Churchill on Windows?!

I’ve had many requests over the years to repeat my ‘Churchill Framework’ on Windows, “Churchill” being my mostly-automated way of building a virtual RAC using Linux as the operating system of choice.

I’ve always refused: if you want a desktop RAC on your Windows PC, why not just deploy Churchill ‘proper’ and have three virtual machines running CentOS. It’s a RAC, and it’s still “on” Windows, isn’t it?!

Well, of course, that wasn’t quite the point my correspondents were making. They wanted a desktop RAC running on top of purely Windows operating systems. They aren’t Linux users, and they’re not interested in working at a command line. Could I please oblige?

Again, I’ve always said no, because Windows costs lots of money. It’s easy to build a 3-node or a 6-node setup in Linux, because you aren’t paying $1000 a pop every time you install your operating system! It seemed to me that RAC-on-Windows was a nice idea (I had it working back in 2001 with 9i on Windows 2000 after all), but it wasn’t very practical as a learning platform.

Happily for my correspondents, I’ve now changed my view in that regard. All the Windows-based would-be DBAs of my acquaintance are working for companies that supply them with MSDN subscriptions. And Microsoft’s Technet evaluation options allow even people with no MSDN access to download and use Windows Server 2012 and beyond for free, for at least 6 months.

So I’ve given in. There’s now available a new article for doing Desktop RAC using nothing but Windows. It bears a passing resemblance to ‘proper’ Churchill: there are three servers to build, with one acting as the supplier of shared storage and needed network services to the others. There’s even the use of iSCSI to provide the virtual shared storage layer. But it’s about as non-Churchill as it gets, really, because everything is hand-built… which explains the enormous number of screenshots and the overall length of the article!

Confessio

I feel it time to confess that I have yielded to temptation and reverted the entire household to Windows.

The two servers went back to being competent, unspectacular Windows 2012 R2 Servers, but this time with one of them promoted to being a Domain Controller and the other a Backup Domain Controller. My PC, two laptops and tablet have all had Windows 10 installed and the same is true for ToH’s PC.

I will say, however, that the concerns about Windows 10’s enthusiasm for ‘phoning home’ with a lot of “telemetry”, plus its rather alarming propensity to download and install updates without warning or the ability to decide whether or when to do so, are entirely real. I dealt with them in two ways: first, all my Windows 10 installs are of the Enterprise Edition. Unlike the Home Edition, that does let you pick-and-choose when and whether to update. Also unlike the Home and Pro Editions, when you configure it to not send telemetry data to Microsoft, it genuinely stops doing so. Additionally, by promoting my servers to be domain controllers, I get to configure a group policy that enforces these privacy-minded behaviours, household-wise.

In short, to deal with Windows 10’s perceived privacy and over-enthusiastic update problems, I’ve had to turn the house into something resembling a small business. It’s not a cheap option, I suppose, but it seems to do the trick.

There are two exceptions to the ‘Windows 10 Enterprise Everywhere’ technique. First, the little NUC unit that sits under the TV and acts as our Media Player/PVR stays at Windows 7 (because Microsoft, in its wisdom, decided to make Microsoft Media Center a paid-for option in Windows 8 and abolished it completely in Windows 10: if we want to keep watching the telly for free, Windows 7 is our only choice). Unfortunately, Microsoft have of late decided to release a number of Windows 7 ‘security patches’ that (a) nag you to ‘reserve your copy of Windows 10’; (b) actually downloads a complete copy of Windows 10 whether you want to or not; and (c) retrofit rather invasive telemetry capabilities to Windows 7, so that it starts to phone home as often as unconfigured Windows 10 would do.

To prevent any of these things happening on the new media PC, I’ve taken the rather drastic approach of disabling all updates. This would make the NUC a sitting duck for malware and security vulnerability exploits of all kinds, of course, so I’ve configured its network stack to have no Default Gateway. Basically, whilst the NUC can see the entire home network (which it has to be able to do so it can play movies and music streamed from the servers), it can’t see outside the house. Specifically, it has no idea how to get to the Internet, which is fine for us, though it wouldn’t be ideal if we were big users of Spotify, Netflix or similar, of course! I’ve also installed anti-virus software on it, so hopefully it has a basic level of protection against nasties… but it’s no substitute for proper security updates from the vendor. At some point, I will update it manually, being careful to exclude the telemetry patches… but Microsoft really need to stop using ‘security updates’ as a way of advertising their latest O/S!

The second exception to ‘Windows 10 Everywhere’ is, of course, The Other Half, who insists on using Microsoft Money to monitor and control our household finances. I’ve suggested migrating to a piece of software that wasn’t end-of-life’d back in 2006, but to no avail: 15 years of records, a happy track record of making me not spend money frivolously and a large dose of user inertia mean that Microsoft Money it has to remain. Which is unfortunate because that program uses Internet Explorer 6 internally for its main display capabilities. In Windows 8, one could run it in compatability mode and still have it work. In Windows 10, you can’t. So I built ToH a tiny virtual machine (measuring virtual RAM allocations in megabytes is weird!) and installed Windows XP 64-bit on it. It’s a host-only virtual machine and runs nothing but the operating system and this one application, so it can’t even access the rest of the home network and doesn’t need to. Hopefully, therefore, the fact that it’s an ancient, dead and vulnerable operating system won’t come to haunt me.

I guess the obvious question is: why go to all this effort? And I can only plead that Microsoft Media Centre, Microsoft Flight Simulator, Microsoft Money and Photoshop/Lightroom are non-negotiable for ToH. Which makes not having Windows anywhere in the house a non-starter. And if you have Windows somewhere, it soon becomes a lot easier to manage if it’s everywhere, I think. :-)

In my defence, we were actually an almost-non-Windows household for three weeks: I built ToH a new PC running Linux Mint, and tried to explain the delights of Dark Table, Flight Gear and KMyMoney, but it didn’t go down well. And there never were any real options for a PVR with a 10-foot interface that isn’t Microsoft Media Centre. So the experiment proved short-lived and we’re now a house of little Microsofties once more.

Chocolate Spread

If you were of a mind to re-install Windows 10 (speaking entirely hypothetically, of course!), you could do worse than investigate Chocolatey -an application which purports to give Windows a tool roughly equivalent to apt-get. It makes installing a bunch of software post-OS-install a simple matter of typing in one command in a terminal window.

To install Chocolatey itself, you do as the page I linked to tells you to do: make sure your Internet connection is working, then open a command window with administrator privileges and copy-and-paste in this one command:

@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

Once you’ve done that (it takes about a minute), you’re ready to install your software. You can browse (very laboriously, I have to say -they need to do something about that!) through the ‘gallery’ of packages that are available and the relevant “choco” command to install them. For example, if you want to install Firefox, you’ll find that the installation command is choco install -y firefox.

Here’s the command I would issue to get all my favourite software installed in one chocolatey hit:

choco install -y stellarium notepadplusplus winscp firefox vlc google-chrome-x64 procexp wget calibre keepass greenshot audacity consolez foobar2000 sumatrapdf lockhunter treesizefree mp3tag owncloud-client makemkv mobaxterm gpg4win avidemux imageresizerapp musescore kindle syncback

It isn’t perfect, by any means: there is allegedly a choco install handbrake command, for example, to install the all-time-best Video transcoder, but I’ve yet to achieve a successful install with it. Nothing to stop you visiting www.handbrake.fr and downloading/installing in the traditional manner, of course, but it detracts a little from Chocolatey’s claim to simplify your software installation life.

Nevertheless, it’s a nice way to get almost everything needed to turn a fresh Windows 10 install into a usable PC… recommended!