forms the ITIL/MOF process automation layer that can be customized according to organizational needs. Processes supported by Service Manager out of the box include Incident Management, Problem Management, Change Management, and Configuration Management. The forms, automation workflows, reports, console views, and other console extensions necessary to support a process are packaged into management packs which can be imported into the product to extend and customize functionality. We’ll talk more about these in upcoming blog posts.

3. Platform Layer: The platform layer is the engine behind Service Manager. Highlighted below are significant components of the platform layer:

• Management Server: The Management Server hosts several platform components:
  • Connector Framework: The management server hosts connectors to System Center products and Active Directory to import configuration items such as computers, users, software, software updates, and other service components.
  • Workflow Engine: Service Manager uses Windows Workflow Foundation to automate business processes.
  • Self-service Portal Website: An ASP.NET website which end users access as described above.
  • Web Service API: An API layer built on Windows Communication Foundation which is accessed via a client-side assembly library. This is the main interface for programmatic interaction with Service Manager.
• Configuration Management Database (CMDB): A database that is the foundation of any SM installation. In addition to configuration items, the CMDB store also contains work items such as incidents or change requests. The store has many features such as automated reconciliation, change tracking, and a rich relationship model between configuration items and work items.
• Data Warehouse and Reporting: The data warehouse provides long term data storage for reporting purposes. The data is stored in a way that is optimized for reporting performance. The reporting infrastructure leverage SQL Server Reporting Services, but the reports are accessible directly from within the Service Manager console.

MCSE!

Yesterday, I passed for the last exam (70-297), which qualifies me now as an MCSE (Microsoft Certified Systems Engineer).This something I wanted to be for 2 years, and now I have the title. I’am very happy, and I really loved to do the exams and courses towards the certification. I’am not finished because next year, I will be doing the 2008 track for MCTIP:Enterprise Administrator and MCTIP:Server Administrator and maybe also the VCP(VMware Certified Professional) track. So lots of things to do.

Network Access Protection (NAP)

Network Access Protection (NAP) is one of the most desired and highly anticipated features of Windows Server 2008. NAP is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access.

How NAP Works

NAP is designed so that administrators can configure it to meet the individual needs of their networks. Therefore, the actual configuration of NAP will vary according to the administrator’s preferences and requirements. However, the underlying operation of NAP remains the same. This section describes how NAP works on an example intranet.

This example intranet is configured for the following:

• Health state validation, health policy compliance, and limited network access for noncompliant NAP clients
• IPsec enforcement, 802.1X enforcement, VPN enforcement, and DHCP enforcement

When obtaining a health certificate, making an 802.1X-authenticated or VPN connection to the intranet, or leasing or renewing an IPv4 address configuration from the DHCP server, each NAP client is classified in one of the following ways:

• NAP clients that meet the health policy requirements are classified as compliant and allowed unlimited access or normal communication on the intranet.

• NAP clients that do not meet the health policy requirements are classified as noncompliant and have their access limited to the restricted network until they meet the requirements. A noncompliant NAP client does not necessarily have a virus or some other active threat to the intranet, but it does not have the software updates or configuration settings as required by health policy. Therefore, noncompliant NAP client pose health risks to the rest of the intranet. The SHAs on NAP clients can automatically update computers with limited access with the software or configuration settings required for unlimited access.

The example intranet in Figure 1 contains a restricted network. A restricted network can be defined logically or physically. IP filters, static routes, or a VLAN identifier are placed on the connection of NAP clients with limited access to define the remediation servers with which they can communicate.
Because most intranets contain a heterogeneous mixture of computers and devices, an administrator might choose to exempt some computers or devices from health policy requirements. For example, computers running versions of Windows prior to Windows XP and operating systems other than Windows do not support NAP. In a limited access environment, these computers will always have limited access. To prevent limited access for these computers, the administrator can configure an exception health policy on the NAP health policy server; exempted computers are not checked for compliance and have unlimited access to the intranet.

How IPsec Enforcement Works

The following process describes how IPsec enforcement works for a NAP client that is starting on the example intranet shown in Figure 1:

1.  The IPsec Relying Party EC component sends its current health state to the HRA.

2.  The HRA sends the NAP client’s health state information to the NAP health policy server.

3.  The NAP health policy server evaluates the health state information of the NAP client, determines whether the NAP client is compliant, and sends the results to the HRA. If the NAP client is not compliant, the results include health remediation instructions. The HRA sends the NAP client the health evaluation results.

4.  If the health state is compliant, the HRA obtains a health certificate for the NAP client. The NAP client can now initiate IPsec-protected communication with other compliant computers using its health certificate for IPsec authentication, and respond to communications initiated from other compliant computers that authenticate using their own health certificate.

5.  If the health state is not compliant, the HRA does not issue a health certificate. The NAP client cannot initiate communication with other computers that require a health certificate for IPsec authentication. However, the NAP client can initiate communications with remediation servers to correct its health state.

6.  The NAP client sends update requests to the appropriate remediation servers.

7.  The remediation servers provision the NAP client with the required updates for compliance with health requirements. The NAP client updates its health state information.

8.  The NAP client sends its updated health state information to the HRA and the HRA sends the updated health state information to the NAP health policy server.

9.  Assuming that all the required updates were made, the NAP health policy server determines that the NAP client is compliant and sends that result to the HRA.

10.The HRA obtains a health certificate for the NAP client. The NAP client can now initiate IPsec-protected communication with other compliant computers.

How 802.1X Enforcement Works

The following process describes how 802.1X enforcement works for a NAP client that is initiating an 802.1X-authenticated connection on the example intranet shown in Figure 1:

1.  The NAP client and the Ethernet switch or wireless AP begin 802.1X authentication.

2.  The NAP client sends its user or computer authentication credentials to the NAP health policy server, which is also acting as a AAA server.

3.  If the authentication credentials are not valid, the connection attempt is terminated.

4.  If the authentication credentials are valid, the NAP health policy server requests the health state from the NAP client.

5.  The NAP client sends its health state information to the NAP health policy server.

6.  The NAP health policy server evaluates the health state information of the NAP client, determines whether the NAP client is compliant, and sends the results to the NAP client and the Ethernet switch or wireless AP. If the NAP client is not compliant, the results include a limited access profile for the Ethernet switch or wireless AP and health remediation instructions for the NAP client.

7.  If the health state is compliant, the Ethernet switch or wireless AP completes the 802.1X authentication and the NAP client has unlimited access to the intranet.

8.  If the health state is not compliant, the Ethernet switch or wireless AP completes the 802.1X authentication but limits the access of the NAP client to the restricted network. The NAP client can send traffic only to the remediation servers on the restricted network.

9.  The NAP client sends update requests to the remediation servers.

10.The remediation servers provision the NAP client with the required updates for compliance with health policy. The NAP client updates its health state information.

11.The NAP client restarts 802.1X authentication and sends its updated health state information to the NAP health policy server.

12.Assuming that all the required updates were made, the NAP health policy server determines that the NAP client is compliant and instructs the Ethernet switch or wireless AP to allow unlimited access.

13.The Ethernet switch or wireless AP completes the 802.1X authentication and the NAP client has unlimited access to the intranet.

How VPN Enforcement Works

The following process describes how VPN enforcement works for a NAP client that is initiating a remote access VPN connection to the example intranet shown in Figure 1:

1.  The NAP client initiates a remote access connection to the VPN server.

2.  The NAP client sends its user authentication credentials to the NAP health policy server, which is also acting as a AAA server.

3.  If the authentication credentials are not valid, the VPN connection attempt is terminated.

4.  If the authentication credentials are valid, the NAP health policy server requests the health state from the NAP client.

5.  The NAP client sends its health state information to the NAP health policy server.

6.  The NAP health policy server evaluates the health state information of the NAP client, determines whether the NAP client is compliant, and sends the results to the NAP client and the VPN server. If the NAP client is not compliant, the results include a set of packet filters for the VPN server and health remediation instructions for the NAP client.

7.  If the health state is compliant, the VPN server completes the VPN connection and the NAP client has unlimited access to the intranet.

8.  If the health state is not compliant, the VPN server completes the VPN connection but, based on the packet filters, limits the access of the NAP client to the restricted network. The NAP client can send traffic only to the remediation servers on the restricted network.

9.  The NAP client sends update requests to the remediation servers.

10.The remediation servers provision the NAP client with the required updates for compliance with health policy. The NAP client updates its health state information.

11.The NAP client restarts authentication with the VPN server and sends its updated health state information to the NAP health policy server.

12.Assuming that all the required updates were made, the NAP health policy server determines that the NAP client is compliant and instructs the VPN server to allow unlimited access.

13.The VPN server completes the VPN connection and the NAP client has unlimited access to the intranet.

How DHCP Enforcement Works

The following process describes how DHCP enforcement works for a NAP client that is attempting an initial DHCP configuration on the example intranet shown in Figure 1:

1.  The NAP client sends a DHCP request message containing its health state information to the DHCP server.

2.  The DHCP server sends the health state information of the NAP client to the NAP health policy server.

3.  The NAP health policy server evaluates the health state information of the NAP client, determines whether the NAP client is compliant, and sends the results to the NAP client and the DHCP server. If the NAP client is not compliant, the results include a limited access configuration for the DHCP server and health remediation instructions for the NAP client.

4.  If the health state is compliant, the DHCP server assigns an IPv4 address configuration for unlimited access to the NAP client and completes the DHCP message exchange.

5.  If the health state is not compliant, the DHCP server assigns an IPv4 address configuration for limited access to the restricted network to the NAP client and completes the DHCP message exchange. The NAP client can send traffic only to the remediation servers on the restricted network.

6.  The NAP client sends update requests to the remediation servers.

7.  The remediation servers provision the NAP client with the required updates for compliance with health policy. The NAP client updates its health state information.

8.  The NAP client sends a new DHCP request message containing its updated health state information to the DHCP server.

9.  The DHCP server sends the updated health state information of the NAP client to the NAP health policy server.

10.Assuming that all the required updates were made, the NAP health policy server determines that the NAP client is compliant and instructs the DHCP server to assign an IPv4 address configuration for unlimited access to the intranet.

11.The DHCP server assigns an IPv4 address configuration for unlimited access to the NAP client and completes the DHCP message exchange.

Source: Microsoft Technet

VMware VMsafe

VMware plans to open its hypervisor to security vendors with a set of APIs that make it easier to protect virtual machines from threats including viruses, Trojans and keyloggers.

Without these APIs, security vendors building antivirus and firewall tools for virtual servers are removed from the hypervisor by several layers and therefore cannot see everything that happens within the virtual environment.

This potentially makes security products less robust than they could be, and creates annoyances for users. For example, a customer might have to install one instance of an antivirus program on each virtual server, rather than let one instance of the program protect all the virtual machines within a physical piece of hardware.

Mware intends to fix that problem with VMsafe, the set of APIs announced.

“Instead of installing and running antivirus on 20 different virtual servers, you just do it once.By giving security vendors more visibility into traffic at the hypervisor level, they will be more likely to catch malware and other types of intrusions before they enter a virtual system, Hochmuth says.

Previously, security software really had no advantage over malware that’s infiltrated a virtualized server, says Parag Patel, vice president of alliances at VMware. The visibility into the hypervisor afforded by the VMsafe APIs gives security software a higher degree of privilege than malware.

The APIs also improve security with more thorough isolation of virtual machines, Patel says.

The 20 vendors developing new security products for use with VMware include Check Point, F5 Networks, IBM, Imperva, McAfee, EMC’s RSA division, Secure Computing, Symantec and Trend Micro. Security products built using VMsafe should be out later this year.

Monitoring a VMware enviroment with vWire

vWire is a a new virtualization management tool that is designed to integrate both monitoring and automation to prevent and resolve problems before they cause downtime.

vWire is built around three key principles: Monitor, Correlate, Act:
* vWire will monitor the health of the virtual infrastructure, including the same level of visibility available in the physical environment.
* vWire will correlate change and configuration data with event data and, in a later release, performance data.
* Finally, vWire gives administrators the ability to act upon events and objects with automation tools like PowerShell.

vWire integrates into the Virtual Infrastructure Client (and the vSphere Client) for ease of use.

With vWire you can monitor the following types of data:

• Configuration data While VirtualCenter is great for setting individual properties, vWire adds the capability to analyze the myriad of configuration properties to determine if they are correct and consistent, and if the configuration can support important capabilities like Dynamic Resource Scheduling (DRS), which leverages VMotion, and High Availability (HA).

• Critical event data. vWire alerts you to critical event issues that are not visible in VirtualCenter, such as:
  • LUN path failures
  • Inaccessible LUNs
  • HA failover events
  • Network link failures
  • SCSI or HBA resets
  • VMs failing to power on

• Change data.When problems occur, the first question virtualization professionals ask is, “What changed?” vWire records a history of changes and displays them in a scrolling timeline, so you can immediately see if a recent change might have caused the problem. VirtualCenter does not capture change history data.
• Actions When issues arise, vWire can take multiple actions including running PowerShell scripts either manually or automatically to respond. You can use the scripts shipped with vWire, can write your own, or can download them for free from the vWire community. VirtualCenter does not provide this functionality.

VMware vSphere

From a co-worker I got a nice presentation, about the big thing in the IT world .VMware vSphere!!vSphere is a new release of ESX Server, you can also call it ESX Server 4.0. VMware named it vSphere reffering to cloud computing , so I will use that name, or the people I know who are involved with VMware, are spanking me .

He send me an excellent presentation about vSphere.I really like it, and hope my readers also do. Any comments are welcome.Thanks Sander .It’s a presentation from the 2009 May 19th meeting courtesy of Tom MacKay at the VMUG.

VMUG vSphere Presentation