/* Partykof: 2010 - Managing information and Technology */
In this blog, I am summarizing some of my work so far and the issues I'm facing everyday in my work as an IT professional.
You are welcome to follow, comment and share with others. If you want to drop me a private note, send me an e-mail


Wednesday, December 15, 2010

Mobile devices - The backdoor to your enterprise

In the past years, mobile devices and smartphones in particular have presented a new threat to the leakage of information from the organization. The CEO's iPhone was lost and his emails are now exposed to the world, or maybe worse, the Sysadmin's blackberry with some passwords or other important data was stolen. Well, there are many ways that can help you assist minimize the risk by remotely revoking or erasing the device, and I am not going to discuss those.
The huge install base of the iPhone and Android devices is very appealing to hostile entities who wish to penetrate your organization's shield and retrieve information or maybe just damage it. Be it Cybercrime criminal or Cyberwar soldiers, these mobile devices have become their gateway to your fortress, and they are not that protected.
Apple offers the iTunes store where you can download thousands of applications for your iPhone. Are these apps secured, well, some are, and most of them are really harmful, well let's just say for the sake of the discussion they are.
Google offers a huge Market place for Android applications, developed under the umbrella of the open source community, which allows a variety of apps which anyone can develop. Are these apps verified as secured, well they might be, but then again their not really checked, not each and every one.
Let's take a simple scenario where an app is checked and it seems secured. But if someone creates two apps that each on its own, is harmful, but when put together on the same device can become hole for the dropper. The dropper, is a payload carrier for hackers to put any kind of code they wish to hijack your device to their needs.
The problem becomes very clear, when you jailbreak an iPhone, in that case, the jailbreak application or its process can leave a hole for that same purpose. It might be later, when you download a cracked app that you can find on Cydia, or maybe the one you downloaded from a torrent site somewhere, can be this mobile Trojan horse.
The next stage will be for this Trojan to collect your stored credentials to gain access to your corporate network, or maybe to place another dropper that will place a Trojan the minute you plug your iPhone to your computer, and their in.

For now there is no real way to identify a jailbreak iPhone remotely, since Apple cannot keep up with the ones who develop it. Some even say that they are silently dropping the SDK that was used for that, which other companies used to develop product that would block it.
There is not much to do around that except be smart. Here are some tips I could think of that might assist in this situation, at least until someone comes up with a solid solution.

  1. Communicate and educate users about these threats, so they will be aware of the consequences.
  2. Set a policy that allows only iPhones that have not gone through the jailbreak process to be connected to your servers.
  3. Consider using an anti-virus application on your mobile devices. 
  4. Recommend that the iPhone will be used for business purposes only – well, as much as possible.
  5. Enforce password access to unlock  these devices.
  6. Purchase and install certified apps only.
  7. Make sure you can remotely disable and wipe the device in case it was lost or stolen.

I guess there are many more that others could think of. If any comes to your mind, you can leave a comment or maybe send me a note and I will include them.




Be safe.
NJ.



 


Friday, December 3, 2010

Naming conventions in IT environment

This post is intended to provide a common set of guidelines useful when handling large number of records in your IT environment, records such as usernames, computer names, devices and other records, by applying some naming convention to these records and explaining the standard settings that will help others understand these conventions and schema. One common way of differentiation between elements is using suffix names, that is if your environment spreads across multiple countries or domain names. The scope of post is related to prefix differentiation which is a problem in local environments or databases.

Not much attention is given to naming convention in the IT environment, especially when starting out small. I remember my first network carried out names of characters from Joseph Heller's novel, Catch-22. At first it was just for fun and it was very easy to remember Yossarian, Milo, Orr, and majorx4 (Major major major major). As my network got bigger, I ran out of funny name to choose, and things started to get complicated. I started using characters from the Greek, Roman and Viking mythology, till it became a nightmare. I had to come up with a method that will help me identify nodes without remembering look-up tables in my head, so I stated looking for some kind of format that later on became very useful when I used an asset management tool.

In large network it is very common to use of some kind of database that holds records. Be it an LDAP (such as Active Directory), Yellow Pages YP/NIS, a DNS, a DHCP or a CMDB. This is why it is necessary to keep in your environment unique values for records such as computer names, usernames, asset tags and email addresses, so you can differentiate between them.

Reasons for using naming conventions:

  1. The need for standards and uniformity
  2. The use of logic to quickly identify objects
  3. Granular differentiation of elements, versions, locating and security reasons
  4. Uniqueness or records, in databases such as IDM, ITAM and others like those mention above
There are many ways you can differentiate between elements, here are some examples.

Physical differentiation – by the location of the object such as:

  • Subsidiary city
  • Building number
  • Floor/Level number
  • Room number
  • Factory line number

Logical differentiation – by the relation of the object such as:

  • Ownership - Owner user, Department, Organization Unit or Cost center
  • Type- Printer, Server, Computer, Switch, Filer, Desktop, Laptop, Phone or Tablet
  • Function – Email, DB, Web or File Servers
  • Permissions – Anonymous, Standard, Administrator user and so
 Figure 1: Physical and Logical differentiation in Top to Bottom view

Here are some examples that might clearly the idea. First examples relate to users and employees names. I'll use my domain as an example but it can be any domain. The primary objective is to have uniformity in the convention when selecting computer names, usernames, email addresses or any other identifies, as they may affect the use in an Identity management tool.
Let's take John Doe For example, let's say that John belongs to our Chicago office, his office is in building A, he works in the marketing group, and he has a laptop, a portable projector and a mobile phone.

His employee name – Should be recorded as John Doe, not john doe, John doe, Dow john, J0hN doW! or any other combination. If you have another John Doe in your company, you may use his middle initial or any other distinguishes.

His user name - Can be set by using his Surname and a first letter from this First name such as doej or the other way around johnd or b adding another identifier, Doej01.
His email address – should be set from his employee name, such as John.Doe@partykof.com.
Notes:

  1. You should avoid using his username as the external email address as it can giveaway his username, which makes it easier for hackers to brute force their way in.
  2. I prefer using the dot (.) to differentiate between first name and Surname and reserve the underscore (_) to differentiate between different names, and the dash (-) for concatenated surnames. For example John_Michael.Doe-Benz@partykof.com
  3. In cases where the user has a very long name, such as John's it might be wise to shorten the email address, JM.Doe-Benz@partykof.com
Now for John's devices, The little background we got might help us decide on suitable names for his devices.

His devices might be named as:

His Laptop - chamkt-doej-lt
His Projector- chamkt-doej-pj
His Mobile Phone - chamkt-doej-mo
I used the following schema:
CH for the Chicago branch
A for building A
MKT for marketing
DOEJ for his username
MO for mobile, PJ for projector, LT his laptop.
Some other devices around John might be:

chamkt-prt1  - his departmental printer
chamkt-plt1 - his departmental plotter
chamkt-fs1 - his departmental file server
cha-sw-core1 - his building network core switches
ch-srv-ex1 - his branch exchange server
Other areas in IT where you can use naming conventions in a similar concept are:

  • Storage Systems – Filers, Aggregates, Volumes, Luns, Folders
  • Storage Networks – Fabrics, Zones, Switches, WWNs, WWPNs
  • Networks – WAN and LAN elements, VLAN, VPN, DMZ, firewalls, Routers, Access Points.
  • Applications - Databases, Tables,
Now remember, these are only examples. You should choose your own schema for your naming conventions as it best suites your organization. There are, however, some basic rules you should comply with.

Basic Rules

  • Avoid using non-alphanumeric characters use only letters (A-Z) and numbers (0-9) in your computer names. Underscores and other characters may cause problems with DNS services.
  • Use up to 15 characters for computer names, as some services such as NetBIOS and WINS are not compatible with more.
  • Avoid using duplicate names, even if they are in different levels which are permitted. In some cases they can cause mix-ups, such as in the case of AD forests and OUs
  • Avoid schemes that will lock you in cases of mergers
  • Although AD supports it, a user name should not contain a space: for example, user name; as many systems do not support it.

Other Guidelines

  • Keep names short and meaningful as possible
  • When using usernames within the computer name, remember to change the computer name when you assign it to a different user.
  • Build your naming conventions in a top to bottom hierarchy, your prefix should start with the top element.

Some References:

  1. Naming conventions in Active Directory for computers, domains, sites, and OUs
  2. Special characters in user ID and passwords

Summary:

Naming records in a consistent and logical way will help distinguish between records in a glance. Naming records according to agreed conventions will make naming records much easier for all IT parties, it will streamline adoption of management application or new systems and allow a simple expansion of your organization.


Monday, August 23, 2010

Server management – In and out of band infrastructure – Part 1


One of the numerous tasks of an administrator is to access and control IT assets across the entire organization, be it inside a local data center or on a remote office.
Located somewhere in the Middle East, I was responsible for a full production corporate data center sited in Santa Clara, CA. and support another engineering data center in Shenzhen China. This drove me to find a solution that will allow me and my group complete access in order to maintain services availability.
Usually the focus on enabling access to a server is based on the criticality of the application running on the server or the service it provides. To deliver the highest possible level of availability, you need to make sure you minimize the down time of a service - First you need to know that it is down, than you should figure out a plan for how to repair it. The time measured between the failure notifications to its repair is called, Mean Time to repair (i.e. MTTR). MTTR should be as short as possible, but it is really defined by two objectives.
  1. Restore time objective (RTO)
  2. Restore point objective (RPO)

Discussing these objectives is a can spread across several posts, but this post can assist with on minimizing the RTO, and deal with normal operation and not only in crisis situations.
For the sake of this discussion I will present in this post several options of connecting to a server for managing it, though in practice, only the options that will allow recovery of the service back to operation should really be implemented. To define which connections you will require, you need to come up with failure scenarios, and which connection will be utilized to overcome these failures.

The connections to a server are divided in to two major categories:
  1. Out of Band infrastructure (OOBI) – utilizes a management channel that is isolated from the data channels.
  2. In Band infrastructure – allowing management through the use of regular data channels, such as Ethernet network, to the managed device.

Figure 1: Server interfaces for management

Out of Band interfaces

  • VGA – This port refers to the display graphics output of the server, it is based on a 15-pin VGA connector to a display monitor just as you would use on a desktop. Together with a keyboard and mouse connected to the server you get a full graphical interface to the manage the local operating system (OS). Some new systems will offer DVI or HDMI interface instead of the VGA port.
  • Modem – A modem is an interface connected to the server, which allows remote dial-in to the server using a different network than the standard data network, it might be a standard telephone line, an ISDN connection or a GSM/UMTS/HSDPA wireless connection.
  • IPMI/BMC – Is a new concept based on a System-on-Chip integrated to the server’s motherboard. It allows an IP based connection to the system, and is independent from the OS status, which means it works even of the OS is down. This interface provides access to the system platform, BIOS settings, remote screen view - graphical or text mode.
  • Serial – Is an interface which allows a connection based on a serial protocol such as RS-232, which provides access to the system console; a legacy device such as Digital’s VT100 could provide a basic terminal interface, usually text based for performing administrative tasks to the local system.
  • USB – The USB interface is utilized in several ways, either by connecting the Keyboard and mouse in VGA mode, or connecting an external Modem or a remote managed UPS which can be used to power down the system.
  • Power – “He who controls the power control the device”. Power is the fundamental element for every electronic device. If you can power on or off the device, you have basic management over it. Such as in the case of remote routers which are not responding.
  • Vendor Specific – Major vendors developed dedicated interfaces to manage their appliances or devices. These implementations vary from on board solution such as Oracle’s (Sun) LOM, HP ILO or dedicated additions to the system such as IBM’s RSA card or Dell’s DRAC.
In band interfaces
  • Ethernet – Using the system’s network interface, the operating system could run an application that provided management capability for the system OS and its hardware platform. From the simple network management protocol (SNMP), Telnet, SSH, a full graphic Remote Desktop Connection (RDP), VNC or in some cases a vendor propriety agent, such as IBM Tivoli or BMC PATROL.
  • IPMI over Ethernet – In some cases, hardware manufacturers will use the Ethernet interface to provide access to the hardware platform’s System-on-Chip. It will be assigned with a different IP address in case the OS fails. This solution is very useful in dense environment and is used to save cables, switches or ever ports on the actual hardware. What it gains in saving it loses in security, as some will advise the need for a separate management network to limit access.

Connecting a single server to different kind of management interfaces can contribute a lot to the cable sprawl in your data center.

A sample for a complete solution would look something like this: (keep in mind that this is for a single server)

   Figure 2: A single server management architecture

Keeping track of every server and the different ways to connect to it, is becoming a very difficult task. Just try to imagine it; you keep a table of the users, and the password, the IPMI IP addresses, the modem extensions, the power switches and the VGA monitors, for each connection. This can become a real headache.
Fortunately, there are many great solutions available today by vendors such as Avocent, ATEN,  MRV and many more, that allow us to minimize this sprawl. Solutions such as multiplexed KVM switches, Serial console servers and even an IPMI portal.
In my next post - Server management – In and out of band infrastructure – part 2, I will cover such solutions.

-Nir


Friday, July 30, 2010

Troubleshooting problems in linux, based on a sample for DD-WRT web GUI not responding

In this post I am going to present a sample troubleshooting procedure for a linux box, where the web interface suddenly stop responding after few weeks of normal operation. I will present the use of basic tools embedded usually in any linux box, and an external monitoring tools based on MRTG.

I use a Linksys WRT54GS wireless router running DD-WRT v24-sp1 mega firmware. It is a small appliance that is based on Broadcom BCM4712 chip and is running a scale down linux OS. Since I installed this version I noticed that once in a while I am unable to access the web interface of the router. The simplest solution was to power cycle the router by unplugging its power plug out, but that meant getting to my router which sits in somewhere in the attic.  I decided to try and figure out what was it that was causing that.

First, I configured SSH access to the router, so I would be able to remotely connect to it, and reboot it in case I needed to. I also configured SNMP monitoring for it, to collect statistics of its performance.
Once the problem reoccurred, I was able to connect to the router and run a simple top command to see what processes are running and see if it can help me figure out the problem.

Figure 1: Console view of top output

Immediately I've noticed that the router load is high, and the process that is causing that was the web server daemon, httpd which was consuming 98.2% of the cpu.
Wondering when the problem started I turned to the RRD graph and noticed that it has been going on for more than 3 weeks, at the beginning of week 28.


Figure 2: Weekly view of router CPU load

In Figure 2, you may clearly notice that the router load has dramatically changed above the load value of 1, which means that the CPU was working at 100% and was queuing processes, which in turn means performance degradation.
I tried correlating the problem to memory or traffic incident at the time the problem started. Figure 3, shows the memory utilization of the router and Figure 4 shows inbound and outbound traffic on the router WAN bridge.


Figure 3: Weekly view of router memory usage
 

Figure 4: Weekly view of traffic on WAN interface

Looking at the beginning of week 28 of both graphs, I found no relation to any issue at the time the problem started or that these parameters would cause this problem.

Another point that might cause an effect is the system's disk capacity, but in such a small router, the whole file system is always presented as 100% full, so this would not present an indication for a problem.

With no luck figuring out the cause of the problem, but only the symptom, I googled it, and guess what, it is a know issue. According to others in the DD-WRT community, the problem is caused from using intensive P2P services, but currently there is no resolution for it, but to use the Mini firmware version.
Since I need the Mega firmware version for VPN and VOIP, I cannot afford to downgrade my router. So the best way is to live with it. To make life easier, I wrote a small script that I can run remotely that will restart the web service, without even having to interactively login to the router.
   #! /bin/sh
   stopservice httpd
   startservice httpd 



You can view a nice reference for doing this procedure in this Link

In summary, although this is only a small linux box, or a router, the basic procedure to identify a problem or its symptoms are the same, you should look at the system at normal operation and compare any irregularity to that steady state. The use of MRTG tools to collect statistics for reference is very important and useful for troubleshooting or capacity planning.

-Nir

IBM acquires Storwize, A real-time in-line lossless data compression

A new announcement is spreading across all storage magazines saying that IBM announced today that it has decided to acquire Storwize which provides real-time data compression technology.

About Storwize
Storwize, headquartered in Marlborough, MA, with an R&D office in ISRAEL, provides online storage optimization through real-time data compression. Storwize's Random Access Compression Engine™ (RACE), applied in its STN appliances, transparently (in-line) compress primary storage up to 80 percent. They promise random access and deterministic, lossless data compression with no reduction in performance.

Key Values
The Storwize solution value is based on three issues.
  1. It is based on existing industry LZ compression algorithms, such as the one being used in standard tape backup operation, but its revolutionary idea is that it does it in real-time with no data loss.
  2. It is very simple to deploy; it is a plug&play solution that is seamless to day to day operation, installed in less than 30 minutes. Compression can begin immediately for new data; old data is compressed seamlessly over time.
  3. It presents immediate ROI - it allows a significant saving from day one and enables bigger operational capacity in storage and performance with current investment. 
 Figure 1: Typical Storwize solution

Advantages with current storage investment 
  • An implementation of the Storwize solution will provide the following benefits. 
  • Compress the data on existing network storage systems and save the next disk purchasing investments.
  • Compress data going in to the storage systems, which means it will extend the performance capacity of the current systems to a longer periods and delay the acquisition of such systems.
  • Immediate boosted to user experience will be as a result of this reduction of load on the storage system.
  • Reduce the need for users to sort, delete or compress their files and keep up with their current quota, hence freeing users from tedious tasks, and focusing on real work. 
  • Recovery time from tapes will be reduced dramatically, as less data will be transferred from the tapes to the disks. 
  • Power saving - Green computing - when using less disks to store compressed data, you save the power of the disks shelves that were needed for the uncompressed capacity. 
  • Smaller footprint - Floor space savings, when using less disks shelves, you delay the need to expand the expensive data center floor space. 

Risks to consider 
As any new solution to be integrated in to your computer environment and being it relatively new technology on the market it presents several risks that must be address or at least be aware of.
  • The appliance is placed in-line between your network switch and the storage system, which means it is another failure point in the critical path of your environment. -Precaution: Make sure you deploy Storwize’s fault tolerant solution to avoid single point of failure.
  • Overlooked compressed configuration could result in data loss  - Precaution: Set configuration control procedures and change management to avoid faults. 
  • Introduction of a totally new system with no prior experience  - Precaution: Seriously consider holding training sessions for IT personnel who will manage this environment. 
  • Scale out lockdown when using Storwize solution with new NAS technologies. No support for global/shared name space - Precaution: Consider deploying this solution on isolated controllers at least until Storwize offer a solution for Persistent namespaces. 
Conclusion 
With over 18 months of experience of working with this solution, I can say, the results it presented were great. I noticed a very good compression ratio of typical data on the storage systems, while presenting performance improvements. Some configuration issues were discovered early in the deployment however they were immediately resolved by Storwize.  This solution is indeed revolutionary in its concept and the results. It presents many advantages and some risks which should be addressed as advised if this solution is to be considered.

-Nir

Tuesday, July 20, 2010

Configuring a server for optimal performance


The preceding posts have illustrated the major building blocks that effect server configuration; I explained the importance of each one and the priority of adding it to the system.
If you missed them you can check these links:
In this final post of server configurations, I will present examples of configurations and areas where they should be applied.

Major Configurations
The configuration of a server is derived from its target application requirements. There are four major configurations

  1. Maximum Performance 
  2. Balanced Performance 
  3. Maximum Capacity 
  4. RAS configurations

Maximum Performance 
    This configuration is intended to get the maximum CPU frequency, and maximum memory bandwidth. It usually uses low count of memory, as you populate only one DIMM per channel (i.e 6 DIMMS overall). The common use for such servers is for High Performance Computing ( HPC) in research organization, Oil & Gas industry and Chip Design.  
 Figure 1:  Maximum Performance

Best configuration at the time of publishing this post:
  • CPU - Intel Xeon X5680 (3.33GHz), 6 cores per processor.
  • Memory - 6 PC3-10600 DIMMS (such as Kingston KVR1333D3D4R9SK3/24G) to allow 48GB of RAM, at 10.6GB/s bandwidth to memory.

  Balanced Performance 
    This configuration is focused on getting a balanced configuration between the maximum CPU frequency, and maximum capacity of memory. It usually uses medium count of memory, up to 96GB per host. The common use for such servers is for virtualization and other standard enterprise applications.  
 Figure 2:  Balanced Performance

Best configuration at the time of publishing this post:
  • CPU - Intel Xeon X5680 (3.33GHz), 6 cores per processor.
  • Memory - 2 DPC, 12 PC3-8500 DIMMS (such as Kingston KVR1066D3Q8R7SK3/24G) to allow 96GB of RAM, at 8.5GB/s bandwidth to memory. 

  Maximum Capacity
    This configuration is focused on getting a configuration that will support the maximum capacity of memory, with a considerable compute power. It usually designed to use as much as 144GB of RAM per host  ( 296GB with the upcoming 16GB modules). The common use for such servers is for very large scale database servers.  
 Figure 3:  Maximum Capacity

Best configuration at the time of publishing this post:
  • CPU - Intel Xeon X5680 (3.33GHz), 6 cores per processor.
  • Memory - 3 DPC, 18 PC3-8500 DIMMS (such as Kingston KVR1066D3Q8R7SK3/24G) to allow 144GB of RAM, at 6.4GB/s bandwidth to memory. 

 RAS Configuration
    RAS stands for Reliability, Availability and Serviceability.  Although the ECC technology offers error correction, it does not provide any failover capability. Replacing a DIMM in case of failure requires a power down of the system. The RAS configurations offer three memory protection options:
    1. Online spare memory mode
    2. Mirrored memory mode
    3. Lockstep memory mode
       
              This configuration uses only two out the three channels.

     Figure 4:  RAS configuration

       Online spare memory mode
        In this mode, one of the channels is designed as spare. This channel is not used in normal system operation. If a working DIMM exceeds the threshold of correctable memory errors, the system switches to the standby channel and the faulty channel is taken offline. 
         
         Mirrored memory mode
        In this mode, the same data is written to each channel and the read is alternated between the two channels. If a working DIMM exceeds the threshold of correctable memory errors in one of the channels, the faulty channel is taken offline and the system switches to using only one channel. 
         

         Lockstep memory mode
        This mode uses two memory channels at a time, and the work as a single channel. Each read and write operations moves a data word two channel wide. To provide double 8-bit error correction within a single DRAM. This mode is the most reliable but it reduces the maximum memory capacity as the third channel is not used.

      Summary
      By now you should have the tools to configure your server for the optimal performance you will need for your application. You should focus on the application's memory requirements and start from that point to configure how much memory you should use and in which configuration of ranking and population.

      -Nir

        Monday, July 19, 2010

        Populating DIMMs considerations, Order and Ranks

        The Nehalem and Westmere platforms offer a wide variety of DIMM configurations. Some of the various DIMM configurations are shown below

        Feature
        Values
        Number of DIMMs 1,2 or 3
        Number of DIMMs slots per channel 2 or 3 DIMM Slots
        Number of DIMMs populated per channel 1,2 or 3 DIMM per channel
        DIMM Frequencies DDR3-800, DDR3-1066, DDR3-1300
         Table 1:  DIMM Configurations

        Populating DIMMs within a channel

        When populating DIMMs in a three slots per channel configurations, a “fill-farthest” approach is used, meaning, the farthest DIMM from the processor is used first. If a Quad-rank DIMM is used, it should be populated first.
        Figure 1:  DIMM Population within a channel

        DIMM population in an 18 DIMM slots configuration

        CPU1
        CPU2
        Slot Number
        Population Order
        Slot Number
        Population Order
        Channel1
        1
        G
        1
        G
        2
        D
        2
        D
        3
        A
        3
        A
        Channel2
        4
        H
        4
        H
        5
        E
        5
        E
        6
        B
        6
        B
        Channel3
        7
        I
        7
        I
        8
        F
        8
        F
        9
        C
        9
        C
         Table 2:  DIMM Population in 18 DIMM Slots

        Additional population requirements
        1. All DIMMS must be DDR3 DIMMs.
        2. The 5600 series support low voltage DDR3 memory (DDR3L) 1.35V, the 5500 supports only 1.5V, if mixed they will work at 1.5V.
        3. Mixing Registered and Unbuffered DIMMs is not allowed.
        4. The maximum supported speed is defined by the BIOS and not the DIMMs
        5. Mixing different timing DIMMs will force the operation at the slowest DIMM for both processors.
        RDIMM Ranks population in a three slots per channel configuration

        Configuration Number
        Max Speed
        DIMM2
        DIMM1
        DIMM0
        1
        DDR3-1333
        -
        -
        Single-rank
        2
        DDR3-1333
        -
        -
        Dual-rank
        3
        DDR3-1066
        -
        -
        Quad-rank
        4
        DDR3-1066
        -
        Single-rank
        Single-rank
        5
        DDR3-1066
        -
        Single-rank
        Dual-rank
        6
        DDR3-1066
        -
        Dual-rank
        Single-rank
        7
        DDR3-1066
        -
        Dual-rank
        Dual-rank
        8
        DDR3-800
        -
        Single-rank
        Quad-rank
        9
        DDR3-800
        -
        Dual-rank
        Quad-rank
        10
        DDR3-800
        -
        Quad-rank
        Quad-rank
        11
        DDR3-800
        Single-rank
        Single-rank
        Single-rank
        12
        DDR3-800
        Single-rank
        Single-rank
        Dual-rank
        13
        DDR3-800
        Single-rank
        Dual-rank
        Single-rank
        14
        DDR3-800
        Dual-rank
        Single-rank
        Single-rank
        15
        DDR3-800
        Single-rank
        Dual-rank
        Dual-rank
        16
        DDR3-800
        Dual-rank
        Single-rank
        Dual-rank
        17
        DDR3-800
        Dual-rank
        Dual-rank
        Single-rank
        18
        DDR3-800
        Dual-rank
        Dual-rank
        Dual-rank
         Table 3:  DIMM RANKS Population in 3 slots per channel
        This concludes all the basic elements we need for configuring the perfect server.

        -Nir

        Monday, June 21, 2010

        Intel Xeon 5600 (Westmere) family

        In the series of posts related to server configuration I reviewed the memory configuration for optimal performance. I figured that a short introduction to the 5600 family would be useful to better understand the considerations that will follow in my next post.   

        About the Xeon 5600
        Part of Intel Tick-Tock cadence, The Intel Xeon 5500 (Nehalem) was shrink and replaced by Intel Xeon 5600 (Westmere) family, to be followed by Sandy Bride next year which will introduce a new microarchitecture.
        The 5600 is based on the new 32nm process used in chip manufacturing and offers better performance at lower power consumption.

        The 5500 and 5600 series introduced a new concept in the Xeon family, they integrate a DDR3 memory controller, that allows via 3 channels, a direct connection to a dedicated memory, up to 3 DIMMs per channel. It also includes a link controller that handles the communication with the neighbor processor in what Intel calls QuickPath interconnect (QPI). the QPI allows up to 6.4GT/s in each direction per link.

        For virtualization it includes the Extended VT-x, VT-c and the VT-d technologies.
        The storage interface include a 6 ports SATA2 with software raid5.

        Intel introduced to these processors a new acceleration technology called, Turbo Boost Technology, which automatically allows the processor to run faster then the marked frequency in cretin conditions. The max turbo boost frequency is dependent on the number of active cores within a processor.
         Figure 1: Xeon 5600 DP architecture
        The Xeon 5600 platform advantages  
        • Higher clock speeds
        • More cores
        • More cache
        • More memory
        • New instructions
        • Supports Low voltage DDR3 (LDDR3)
        The Xeon 5600 is available in the following configurations:
        Processor Model
        Processor
        Base
        Frequency
        Cores
        L3 Cache
        Power
        Intel ® QPI Speed
        Max Turbo Frequency
        Number of Threads
        X5680
        3.33 GHz
        6
        12MB
        130 W
        6.4 GT / s
        3.6 GHz
        12
        X5677
        3.46 GHz
        4
        12MB
        130 W
        6.4 GT / s
        3.733 GHz
        8
        X5670
        2.93 GHz
        6
        12MB
        95 W
        6.4 GT / s
        3.333 GHz
        12
        X5667
        3.066 GHz
        4
        12MB
        95 W
        6.4 GT / s
        3.466 GHz
        8
        X5660
        2.8 GHz
        6
        12MB
        95 W
        6.4 GT / s
        3.2 GHz
        12
        X5650
        2.66 GHz
        6
        12MB
        95 W
        6.4 GT / s
        3.066 GHz
        12
        L5640
        2.26 GHz
        6
        12MB
        60 W
        5.86 GT / s
        2.666 GHz
        12
        L5630
        2.13 GHz
        4
        12MB
        40 W
        5.86 GT / s
        2.4 GHz
        8
        L5609
        1.86 GHz
        4
        12MB
        40 W
        4.8 GT / s
        1.866 GHz
        4
        E5640
        2.66 GHz
        4
        12MB
        80 W
        5.86 GT / s
        2.933 GHz
        8
        E5630
        2.53 GHz
        4
        12MB
        80 W
        5.86 GT / s
        2.8 GHz
        8
        E5620
        2.4 GHz
        4
        12MB
        80 W
        5.86 GT / s
        2.666 GHz
        8
        Table 1: Xeon 5600 configurations
        Notice the interesting low voltage processors that are available in 40 and 60 watt versions. One possible application is to use them in a passively cooled chassis (i.e. without fans). 

        Now that we've got the understanding of these basic elements, it is time to put things in to practice. In my next post we'll start configuring the idle server.