Virtual Servers - gotta love 'em, gotta hate 'em.

If you ever have to support a large number of dev and test servers in your IT environment and have found yourself frustrated with the administrative and technical overhead, a virtual machine architecture might be for you. It's all the rage these days, but (trust me on this one, I should know) there's lots of ways to de-optimize (read: screw up) a virtual machine/server environment. To make it work effectively, there are a few things that you need to know and do to make your environment hum like a well-oiled (virtual) machine.

The problem is, until recently there has been relatively little prescriptive architecture for using virtual environments for specific test environments. In the case of Microsoft Virtual Server, there is now a reference architecture and detailed documentation that you can take advantage of by just downloading the documents:

Windows Server System Reference Architecture Virtual Environments for Development and Test (WSSRA-VE) can help large organizations and enterprises create environments for development and testing that emulate their own production environments. The guidance describes the architectural blueprint, planning considerations, deployment practices, and operational considerations for creating and supporting a virtualized instantiation of the Windows Server System Reference Architecture. It leverages the power of Virtual Server 2005 and automated deployment and configuration tools to minimize the physical infrastructure and logistical overhead necessary to deploy emulations of various data center services.

Like WSSRA itself, the WSSRA-VE is intended to aid users in their own effort to model their operational environment and condense it to a scale that can be representative of the infrastructure integration challenges facing developers and testers of distributed, message-based applications and IT services, and still be inexpensive and relatively economical to build and use throughout a large-scale IT organization.

I had a layover at the Denver International Airport for several hours today, so I called my mom, who lives over near Boulder. She jumped in the car and drove over to the airport for coffee and lunch.

The Pur la France chicken pot pie in the main terminal upper level is highly recommended. And so are those deals where they announce they have over-booked and will give a round trip ticket to anyone who will volunteer to take the next flight. I got lunch with my mom, a free round trip ticket, first class seat for no extra charge on the next flight, and on top of that I am able to work right now in the airport during business hours instead of being on an airplane during the time that counts. So I was able to test a very cool new demo version of one of our security software products and test market it to my mom. She provides good feedback.

I sent her a Logitech Quickcam Pro the other day so we can do video instant messaging and calls with Live Messenger v8, and I was showing her how to use the notebook camera I bought for my end of the connection. That's her right there, snapshot taken with my notebook Logitech cam (which is a great little camera).

Well, off to North Carolina... Then back home to Portland.

Security training - especially good, quality training - can be hard to come by without traveling somewhere and paying some hefty class fees. That's why my eyes opened wide when I found the Carnegie Mellon University/CERT Virtual Training Environment, which has a whole slew of great documents, tutorials and other resources that can enable anyone to learn a whole lot about computer, network and application security and forensics.

The Virtual Training Environment (VTE) is a Web-based knowledge library for Information Assurance, computer forensics and incident response, and other IT-related topics. VTE is produced by the Software Engineering Institute at Carnegie Mellon University.

What specifically is available? The VTE houses four types of training materials:

• Documents: Whitepapers, handbooks, instruction guides, and other written material related to one or more IT topics such as information assurance, computer forensics, or incident response.
• Demos: Demos are narrated recordings of instructor’s desktops. They enable users to watch and listen as an instructor describes the activities he or she is performing on a particular machine or piece of software.
• Lectures/Modules: Modules are actual class instruction that has been video captured and transcribed. Modules are synchronized to a PowerPoint slideshow. Users can navigate through the module using the slide title or using VCR-like controls.
• Labs: Labs are hands-on training exercises in IT-related topics using virtual machines. Each Lab has an accompanying walkthrough document and can be reserved and ‘taken’ using the browser.

All of the materials except the labs are available to the public, without having to sign up or anything. The hands-on labs are available only to organizations that have a relationship set up with CERT. There's not any obvious information on the site that indicates how to establish that relationship. but I did a Google search and found a brief announcement on the Carnegie Mellon University site indicating that emailing the VTE support email address (which is available on the VTE site link, below) is the way to find out more.

Access the CERT VTE at: http://vte.cert.org/

The Microsoft Download Center has a new audio podcast available (MP3 and WMA formats are listed) titled "How Microsoft IT Implements Encryption Using SQL Server 2005."

Podcasts appear to be a new thing there (first one was posted on January 19th), although I am not sure the technical name of "podcast" is accurate in this case, since I don't find a RSS Subscription feed anywhere that points to the files, and that's kind of half of what makes it a podcast. If anyone can find a RSS feed for these, please let me know.

But at any rate, there's some good content there. If you're an IT pro looking for some good drive time geek out audio, click here to search for podcasts on Microsoft Downloads. I'm grabbing "Podcasts: How Microsoft Information Security Protects Critical Information Assets" for my flight to North Carolina on Monday. Between that and the Battlestar Galactica season one video, I think I'll have plenty of content to keep me busy between powerpoint deck edits.

(via Chris Pirillo)

Dude. You think Robert Hamburger's the bomb? (You're right if you do, by the way)

Well then you MUST check out the Ask a Ninja video podcast blog thingie.

"You've got questions. Ninja's got answers."

Go here, don't delay: http://askaninja.blogspot.com/

Hahah. Sweet, super sweet. You can also subscribe to the video podcast in iTunes.

CNN has an article that covers the 25 worst words you can use in your resume. Why are they so bad? In a nutshell, because:

a) everyone uses them, so there's no originality, and
b) they don't really mean anything

Seriously. Read the article and then do something about it. I've looked at a couple hundred resumes in the past month or so and this article is spot on. Good advice that needs to be read by all.

Resumes are (or, rather should be) about standing out from the crowd on the merits and saying something real, so take the time to do it well. That's what the potential employer is looking for.

Oh, and never be your own resume editor. Always rely on a hard-core, ruthless and smart copy editor to point out your flaws. And if that makes you uncomfortable, find a therapist or trusted friend to help you with that character problem and you'll not only get over that hump, you'll also probably interview better.