Active-Active File sharing with SMB 2.2 Scale Out in Windows 8 Rocks


Introduction

Wow. That’s what I have to say. WOW! I configured a two node virtual machines 

cluster running Windows 8 Server Developer Preview to test the SMB2 Scale Out functionality and I smiling. In my previous blog Transparent Failover & Node Fault Tolerance With SMB 2.2 Tested I already tested the transparent failover with a more traditional active-passive file cluster and that was pretty neat. But there are two things to note:

  1. The most important one to me is that the experience with transparent failover isn’t as fluid for the end user as it should be in my opinion. That freeze is a bit to long to be comfortable. Whether that will change remains to be seen. It’s early days yet.
  2. The entire active-passive concept doesn’t scale very well to put it mildly. Whether this is important to you depends on your needs. Today one beefy well, configured server can server up a massive amount of data to a large number of users. So in  a lot of environments this might not be an issue at all (it’s OK not to be running a 300.000 user global file server infrastructure, really Winking smile).

So bring in “File Server For Scale-Out Application Data” which is an active/active cluster. This is intended for use by  applications like SQL server & Hyper.-V for example. It’s high speed and low drag high available file sharing based on SMB 2.2, Clusters Shared Volumes and failover clustering. The thing is, at this moment, it is not aimed at end user file sharing (hence it’s name ““File Server For Scale-Out Application Data”. When I heard that,  I was a going “come on Microsoft, get this thing going for end user data as well”. Now that I have tested this in the lab, I want this only more. Because the experience is much more fluid. So I have to ask Microsoft to please get this setup supported in a production environment for all file sharing purposes! This is so awesome as an experience for both applications AND end users. The other approach that would          work (except perhaps for scaling) is making the transparent failover for an active-passive file cluster more fluid. But again, early days yet.

Setting  Up The Lab

Build a “File Server for scale-out application data” cluster

You need three virtual machines running Windows 8, two to build the cluster and one to use as a client.Once you have the cluster you configure storage to be used as a Clustered Shared Volume (CSV)

image

You’ll see the progress bar adding the storage to CSV

image

And voila you have CSV storage configured. Note that you don’t have to enable it any more and that there are no more warnings that this is only supported for Hyper-V data.

image

Now navigate to Role, right click and select “Configure Roles”

image

This brings up the High Availability Wizard

image

Click Next and select “File Server for scale-out application data”

image

Give the Client Access Point a name

image

Click Next and on the following wizard page click confirm

image

And voila you’re done. Do notice the wizards skips the “Configure High Availability” step here.

image

Get a share up and running for use

Don’t make the mistake of trying to double click on the you see in the Role. Go to the node who’s the owner of the role and navigate to the role “ScaleOut”, right click and select add shared folder.

image

Select the cluster shared volume on the server “ScalingOut” which is actually the client access point.

image

I gave the share the name SOFS (Scale Out File Share)

image

I like Access Based Enumerations so I enable this next to Enable continuous availability that is enabled by default.

image

Than you get to the permissions settings. Here you have to make sue you set the share permissions to  more than read if you want to do some writing to the share. Nothing new here Winking smile

image

After that you’re almost done. Confirm your settings & click Commit

image

Watch the wizard do it’s magic

image

And it’s all setup

image

Play Time

We have a third node “Independence” running Windows 8 Server to use as a client. As you can see we can easily navigate  to the “server” via the access point.

image

And yes that’s about all you have to do. You can see the ease of name space management at work here.

Now let’s copy some data and turn of a one of the cluster nodes, the one that owns the role for example …

image

I was copying the content of the Windows 8 Server folder from Independence and failed over the node, the client did not notice anything. I turned off the node holding the role and still the client did only notice as short delay (a couple of seconds max). This was a complete transparent experience. I cannot stress enough how much I want this technology for my business customers. You can patch, repair, replace, file server nodes at will at any given moment en no application or user has to notice a thing. People, this is Walhalla. This is is the place where brave file server administrators that have served their customers well over the years against all odds have the right to go. They’ve earned this! Get this technology in their hands and yes even for end user file data. Or at least make the transparent failover for user file sharing as fluid. Make it happen Microsoft! And while I’m asking, will there ever be a SMB 2.2 installable client for Windows 7? In SP2, please?!

Learn more here by watching the sessions from the Build conference at http://www.buildwindows.com/Sessions

Noticed bugs

The shares don’t always show up in the share pane, after failover.

Conclusion

This is awesome, this is big, this is a game changer in the file serving business. Listen, file services are not dead, far from it. It wasn’t very sexy and we didn’t get the holey grail of high availability for that role as of yet until now. I have seen the future and it looks great. Set up a lab people and play at will. Take down servers in any way imaginable and see your file activities survive without at hint of disruption. As long a you make sure that you have multiple nodes in the cluster and that if these are virtual machines they always reside on different nodes in a failover cluster it will take a total failure of the entire cluster to bring you file services down. So how do you like them apples?

Transparent Failover & Node Fault Tolerance With SMB 2.2 Tested


Transparent Failover and node fault tolerance with SMB 2.2 in Windows 8 Server is something that caught my attention immediately. The entire effort in infrastructure has been to keep the plumbing as invisible & unnoticed as possible. In some areas we had great success in others not so much. Planned & unplanned down time of file servers has always been an issue as there was always a short or longer outage and any failover meant disconnecting & reconnecting leading to all kinds of end users problems and confusion. To them the network is down. But the same issues exist on the server side with apps depending on files shares or servers like SQL Server that are writing backups to remote share or read data from such a share. Often it needs some kind of human intervention to correct the situation. No not even 3rd party clustered file systems and active-active clustering software could achieve this. The SMB protocol prior to 2.2 did not allow for it.

So when one hears it is a possibility now we want to test this! So we throw some virtual machines on the test cluster and build a file cluster with windows 8 server and we also have a 3rd server to act as a client with SMB 2.2. Open the Failover Cluster Manager right click roles and choose to configure a role.

image

You’ll see the familiar wizard, click next

image

And choose the file server role

image

Give the Client Access Point a name and add an IP address.

image

Add some storage

image

And voila … after the confirmation we’re asked to configure high availability

image

This opens the New Share Wizard

image

…this is all pretty straight forward so I’ll leave out the screenshots but for the most important one where we explicitly uncheck the “Enable continuous availability” as we want to first run a test without it Smile

image

Continue through the wizard & voila you have a clustered file server with a Client Access Point as a single namespace. Please not that you can connect to this using that single name space. No need for \\serverA\BizzShare & \\ServerB\BizzShare and going fancy with redundant DFS name spaces and the like.

Remember we still need to make this share highly available but let’s do some file copies and fail over the node to see what this looks like without transparent failover. Select the role transparent, right click, choose “Move” and “Select  Node”.

image

Choose an available node and click OK

image

As you can see this looks rather familiar.image

Let’s make that share continuously available. Go to and double click on the share you want to configure.

image

You’ll see a progress dialog whilst information is retrieved …

image

… and then the share properties are presented, most is familiar stuff but we need the bottom one “Settings”. Select the check box to make the share continuously available.

image

Now let’s try that file copy of again whilst failing over the file server role to another node.

image

So there is no loss of data, no need to the client to reconnect, you don’t have to retry but you do have a freeze that lasts for about 20 seconds on my test lab. I hope this will still improve before RTM.

What we learned here is that we can have Transparent (File Share) failover with SMB 2.2 in a virtualized environment and we can give it a “Client Access Point” name like “MyOldFileServer” so that users are not confused or need to learn another UNC path. There are many options to achieve keeping old namespaces around for end user ease of use but this is an extra ace up our sleeve. For now planned (patching, server maintenance) or unplanned (crash) is a 20 second freeze experience right now as the file share fails over. This freeze is probably due to active–passive clustering. For now active-active is not recommended/supported for file sharing in an end user scenario. I think they are “worried” of huge file shares with a zillion meta data updates to sync. But this is supported for apps like hyper-V, SQL Server backups or apps needing file data etc. I’m going to try it next and for user data. Things might change before RTM and with multichannel, RDAM, 10Gbps, NIC teaming in the OS perhaps that active-active scenario might be feasible for user file data? PLEASE? Otherwise here’s another request for “Windows 8 Server R2” Winking smile

The secret sauce is in:

  • SMB 2.2 on both client & server
  • Resume Key
  • SMB 2.2 Witness service which is stet to running when you make an share continuous available.

image

Go watch the sessions from the Build conference to hear more on al this. The work they’ve put in to this  + some of the complexities are quite amazing. http://www.buildwindows.com/Sessions

Things to find out: how to rename a Client Access Point or how to delete it. Adding a new one is easy.

Warning: It’s September 23rd 2011 and the Developer Preview is a little rough around the edges don’t run this on anything you need to get your bills paid yet  Winking smile

Windows 8 Server Developer Preview: NIC Teaming In The Operating System Works Just Fine


A short blog to share some first experiences with Window 8 Server functionality. I set up a couple of Hyper-V guests with Windows 8 to start playing with some of the functionality that is very promising. One of the first things I just had to try out was NIC teaming in the operating system. Well, the experience is still a little rough as the product is not yet finished but setting up NIC teaming is rather easy and it works like a charm! If this is the experience of future test, then bring it on!

image

Set it up, just with all defaults and start unplugging cables or disconnecting virtual NICs for the virtual networks in Hyper-V. I guarantee some fun. No pings dropped, no file copies failed Smile

I can also confirm that iSCSI works just like before, not much change there, walk in the park. So, I’m building a cluster with some virtual machines to play some more with new functionalities. I’ll report on that as I find the time between real work, work that pays the bills and some needed R&R once in a while.

Upgrading Windows Server 2008R2 Editions With DISM


When an environment evolves (growth, mergers, different needs) you have might very well have resource needs above and beyond the  limits of the original Windows edition that was installed. Scaling out might not the right (or possible) solution you so scale up is alternative option. Today with Windows Server 2008 R2 this is very easy. However, again and again I see people resorting labor intensive and often tedious solutions. Some go the whole 9 yards and do a complete clean install and migration. Others get creative and do a custom install with the windows media to achieve an in place upgrade. But all this isn’t needed at all. Using DISM (Windows Edition-Servicing Command-Line Options) you can achieve anything you need and every role, feature, app on your server will remain in good working condition. Recently I had to upgrade some standard edition Hyper-V guest servers to the enterprise edition to make use of more than 32 GB of RAM. Another reason might be to move from Windows Server 2008 R2 Enterprise Edition to Data Center Edition for hyper-v host to make use of that specific licensing model for virtual machines.

Please note the following:

  • You can only do upgrades. You CANNOT downgrade
  • The server you upgrade cannot be a domain controller (demote, upgrade, promote)
  • This works on Standard, Enterprise edition, both full & core installations.
  • You cannot switch form core to full or vice versa. It’s edition upgrade only, not  for switching type of install.

This is how to find the possible target editions for your server:

C:\Windows\system32>DISM /online /Get-TargetEditions

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385
Editions that can be upgraded to:

Target Edition : ServerDataCenter
Target Edition : ServerEnterprise

The operation completed successfully.

So I went to Enterprise Edition by executing this process takes some time but is painless but for one reboot.

C:\Windows\system32>Dism /online /Set-Edition:ServerEnterprise /ProductKey:489J6-VHDMP-X63PK-3K798-CPX3Y

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Starting to update components...
Starting to install product key...
Finished installing product key.

Removing package Microsoft-Windows-ServerStandardEdition~31bf3856ad364e35~amd64~~6.1.7601.17514
[==========================100.0%==========================]
Finished updating components.

Starting to apply edition-specific settings...
Restart Windows to complete this operation.
Do you want to restart the computer now (Y/N)?

You either use a MAK key (if you don’t have a KMS server) or the default key for your volume license media. When you have KMS in place (and the matching server group KMS key A, B, or C) the activation will be done automatically and transparent for you. Standard trouble shooting applies if you run into an issue there.

These are the public keys for use with a KMS server:

  • Windows 7 Professional – FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
  • Windows 7 Professional N – MRPKT-YTG23-K7D7T-X2JMM-QY7MG
  • Windows 7 Enterprise – 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
  • Windows 7 Enterprise N – YDRBP-3D83W-TY26F-D46B2-XCKRJ
  • Windows 7 Enterprise E – C29WB-22CC8-VJ326-GHFJW-H9DH4
  • Windows Server 2008 R2 HPC Edition – FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
  • Windows Server 2008 R2 Datacenter – 74YFP-3QFB3-KQT8W-PMXWJ-7M648
  • Windows Server 2008 R2 Enterprise – 489J6-VHDMP-X63PK-3K798-CPX3Y
  • Windows Server 2008 R2 for Itanium-Based Systems – GT63C-RJFQ3-4GMB6-BRFB9-CB83V
  • Windows Server 2008 R2 Standard – YC6KT-GKW9T-YTKYR-T4X34-R7VHC
  • Windows Web Server 2008 R2 – 6TPJF-RBVHG-WBW2R-86QPH-6RTM4

Don’t worry this is public information (KMS Client Setup Keys), these will only activate if you have a KMS server and the to key make that KMS server work.

Either way there is no need for reinstall & migration or upgrade installation in for a simple upgrade scenario So do your self a  favor and always check if you can use DSIM to achieve your goals!

Data Protection & Disaster Recovery in Windows 8 Server Hyper-V 3.0


The news coming in from the Build Windows conference is awesome. The speculation of the last months is being validated by what is being told and on top of that more goodness is thrown at us Hyper-V techies.

On the data protection and disaster recovery front some great new weapons are at our disposal. Let’s take a look at some of them.

Live Migration & Storage Live Migration.

Among the goodies are the improvements in Live Migration and the introduction of Storage Live Migration.  Hyper-V 3.0 supports multiple concurrent Live Migrations now, which combined with adequate bandwidth will provide for fast evacuation of problematic hosts. Storage Live Migration means you can move a VM (configuration, VHD & snapshots) to different storage while the guest remains on line so the users are not hindered by this. I’m trying to find out if they will support multiple networks / NICs  with this.

Now to make this shine even more MSFT has another ace up it’s sleeve. You can do Live Migration and Storage Live Migration without the requirement of shared storage on the backend. This combination is a big one. This is means “shared nothing” high availability. Even now when prices for entry level shard storage has plummeted we see SMB being weary of SAN technology. It’s foreign to them and the fact they haven’t yet gained any confidence with the technology makes them hesitant. Also the real or perceived complexity might hold ‘m back. For that segment of the market it is now possible to have high availability anyway with the combo Live Migration / Storage Migration.  Add to this that Hyper-V now supports running virtual machines on a file share and you can see the possibilities of NAS appliances in this space of the market for achieving some very nice solutions.

Replication to complete the picture

To top this of you have replication built in, meaning we have the possibility to provide reasonably fast disaster recovery. It might not be real time data center fail over but a lot of clients don’t need that. However, they do need easy recoverability and here it is. To give you even more options, especially  if you only have one location, you can replicate to the cloud.

So now I start dreaming Smile We have shared nothing Live & Storage Live  Migration, we have replication. What could achieve with this? Do synchronous replication locally over a 10Gbps for example and use that to build something like continuous availability. There we go, we already have requirements for “Windows 8 Server R2”!

NIC Teaming in the OS

No more worries about third party NIC teaming woes. It has arrived in the OS (finally!) and it will support load balancing & failover. I welcome this, again it makes this a lot more feasible for the SMB shops.

IP Virtualization / Address Mobility

Another thing that will aid with any kind of of site  disaster recovery / high availability is IP address Mobility. You have an IP for the hosting of the VM and one for internal use by VM. That means you can migrate to other environments (cloud, remote site) with other addresses as the VM can change the hosted IP address, while the internal IP address remains the same.  Just imagine the flexibility this gives us during maintenance, recovery, trouble shooting network infrastructure issues and all this without impacting the users who depend on the VM to get their job done.

Conclusion

Everything we described is out of the box with Windows 8 Server Hyper-V. To a lot of business this can  mean a  huge improvement in their current  availability and disaster recovery situation. More than ever there is now no more reason for any company to go down or even out of business due to catastrophic data loss as all this technology is available on site, in hybrid scenarios and in the cloud with the providers.

Build Windows Key Note 2011/09/13


Updated as we follow the key note

After the talk about Windows 8 being even better and greater for all form factors (hardware people, the ARM architecture, it will be fun to see how the competition responds) I want to dive into Windows Server 8. Yes I’m here for the server side. But as the Hyper-V is now brought to the client there is a lot to say about Hyper-V here as well. No problem. But not yet, not yet.

First, mobile devices. Lots of touch, looks all very cool with the Metro UI. As I live in the country with the most expensive smart phones & mobile data subscriptions in the world I’m not a heavy user. It’s a great market, it’s cool, it’s important, but it’s not my primary theater of operation so to speak. But I might need to get me some of those devices to play with Smile It really looks cool. It looks all very fast & fluid. And the resource hogging should be reduced. Bring it on I say Smile But don’t worry if you’re a “Grand Pa Box” keyboard & mouse jockey. Windows 8 works just as well for you. the idea is Windows 8 everywhere on every device & form factor.

Now they first need to talk about all the developers will be writing applications for Windows 8. Here comes Metro Style applications development. The bold WinRT API bet (yet another one). The languages used are the one we all know, love or hate Smile. No worries you’re coding skills have not been dumped into the toilet. Oh yes, Silverlight is not dead. An no .NET is not dead either. Really? Even COM+ is not dead yet. But Metro style development is the way ahead. But please dump the hyped drama and o continue coding on your current projects Winking smile They promised everything that runs on Windows 7 today will run on Windows 8. There you go Smile with tongue out You might say with less drama that Win Forms & co will be less dominant. Nothing that new. New form factors & mobility ask for new tools. But guess what you’ll be coding those apps in? Metro Style apps will be written in C, C++, C#, Visual Basic, HTML5/JavaScript and/or using XAML. XAML is for “Jupiter,”which is the XAML/UI layer on top of Windows 8 needed for Silverlight and Windows Presentation Foundation (WPF) apps to work on the platform.

They are now coding on stage. Perhaps not the best use of time during a keynote but hey, we’ll get to the good stuff eventually. Once again we see the impression launched you can write apps in a couple of minutes with no knowledge at all. Take that devies! We IT Pro’s are not the only ones facing unemployment (cloud) Open-mouthed smile we’re all going to be replaced by a very small easy script with drag & drop. I know some hard core consultants/developers who are now buying stocks in their own company to cash in on the fixing of all that Smile

We’re treated to some very impressive hardware demos. Really impressive. Mobile device OS people we have met your competition and it is called Microsoft. The crowd goes wild when they are told they are getting a Samsung slate machine. Hmmm, why am I working instead of being at Build? My priorities are wrong I guess Sad smile

We’re shown deep freeze, the new task manager that look pretty neat.  The command line  to set a base line for your machine refresh is very appealing to me. At a point you have your machine just right => grab it for refresh if/when needed.

Metro over RDP looks awesome remote charms, virtual keyboard and of cause touch! I bet the VDI crow is going a little wild dreaming of the possibilities straight out of the box.

Hyper-V on Windows 8 client! We’re there Winking smile. The guy is storming through the features. He’s on the clock. We arrived at the business crowd. A lot of stuff for the desktop is also improved. Multiple Monitor support, control of Metro & desktop with shortcuts within the monitors. The UP button should be a good alternative to select delete in Window explorer paths. Lots of stuff to explore.

Windows Live integration with Windows 8 is extensive. The SkyDrive examples are impressive. Windows 8 will be the first mesh /hybrid / integrated OS. WinRT API exposes this so you can use that cloud extensibility in your Metro style apps!

Sorry if all this reads hectic, but it’s kind of hard to keep up. This is a tsunami of information! Keynote is wrapping up. The Hyper-V Windows 8 Server stuff will be for another day.

In the end a call to action for developers. Get the preview and get ahead of the pack delivering Metro style apps to a billion potential users. Up and at them developers!

The Dilbert® Life Series: Mental Hygiene Is Counter Productive


There are times that IT people need to vent. Usually they do that amongst their peers. Sometimes they disagree with each other and they express that. Why? Well most of them are straight shooters, not politicians or diplomats.  Now don’t get me wrong. I do understand the benefits of politics & diplomacy and I most definitely see the need for it. They can achieve things more often than conflict or direct orders can. Mainly because they make the people think it was their own decision and/or choice. The drawback with politics is that it takes time and in some situations, unfortunately, you don’t have that luxury. Don’t forget IT Pros work in sometimes rather stressful crisis situations. The bad part about politics is that it can also be perceived as “shady dealings” but this is actually not true. This is a negative connotation due to the often very poor quality of politicians. But I digress. I actually love diplomacy. It’s the process that delivers me either the desired result or buys me enough time to for my sniper to get the range . Either way, politics and diplomacy gets the job done, when you fulfill one prerequisite and that is to have professional diplomats around. As you might have already guessed, that wouldn’t exactly be me Winking smile. Politics however is not the same as “political correctness” run amok. Don’t be afraid of people speaking their mind. Don’t let the fear of others hearing some strong language or an unpopular issue being discussed guide you. That alone will not kill a reputation or wreck a well-oiled team.

Reputations have a major flaw. They take a life time to build and only a second to destroy. Are you telling me your approach to protecting a reputation is making sure no one ever hears a bad word out of the mouth of an employee who’s ranting to blow off steam? Guess what? You’re doomed to fail. Don’t we need to protect people from being offended? Yes, but don’t take it to far. Chances are that the offence is both ways. So don’t restrict free speech & open communication too much. But perception is reality right? Good lord, get a grip and grow a pair. People need to vent, express themselves and be allowed to do that in an not overly politically correct way amongst their peers. These people are in the trenches together, they deal with all the shit and stress. They shouldn’t be worried or stressed about using the proper diplomatic approach to everything they say. Political correctness can be taken too far. It makes for a very hypocritical, bottled up with frustration, unhealthy work environment. Amongst comrades you need not have to worry about that. And for crying out loud, I really do hope that humanities only hope for decent behavior is the fact that things are forbidden or regulated.

One shouldn’t judge IT managers or team leaders by the fact none of their team members ever curses or vents. Let alone some silly dress code. No, that T-shirts saying “You’ve read my T-shirt. That’s enough social interaction for one day” will not ruin professional relationships. Acting on those things remind me of micro managers. Meaning they focus on small issues for all kinds of reasons, non of which have anything to do with them being good managers. Do you want to know what you IT teams are worth? Look at the members. Do they stick up for each other? Are they not afraid to stand up and speak up about issues that are “threatening” one of them or their boss? Do they get the job done? No I don’t mean that they wear a tie, are in the office at 08:30 or never ever vent, I mean do they get the job done. Even at night, during those wee hours of the morning when needed or just even when is more convenient for the business? That should tell you a lot. That’s their PR without the glossy brochures.

Next to that it also has some other negatives associated with it.

  • First of all you lose your eyes and ears. Trust me, your IT people are your boots on the ground. They see, hear & know a lot as they deal with the entire organization. No matter how many tests, technology and reports you got at your disposal your people are a very valuable resource of information on what’s going on in the company. IT  as an bio indicator so to speak. From problems with vendors, storage issues, dysfunctional project managers to insane analysis and architects who’ve become a bit to enamored with the esoteric part of their job. In other words, if you want to know what going on let your IT staff speak their minds without fear. Create an environment where they can do that. Otherwise they’ll shut up even when they better open their mouths.
  • You’re flushing the morale of your troops down the drain. When people feel frustrated they need to vent, not be censored. That leads to unhappy employees and instead of having “undesired” verbal statements about a situation you’ll be hearing some very unsettling complaints about your stupid company. You might not like those either but you’d better listen and learn from them instead of saying that such talk “ist verboten”.
  • Don’t block the vents on a steam engine. They are there for a very important reason. Their proper functioning is to assure that the pressure doesn’t build up to high, thereby preventing the engine from blowing up. Same thing here, speaking their minds relieves pressure , stress and prevents frustrations. That’s a good thing as human beings under high pressure tend not to become diamonds even if they are bio carbon life forms. Chances are they’ll explode out of proportion when it really shouldn’t happen. A bit counter productive don’t you think?

Now this doesn’t mean you should stand for an all-out negative culture where all is piss and vinegar. Some venting is good, being a full time complaining sourpuss is not. Lead by example. By all means avoid e-mailing vents and frustrations. Words are volatile and dissipate. E-mail is very persistent. Maintain professional courtesy whenever possible.  While I think that respect needs to be earned, politeness and correctness can and should indeed be given. It goes along way when dealing with people. And the beauty is that by allowing people to vent and speak their minds you help achieve this. All you have to to do is maintain balance and don’t let the morale and the culture go south. So forget about dress codes, punch clocks, “mental hygiene” measures. They indicate another much worse problem. Management failure. Sure you can blame the issues on that T-shirt or someone’s venting. Perhaps you can even fool yourself into believing it. Perhaps it even helps you sleep at night. But it sure will not help you improve your business. For that you’ll need to put the good managers, diplomats & politicians in the right place instead of trying to rely on never needing those particular skills.