The VM Shielding Repair Garage – Part 1

I’ll preface this blog by saying that if you’re here to learn the basics of VM Shielding then this probably isn’t for you. If you’re already familiar with the concepts of VM Shielding and Guarded Fabrics and want to learn more about how to recover a stricken Shielded VM, then read on!

One of the core concepts of a Shielded VM is that a fabric admin should not, cannot, and will not ever be able to gain access to a tenant VM for any reason. This is brilliant from a security perspective (and unique feature in Hyper-V 2016 compared to all other hypervisors/public clouds), but when it comes to troubleshooting can definitely raise a few eyebrows.

I often get asked why we can’t just temporarily un-shield and then re-shield a VM after troubleshooting, and the answer is that this fundamentally breaks the trust model of VM Shielding as that VM could not ever be trusted to be uncompromised, so that’s not a feature or function available.

So if a tenant borks the networking in their VM, or reboots it and it fails to come back up, or it crashes, or a whole plethora of other scenarios happen that breaks remote access over RDP, SSH and the like, then originally your only option would be to restore from backup.

Thanks to the advent of nested Hyper-V however, we have a new option available to us which empowers the tenant to repair a VM themselves, without ever compromising the trust model of it being Shielded.

Enter: The Repair Garage. All scripts referenced in this blog are available through this link, unless otherwise specifically noted.

The Repair Garage concept allows a tenant to bring a Shielded VM inside another Shielded VM which is also a nested and guarded Hyper-V host, un-shield it, console on to the stricken VM and repair it, re-shield it, and return it to the main fabric, all without it ever being exposed to the fabric admins at any time.


Ok, it’s a theory, but there aren’t exactly a plethora of Guarded Fabrics available in the world to test it on – fortunately we have a production-ready and fully featured TP5 one at our disposal, from TPMv2 to WAP, so testing-ho!
For this testing we have set up a three node Hyper-V cluster of Dell R630s, each host fitted with TPMv2 chips, set up as a Guarded Fabric managed by VMM2016TP5, and actively able to run fully Shielded VMs.

Within this environment we set up a new Cloud for the purposes of testing, and enable it for VM Shielding, then deploy a VM that we presciently name ‘Stricken VM’.

As expected, I can RDP to the VM using my signed RDP file.

Once connected over RDP, I disable the NIC in order to ruin my access to it. At this point, there is no way to regain access to the VM through traditional means, be it Console, PowerShell Direct, or other.

As we see, I as a Fabric Admin cannot console on to the Stricken VM to repair it. Oh balls.

The first stage in recovering this VM is deploying a new Shielded VM to function as a nested Hyper-V host, or a ‘Repair Garage’ as Microsoft term it.

IMPORTANT: These VMs need to be connected to the same vSwitch and on the same Host.

If Nested Virtualisation isn’t enabled on your host, enable it with bcdedit /set {current} hypervisorloadoptions OFFERNESTEDVIRT and reboot.

Please, please, please, make sure that your Repair Garage VM has all available updates installed. If it doesn’t, there is a very high chance that it will all go tits up later on.

Next we enable Nested Virtualisation on the Repair Garage VM using the script at

We can check whether all is set up correctly using the following script on the host:

Our Repair Garage is indeed ready to be a nested virtualisation host, so onwards we go!

On the host, run the script StartShieldedVMRecoveryOnFabric.ps1 as an Administrator.

The process kicks off, and you hold your breath…

… and it fails. Every time for me. Until I realised that the script is dependent on your Stricken VM’s disk being Dynamic, not Fixed, so a quick convert to Dynamic later and we’re up and running again…

Note that at line 78, the script attaches an exported version of the Stricken VM’s OS drive to SCSI Controller 0, Location 1 of the Repair Garage. If you have an ISO or data disk attached to your Repair Garage, this will cause it to fail as the slot will be occupied.

If all goes well, you should get this output:

… and you can hopefully see the recovery VHDX attached to the Recovery VM.

Taking on the role of the tenant now, I RDP into the Repair Garage VM and check that the recovery disk is attached and offline.

Next, we run the PrepareShieldedVMTroubleshooting.ps1 script from the documentation, which will do a whole lot of stuff which will result in the Stricken VM starting as a VM nested within the Shielded Recovery Garage. In theory. The script claims to install Hyper-V on the Repair Garage VM, but it doesn’t, so install that manually first and reboot, then wipe your brow when you can RDP back in successfully.

Next we run the PrepareShieldedVMTroubleshooting.ps1 script provided in the documentation, grit our teeth, pray to the old gods and the new, and again breathe a sigh of relief when it succeeds.

This brings the data disk online…

… imports the VM into Hyper-V in the Repair Garage…

… creates C:\Certs, and populates it with a temporary recovery guardian certificate and a key protector file.

These should be copied to the Hyper-V host on which the Repair Garage and Stricken VM reside, after which we run the ‘GrantShieldedVMRecoveryGuardian.ps1’ script, which should generate a new Key Protector, but unfortunately at this stage it fails.

I’ve spent some time troubleshooting this and haven’t been able to make any headway yet – it fails at the point in Grant-HgsKeyProtectorAccess (in HGSClient module) where it passes Key Protector and Guardian info to the MSFT_HgsKeyProtector Class to Grant access, and from debugging all fields are being correctly populated and passed, unfortunately it’s failing with this Index out of range error every time.

So a few lessons learned so far, and I’m confident part 2 will see this resolved and then on we push as there are but a few steps left 🙂

What is Azure Stack?

I suffer from what is probably a common affliction in our field – I assume that everyone reads the same articles, attends the same webinars, and goes to the same conferences as me. Over the past few weeks though I’ve had to answer the titular question quite a number of times, I’ve also been asked a few times when we’re upgrading our Hyper-V/WAP platform to Azure Stack, so figured it worth writing a short blog on the subject.

To understand Azure Stack, you first need to understand a few fundamentals about it:

  • Azure Stack is not an upgrade to Hyper-V – it’s a whole separate product, however…
  • Azure Stack does make use of Hyper-V 2016, and…
  • It runs on top of Storage Spaces Direct…
  • … but it cannot run on an existing Hyper-V environment. It’s a greenfield installation.
  • Critically, Azure Stack is Azure. Not Azure-lite, not Azure-like, not an imitation, it’s Azure.

Not virtualisation plus, not an abstraction of System Center, Azure Stack is the Azure codebase slightly tweaked to run in smaller environments. Azure Stack is Cloud.

More than that, Azure Stack is the fulfilment of a multi-year old promise from Microsoft – true hybrid cloud. Whether you consume Azure from your own datacentre, from a service provider, or from Microsoft, the experience is the same, your applications will work the same

This is utterly unique and compelling capability. It draws back the veil on Azure, increases knowledge and confidence in that platform, and democratises cloud in a way not just that no one else is doing, but in a way that no one else is capable of doing.

Finally in Azure Stack the term ‘Cloud OS’ makes sense. If you think about the Windows operating system, you can buy a laptop, or a desktop, or components to build your own PC as you please. Your hardware can be super-powerful and enable extra functionality in Windows, or it can be lightweight and cheap and use a core of base functionality. Whatever hardware you run it on though, Windows is consistent, and applications written for it (assuming the hardware is capable) will work.

Azure is the Operating System for Cloud.

You can deploy your own Azure Stack on-prem, you can consume it from a service provider, or you can take it direct from Microsoft’s hyperscale cloud, and the experience is the same. Your choice now that drives the decision of where your applications run comes down to cost model, scale requirement, regional or global needs, latency, support, vertical integration of applications, and so on.

Critically, in just the same way as you have choice in your hardware vendor for your computer – moving between Dell, Microsoft, HP, Lenovo et al at will with Windows being the point of consistency, Azure enables simple movement between providers depending on your wants and needs at the time, with the knowledge that your applications will continue to work, and won’t require conversion or re-architecture.

This is a weird concept, but I think it’s an important one – architecting for Azure, using your DevOps tools of choice, removes the risk of vendor lock in. The vendor here isn’t Microsoft, it isn’t Azure – Azure is the cloud operating system, the vendor delivers Azure.

Azure Stack doesn’t replace Hyper-V

Let’s get this straight – to me, Hyper-V 2016 is a more capable IaaS platform than Azure Stack. We have the same software defined networking stack in Azure Stack and Hyper-V 2016 now, and all the same cost/performance benefits inherent in Storage Spaces. Importantly, because Azure Stack is Azure Consistent, there are capabilities inherent to Hyper-V 2016 that it cannot make use of. If a feature doesn’t exist in Azure, it doesn’t exist in Azure Stack – consistency is king, and needed to ensure guaranteed portability of applications. That means that IaaS in Azure Stack misses out on…

Generation 2 VMs

VHDX and Shared VHDX

Shielded VMs

Encryption Supported VMs


Secure Boot

SCSI Support

Faster boot times

… and probably more that I’m forgetting. Additionally, because Azure Stack is Azure, VM sizes can only be consistent with those in Azure. Hyper-V 2016 remains a much more flexible platform for pure virtualisation and running existing workloads. This means that until these features are available in Azure, they won’t be available in Azure Stack, and Hyper-V will remain the more capable virtualisation platform.

Even once those features come to Azure, if they do, a cloud platform may not be the right place for some workloads – much in the same way as some workloads still benefit from running on physical servers vs virtualised, some workloads are best suited to running on a traditional virtualisation platform.

Virtualisation is not cloud. Cloud is a leap step beyond virtualisation.

Finally, in some ways Azure Stack actually improves upon Azure. We have choice in our storage – we can put whatever (supported) combination of NVME, SSD, and HDD we want in our Azure Stack servers, delivering consistent storage performance in a way which public clouds just don’t. Azure (and other public clouds) have no concept of live migration – if a host goes down, the VMs on it go down. This is not true in Azure Stack, as it can make use of Hyper-V live migration, so we get better individual VM SLAs by default.

This is actually a key concept in Cloud – architecting for application resiliency so individual VM availability doesn’t matter, so it’s interesting that it’s not as important in Azure Stack. One of many thoughts to ponder.

So then – what is Azure Stack?

Azure Stack is Azure.

Azure Stack is the fulfilment of the hybrid cloud promise.

Azure Stack significantly mitigates the risk of cloud-vendor lock in.

Azure Stack makes Azure the ultimate developer-first cloud platform.

In my opinion, Azure Stack is the most revolutionary advancement in the cloud industry since the formation of the cloud industry.

We are so used to caveats and limitations in on-prem and service provider hosted platforms vs the hyperscale clouds that it’s almost a shock that we now have the same capabilities available to us. Now we can use hyperscale where hyperscale makes sense, use regional when regional makes sense, and use local when local makes sense.

True, beautiful, capable, hybrid cloud. This is the promise of Azure Stack. Let’s just not fuck it up now.

Scotland’s Best Employer 2015

I’m delighted to be able to say that brightsolid has been awarded both Scottish SME Employer of the Year and overall Scottish Employer of the Year in the annual Business Insider Scotland’s Best Employer awards 2015. I had the honour of accepting the award on behalf of brightsolid. This is especially pleasing as it happened the evening before we opened our new Tier3+ data centre in Aberdeen!




Lessons in Failure: The Rubik’s Challenge

Chapter 1: In Which a Gauntlet is Cast



Every month at brightsolid we have a full company update, wherein a member of each team presents a short talk about what their business area has been working on for the prior month. Four weeks ago, our Customer Account Manager kicked off her talk by throwing me a Rubik’s cube, and challenging me to solve it before she’d finished her update.

I hadn’t touched a Rubik’s cube since I was a child, and had never learned how to complete it, so I spent the talk fervently and very randomly flipping colour to colour, with never a hope of completing it in time. After a couple of minutes I did have the wherewithal to fire up a guide on how to complete it, but by then it was too late, and the guide too complex to follow in such a short space of time. I failed.


Learn from Doom




For many, many years Dr. Doom was and remains my all-time favourite Marvel supervillain. Many people say that Doom’s superpower is his intellect, being regularly ranked the most intelligent or second most intelligent person in the Marvel universe, but I disagree.

Doom’s true superpower is his capacity for learning from failure.

In a fictional universe where villains make the same mistakes again and again and again, Doom stands alone in the fact that whenever he is defeated, he comes back better prepared, having fully learned lessons from his failure, and kicks ass.

He must have a phenomenal post-incident analysis process, because his lessons learned invariably work. When he was defeated by Galactus, he developed a weapon to steal Galactus’s powers. When he was defeated by the Beyonder he developed a weapon to steal the Beyonder’s powers. When he was defeated by the Silver Surfer, he developed a weapon to steal the Silver Surfer’s powers… these might not be the greatest examples.
















The point is that Doom learns, he adapts, and when he’s defeated he comes back better prepared and ready to fight. It’s a lesson that other Supervillains would do well to learn – after all, the definition of stupidity is doing the same thing over and over again and expecting a different result.

So with Doom’s resolve at the fore of my mind, I decided I’d learn to do the Rubik’s cube in time for our next team update – that was four weeks ago, our next team update is on tomorrow, and I can now complete the Rubik’s cube in 2mins 30. It’s a bit off the sub six second world record, but it’s sufficient for my purposes.


Chapter 2: Over-complication can be Overcome


I’ll be honest, the first time I looked at instructions for how to learn to solve the cube I almost chucked it aside. Memorising over 100 different steps and multiple different patterns did not fill me with glee – I’ve always been a more practical person than theory-based, and the idea of learning pages of coloured patterns and rotational algorithms was fairly anathematic to me. Therein then lies the next lesson…

Make the Problem Your Own.



This applies to so many aspects of life, but it in particular applies when problem solving or learning a new skill. Don’t approach it on someone else’s terms, make it your own. Turn it on its head and redefine it in terms you are well equipped to manage.

In this case, to solve the problem of memorising rotational algorithms, I applied a portion of my memory that I know works well and with little effort – remembering rhyming patterns. I took every step, and created a little poem that I could just rattle off mentally which would take me through process end to end.

I used the guide at, and memorised steps 1-3 as they’re straightforward enough. Indeed stanza 1 of my poem reads as follows:


“Steps one to three don’t need a rhyme

They’re so damn easy just take some time

Learn them all then come back here

This poem will aid you, have no fear.”

Step Four: The Enfourening

When you come to step four, on each side of the cube there’s an inverted ‘T’ shape. Depending on the colour at the top of that inverted T, you need to move that piece clockwise or anticlockwise. Below is how the site explains how to rotate the pieces based on where you want it to go.









No. No no no no no. That is not something that clicks in my mind, and the way they call anti-clockwise ‘inverted’ and give it a lowercase ‘i’ suffix is just horrendous to my mind. I hated it, so I reworked it into more manageable nomenclature, and critically, into terms which could rhyme. All the ‘i’ suffixes became ‘a’ for anticlockwise, leading to the following:


‘U’ -> Top

‘R’ -> Right

‘L’ -> Left

‘F’ -> Front

‘B’ -> Back

‘Ui’ -> Ta

‘Ri’ -> Ra

‘Li’ -> La

‘Fi’ -> Fa

‘Bi’ -> Ba


Make sense?

Under this nomenclature then, the steps to turn the piece clockwise become ‘Top, Right, Ta, Ra, Ta, Fa, Top, Front.’

Turning that into a memorable rhyming stanza, I ended up with:

“If Clockwise falls the square so bright

turn top then right,

Remember munt,

TaRa, TaFa, then top, then front.”


It could have been rude, but I behaved. The steps to turn the piece anticlockwise become:

“If Anticlockwise wends its weft,

Tala top left,

then top and front,

and end it all with tafa’s shunt.”

Two short stanzas replace those horrendous diagrams – simple! To my mind, anyway, and ultimately that’s the whole point of this exercise. Reinventing it in terms that make the most sense to me.

At the end of Step Four, you end up with this:


Step Five: Where you’ve probably already stopped reading

At this stage you can probably just stop reading unless you want to apply this poetry method to solving the rest of the cube.

To follow the entirety of my method, go to and learn stage 1 to 3 right now. Once you’re comfortable with those, read the instructions for steps four, five and six, then follow the poem below to complete it faster than ever before!


Steps 1 to 3

Steps one to three don’t need a rhyme

They’re so damn easy just take some time

Learn them all then come back here

This poem will aid you, have no fear

Step 4

If Clockwise falls the square so bright

turn top then right,

Remember munt,

tara, tafa, then top, then front.

If Anticlockwise wends its weft,

Tala top left,

then top and front,

and end it all with tafa’s shunt

Step 5

For five we play the front then top,

The right goes Ta then RaFa plop.

If there’s a line it’s front then right,

And top goes Ra to TaFa tight

Yellow corners flow from right

Then on to top then ra top right

Now stick it the sun god’s ma,

we finish off with top top ra

Step 6

We’re almost done so ra front ra!

Then double back damn right and fa!

Ra dub back give thanks to ma,

We finish off with right right ta

Clockwise turns a twice front whore,

Top left Ra then front once more

Front la right and top we sing

Double front is the last thing


If you do end up trying to use this poem to solve a Rubik’s cube, you’re probably mental. I can’t imagine it making sense to anyone other than myself, but that’s the point of this blog post, it doesn’t have to.


When you fail, use the opportunity to learn.

When you’re learning, don’t hold yourself to anyone else’s standards or expectations.

Make any problem your own.

And win.




Every Child Needs to Learn to Code

My current role is Head of Emerging Technologies at brightsolid, the technology and innovation arm of DC Thomson & Co Ltd. For the past ten years I’ve worked in technology-related roles in a number of industries, from financial services and publishing to video games and datacenter hosting. A few years ago I set up the first Code Club in Scotland and ever since have championed the need for coding in our primary and secondary schools, both to the industry and to the educational establishment itself. Through this journey I’ve learned a huge amount about current preconceptions around coding, about how hungry kids are to learn these skills, and critically, just how undervalued said skills still are in some quarters.

I got my first computer at age 4 in 1986, an Amstrad CPC6128 of which I have many fond memories. I was ‘coding’ in Basic by age 6 and haven’t really ever stopped. I spent large portions of my primary school career coming in early each day with my friend to write a new game on the class BBC Micro – it had to be a new game each day because there was no disk drive on which to save our creations, so each day our labours were lost. Much of my spare time in secondary school was in the Computing Studies department, coding and creating features or ‘mods’ for wholly unsuitable video games like Doom and Quake. In sixth form I won the Service to School prize for services rendered in computing. At university while I was ostensibly studying Electrical and Electronic Engineering, I spent much of my time as a volunteer programmer for a popular online multiplayer game using the C programming language, and in this my fourth decade I have written and published a couple of applications into the Microsoft App Store.

With this rich history of coding stretching back throughout my life, it’s completely natural that my career would follow thusly into a programming related field, but the reality was not so. My job has never been as a programmer or software engineer, my roles have never required me to be able to code, however I absolutely and unequivocally state that the skills I have learned through coding have been absolutely critical to my success in my career. Granted I’ve worked in IT fields in systems administration and strategic technology roles, and many would equate those to or drop them under the same umbrella as software engineering, but the reality is that the jobs I have done are as far removed from software engineering as something like medicinal chemistry is from being a surgeon.

The reality of the world that we live in today is that it is a technology-driven society, a fact which only becomes more and more prevalent as time advances. Few industries today are not wholly dependent on technology, not just from an infrastructure perspective, but also their workforce’s ability to effectively utilise and leverage technology to the benefit of themselves and the business. Something I hear time and time again is that children today are a digital generation, grow up with technology, and know everything about how to use it – this is completely and demonstrably false. Children are growing up as content consumers of technology, where computers and tablets and mobile devices are black boxes of mystery into which they enter a search term and a YouTube video pops out for them to watch. This in no way makes them technologically literate any more than me being able to drive a car makes me a mechanic.

Few would argue the benefits of having a core understanding of how a car works – how to check the oil levels, how to change a tyre, how to keep tyre pressure at an appropriate level for fuel economy, how to change a headlamp… yet the equivalent skills in computing are being washed over as unimportant in favour of the ‘driving’ skills such as word processing. Having a core knowledge doesn’t necessitate following that field to completion – becoming a mechanic or software engineer – what it does do is empower the individual with knowledge which they can then use to solve problems on their own, without depending on others.

It’s opening up technology from being a content consumption black box into an open world of content creation that structured curricula like Code Club seek to do. Opening children to the concepts of coding grants them new skills in logic and numeracy, as well as problem solving and analytical thinking. In fact, I’ve always maintained that coding at its most basic teaches strict attention to detail in spelling and grammar, as a single misplaced character in code can prevent it from working at all! I strongly believe that not knowing how to make use of or understand technology will be as detrimental in the future as being illiterate or innumerate are today. Those who treat computers as content creation devices and who are not constrained by the black box mentality of ‘query in, answer out’ have today (and will continue to have tomorrow) a significant advantage across all walks of life and a majority of industries – this is something I see day in and day out through discussions and meetings across many sectors.

Dundee as a city has a rich technology heritage, with our One City, Many Discoveries moniker and vibrant creative and gaming industries standing at the forefront of all that is driving the city forward. This drive for technology has always been within the city, but in modern days harkens back to the Timex factory creating ZX81 computers. Many of those found their ways into the hands of the enterprising Dundee youth which directly gave rise to the city now having a larger per capita population of games developers, designers, and software engineers than any other city in the UK. This is why Minecraft for consoles is made in Dundee at 4J Studios, the four J’s of Dundee now being Jute, Jam, Journalism and Joysticks. It’s this creative and technology industry which fuels our city today, and as caretakers of the future we’re obligated and beholden to not just deliver it in a fit state for the next generation, but also to adequately equip that generation with the skills required to flourish in it.

Coding is not an end unto itself; it’s a tool which can and should be used to teach new ways of thinking, new ways of viewing technology and the world, and as a method to teach other subjects. It affords a window into technology that delivers the skills required to thrive in a digital age, and transforms the plethora of compute devices which litter our lives from being dumb consumption terminals into hugely useful and important problem solving and content creation devices.

Ultimately the greatest misapprehension to have is to believe that coding is a standalone entity which can be set aside during childhood and effectively picked up in later life. This is no more true than it is of literacy and numeracy – technology is woven through the fabric of our society, and the stark reality is that those who are able to best understand and utilise it have will have a significant advantage over those who do not.

Windows 10 Consumer Event Thoughts

Just quickly jotting down some thoughts on the Win10 event yesterday.


This is the reason I’ve not put the Win10 tech preview on my Surface Pro 3 – the current tech preview is not designed for touch, and works really poorly. With Continuum, it should detect whether it’s got a keyboard attached or not, and flip between touch and desktop mode automatically. This is a good thing for me. It also further builds the case for IT departments to deploy hybrid or convertible devices to staff in place of the laptop/tablet combo. This is a good thing for the enterprise.


New rendering engine is good. Not based on WebKit is probably bad – that was an opportunity to unify the web experience. Oh well. Having Cortana built in is awesome, after all what’s a Spartan without his AI? The socialisation stuff I’m not really fussed about – I can’t see myself annotating a webpage with pen and sharing it around.

Cortana on Desktop

The context aware surfacing of information is very cool. The voice command stuff is not useful in an office environment, but built into the Xbox One with Kinect for voice input? That could be useful. That makes your Xbox the equivalent of the computer interface in crew quarters in Star Trek TNG et al, in terms of information gathering, and even potential for home automation and control.

Windows 10 on Phone

We all knew this was coming, and it’s excellent – I want more unification for consumer as well as developer. This is a very positive step forward. A lot of fuss was made over having the Word rendering engine in the mail app on Windows Phone 10 – I don’t care about that. I want my mail app on my phone to be as lightweight, rapid and responsive as possible. I can only see the Word engine slowing that process down. Who cares about formatting from phone? It’s for rapid consumption and delivery of information, it’s not a device to work from.

Windows 10 Free Upgrade

Upgrade from Win7 – 8.1 in year one, and your upgrade cost is waived. That’s cool, I would have been upgrading anyway, but nice to get it for free. Not sure how this translates to the workplace, I assume it’s not for Enterprise Editions and there will still be upgrade costs for businesses. If not, holy hell that’s awesome.

Free Office (not desktop) on Windows 10

This is awesome, not sure how it’ll be licensed for the workplace though. Office desktop on RT was free for consumer use, but not licensed for the workplace. I’m hopeful that the touch-first versions of Office will be free across the board, with the desktop versions still licensable.

Xbox Streaming

I will now be setting off Dragon Age Inquisition war table missions on my home Xbox from my SP3 while at work :/ Needless to say this is an awesome feature for me, it won’t have much of an impact on the opinions of the pig-headed ‘PC Master Race’ gaming sorts though. They should find value in the new Game DVR features of the Xbox App though, as well as the built-in party chat features. It looks like Steam needn’t worry for now as well, as it seems the Xbox App will be a store for Win10 style games, rather than traditional desktop-based ones. DirectX 12 looks great, time to hold off getting a new graphics card until more info there is available…

Surface Hub

On the face of it this is ridiculous, and just another way of justifying some of the Perceptive Pixel stuff. The Skype for Business and OneNote integration is cool. It’s also available on any existing Win8/8.1 machine. Writing on a screen that size is a terrible experience, regardless of input resolution. Outstretched arms, out of FOV of the cameras – awful. You could literally get the same features today out of a Surface Pro 3 embedded in a conference table, wired into a large TV and webcam, but with the ability to draw on-screen without having to get up. I guess it’s not about features though, it’s about looking cool. Which it does. It’s still ridiculous though.


I don’t know where to start here – I want one. I actually need it now. I was sceptical until I realised that it’s not just transparent LCDs overlaying data AR style, it’s literally f*cking with photon direction, intensity and wavelength en route to your eye to make your brain think there are objects in the real world that aren’t there. Incredible curveball, massive talking point, if it achieves 50% of what it claims I will still want one.



Quad-Core PC on a Stick

In October 2014 I spotted an interesting item appear on AliExpress, however Christmas was upon us so I put aside buying one for a couple of months and almost ended up forgetting about it.

It was this PC in stick form, an item that on the face of it seemed like it was a bit too futuristic – I hadn’t seen anything else like it announced at the time, and it had no reviews to back up its credentials.

Fast forward to CES 2015, and Intel announce an almost identical device, right down to the Z3735F Bay Trail processor. That announcement spurred me to revisit the original one I found, and once I found that I could get it for £83 delivered vs $149 before delivery for the Intel device, I hit the order button immediately. Apparently the price is up to £90.64 now, but that’s still pretty good.


It arrived after about a week, and I plugged it straight into a TV and got to setting it up. This is it in the flesh.

One side of the device has a Micro-USB in and a Micro SDXC port as below, into which I popped a 128GB Micro SD.

The other side has a full-size USB port, a Micro-USB port for powering the device, and an innocuous power button. This is pretty much identical in every way to the Intel device from CES, albeit not as angularly pretty.

I had a ‘wow, this is the future!’ moment when I was entering my Microsoft account credentials to set up Win8.1 and it told me I’d need to enter a one-time code that it’d send to my email address, with that code flashing up on my Microsoft Band almost immediately. Yes it’s a bit scratched around the edges. Take my advice and get a screen protector for your band.


I ran a few basic performance tests and threw a 4k trailer for Interstellar at it and it didn’t even flinch, handling the video with aplomb. Here it is driving Win8.1 on our secondary TV.

It’s obviously never going to be a beast of a gaming machine, but as an XBMC box it will be perfect. In the workplace the use cases are manifold – this thing is cheaper and more powerful than the net top PCs we have running some of our NOC screens just now, for example.

Not exactly mind blowing, but really these are pretty good for the size of device.

Screenshot of System from the device – Z3735F Bay Trail, just like the Intel CES device. Awesome.

So overall pretty impressed – the product page claims it dual boots Android but if it does it’s not pre-loaded. Frankly I’m not exactly fussed by that though, it’s a full quad core Win8.1 PC in a form factor that’s smaller than my phone. Amazing.

I like living in the future.

Windows Server and System Center Technical Preview Lab Prep

Created with Nokia Refocus

For this lab, we’re going to focus on some of the new features in Windows Server and System Center vNext. In order to test appropriately, we’ve put together the below two racks of kit to cover a number of different scenarios.

Networking is simple, and provided by a couple of 1GbE Cisco 3750s – one for storage traffic, one for all other traffic.

We’ve intentionally kept all management servers physical and separate from the Hyper-V and VMware clusters. This is because we will be tearing the contents of these clusters up and down repeatedly, so splitting management out to be separate and static keeps things tidy.

Storage is provided primarily by a Storage Spaces SOFS cluster (LAB-SOFS) which is fronted by two SuperMicro servers and three SuperMicro JBODs of following spec:



Processor 2x Intel® Xeon® Processor E5-2660V2 10C 2.2GHz
Memory 2x 16GB DDR3-1866 ECC RDIMM
OS Disk 2x 300GB Enterprise Class SATA MLC SSD
HBA 4x LSI 9207-8e SAS HBA
LAN Intel® i350 Quad port Gigabit Ethernet
Additional Mellanox ConnectX-3 Dual Port 10GbE SFP+

Although the servers have 10GbE capability, we’re just going to aggregate three of the four 1GbE ports for storage for this lab, to save on finding a spare 10GbE switch.

JBODs (x3)

Disk Capacity 48x SAS2
Disks in Use 8x 1.2TB SAS2 6GB 2.5” 10K RPM
SAS Cables 2x (one to each SOFS node)


Further storage (in order to test the block level storage replica features in Server Technical Preview) is provided over iSCSI by a Dell EqualLogic SAN.


LAB-MON1 (Dell R210) – SCOM Technical Preview

Processor 1x Intel® Xeon® Processor
Memory 2x 16GB


LAB-HVGW1 (Dell R210) – Hyper-V Gateway Role for Network Virtualisation

Processor 1x Intel® Xeon® Processor
Memory 2x 16GB


LAB-SQL1 (Dell R210) – SQL2014 Cluster Node 1

Processor 1x Intel® Xeon® Processor
Memory 2x 16GB


LAB-SQL2 (Dell R210) – SQL2014 Cluster Node 2

Processor 1x Intel® Xeon® Processor
Memory 2x 16GB


LAB-DC1 (Dell R200) – Domain Controller

Processor 1x Intel® Xeon® Processor
Memory 2x 16GB


LAB-AZU1 (Dell R200) – Windows Azure Pack (All Roles Co-located)

Processor 1x Intel® Xeon® Processor
Memory 2x 16GB


LAB-VMM1 (Dell R200) – Virtual Machine Manager Technical Preview

Processor 1x Intel® Xeon® Processor
Memory 2x 16GB


LAB-VC1 (Dell R200) – ESXi VCenter Server for VMware Management

Processor 1x Intel® Xeon® Processor
Memory 2x 16GB


LAB-ESX1 (Sunfire x4150) – VMware ESXi 5.5

Processor 2x Intel® Xeon® X5460
Memory 8x16GB


LAB-ESX2 (Sunfire x4150) – VMware ESXi 5.5

Processor 2x Intel® Xeon® X5460
Memory 8x16GB


LAB-HYPV1 (Dell R610) – Hyper-V Technical Preview

Processor 2x Intel® Xeon® X5 series
Memory 12x16GB


LAB-HYPV2 (Dell R610) – Hyper-V Technical Preview

Processor 2x Intel® Xeon® X5 series
Memory 12x16GB


Rack Diagram Below.

Lab Visio

Surface Pro 3 Pen Button Customisation

The Surface Pro 3 comes with a pen which can launch OneNote with a click of its purple button – it can even bring the device out of standby. This is awesome, because the series of events you take to write a note becomes the exact same as when picking up a pad of paper and a pen.



Pick up pad, pick up pen, click pen to extend nib, start writing immediately.

Pick up Surface, pick up pen, click pen to launch OneNote, start writing immediately.


It’s very natural and phenomenally useful, but simultaneously it’s a bit limiting. What if I want to use the button click to do something else? Beyond double clicking to take a screenshot, there’s no way built into Windows to do anything other than launch OneNote.

Right now I want it to be able to advance PowerPoint slides with a pen button click, but I want it to function normally and launch OneNote at all other times. I don’t want  to have to do any config to achieve this each time I launch PowerPoint, I want it to be seamless.

Luckily this is Windows, and with Windows there’s always a way to achieve your desired results.

AutoHotKey ( is a powerful tool for scripting macros and hotkeys, and even better it’s totally free.

Using an AutoHotKey script which watches for PowerPoint being full screen, I can achieve my desired results in a totally seamless way. The Surface Pro 3 pen click is F20, so intercepting that when PowerPoint is full screen and simulating a spacebar press instead of launching OneNote advances the slide – hurrah!

If you want to try it yourself, install AutoHotKey and add the following lines to the default script.


#IfWinExist, ahk_class screenClass

#F20:: Send {Space}


Easy peasy – this’ll look great during presentations 🙂

Windows Store App Development!

Around a month ago Lorraine and I went to a Windows 8 development conference at the MS  offices in Edinburgh. Clearly as a non-developer I was out of my depth for a lot of it, but the simplicity and low barrier to entry both technically and in terms of publishing really made their mark on me. I left with the sense that I didn’t just want to promote Windows 8 and the associated ecosystem any more, I wanted to add my own apps to the mix.

So it was with a sense of trepidation that I downloaded Visual Studio and fired up my first shell of an app.

Back in the mid ’90s I was a fair dab hand at C and spent thousands of hours coding for mutiplayer text adventure games, so I figured my first foray into Windows 8 apps should be a text adventure!

C# and XAML turned out to be the easiest route into coding I’ve seen thus far, with such a low barrier to entry that despite never having touched them before and having no clue what I was doing, I had a working engine written inside a couple of evenings.  I’ve spent the last month expanding the engine and writing (what I think is) a quality text adventure and have already started on my next – now that the engine is written it should be a doddle!

Looking forward to coming up with more ideas and adding more content to the MS store now that I know how simple it is to start developing WinRT apps 🙂