Microsoft IT Infrastructure, Windows Server, Windows Desktop, Hyper-V, System Center, VMM … You get the idea!
Jeff Wettlaufer recorded a cool (and short) video where he demonstrates how Intel vPro can make a helpdesk administrator’s job a lot easier and more efficient when combined with System Center Configuration Manager. It includes demonstrations of power control over the LAN and wifi, and remote BIOS access.
It was announced that Europe’s first industry organisation in the Software-as-a-Service and Cloud space has started up. Eurocloud’s goals are:
An organisation is needed to standardise the industry and to clearly communicate local and European Union requirements. Right now, most non-insider people haven’t a clue.
I work in a business where we are cost sensitive. We try to do things at a very high level but we are faced by very high costs. We’re not alone in this. There’s a few reasons for this.
Extremely high levels of indirect and stealth taxation over the last 15 years have driven up salaries to very high levels. On the face of it, we Irish get high salaries on a European level. Foreign investors will peer in and compare us with our international competitors based on salary which is quite fair. Employees were hit with more and more stealth taxes and hikes in costs. Obviously as government hiked costs, employees sought pay rises either directly or via job transfer. That has a double impact for the employer. The salary package costs more but the related employer taxes also increased. Ironically, the employee did not get richer. In fact they have less spending power now than they did 10 years ago.
The next big cost is down to the distributors. Let’s have a look at a server. I’ve picked a HP DL380 G6 with a 2GHz CPU and 4GB of RAM. The machine in the USA costs €1,646. That same machine in Ireland costs €1,900. That’s actually not even a bad example. I’m into photography and some of the equipment I either own or am looking at costs 50% more in Ireland than in the USA. Heck, it’s often cheaper to buy items of any kind in Northern Ireland (UK) than in the Republic. That’s a mere 45 minute drive from Dublin and it’s also why the roads to the North are packed with traffic in the month leading up to Christmas. The reason for this is the distributors. They rip us off and there is no explanation. Retailers can do nothing about it. The distributor cartel forces retailers to buy from a local pricelist and the EU protects this. Yes, you can go abroad to purchase but that also drives up costs unless you are buying in bulk.
The last one is one that all businesses will probably put as their number 2 cost (behind salaries). Ireland comes in number 2 for electrical costs in all of Europe, trailing only Cyprus. That’s for both domestic and industrial power supplies. I work in the hosting business and power is the one thing we keep focusing on when it comes to pricing. It’s a huge cost. I’m often asked why pricing for a service in Ireland is much cheaper in Germany. It’s simple. The 2008 cost for electricity in Ireland was €.1201/KWH. In Germany the same cost is €.0839/KWH. That makes electricity, a basic ingredient of computing and industry, around 30% more expensive in Ireland. This is where someone not thinking will shout about virtualisation and more efficient computing. Duh! Like our freunde over in Germany haven’t already thought of that! Of course they have.
Irish businesses are competing on an uneven playing field that is of our governments making. We can only do so much to reduce our costs and to be creative with our business models and services. In the end, these high costs can make us uncompetitive in an international market. Until the self absorbed fat cats on Kildare Street cop on to this, we’re always going to be fighting a losing battle.
Yesterday the Irish Times (no links from me to them because they hosted outside of Ireland after consulting a number of companies here in 2007) had an article that featured a government internal email from the Irish Department of Finance. It instructed the various departments and organisations within the government to be wary of using cloud services and it specifically mentioned Microsoft as an example. The reasons included security and Data Protection Act compliance.
The problem is the USA Patriot Act. Any American owned hosting service or data centre, no matter what country it is in, must comply with the Patriot Act. That gives the USA federal government the right to demand instant access to any data hosted by that service. It doesn’t matter if Amazon has a data centre in Ireland or if Microsoft has a data centre in Ireland or the Netherlands. They’re both American, they both must comply with the Patriot Act, and therefore any organisation storing sensitive or personal information should not be using those services, or services hosted on those platforms for storing that data.
An Irish owned SaaS application, with an Irish owned hosting company, in an Irish owned Data Centre are all fine for compliance in Ireland (substitute your own country where appropriate).
This goes beyond government. It also applies to private businesses. I recently saw two SaaS companies, one dealing in the HR business and the other in the insurance industry, launch their services based in one of those American data centres in Ireland. Strictly speaking, and it would appear in the opinion of the Irish government, both of those companies are non-compliant. They would also put their customer who would subscribe to their applications into non-compliance.
Is the scenario far fetched? Of course not. We know how intelligence agencies have misbehaved in the past. We also know that intelligence agencies have been used for corporate espionage.
Also, forget Safe Harbour. The Patriot Act and the interests of intelligence services always override it.
The solution is simple; find a locally owned SaaS company, locally owned hosting company, and/or locally owned data centre when you are dealing with sensitive information.
As the email from the Department of Finance said, consult legal advice when you are going online. Don’t take a chance, don’t believe a salesman (there is one company is quite slow to fess up when it comes to the Patriot Act and allows their customers to become non-compliance), and don’t put your customers at risk. Especially don’t believe the loud protests otherwise from the executives of a certain SaaS company that denies all of this (mainly because they did host in the USA and are vulnerable). If you get burned you’ll lose your business or career.
And don’t believe me. Consult a legal expert on the Data Protection Act and the online industry. Then make your decision before choosing a platform, hosting company, data centre or SaaS application.
I thought I’d write this post to explain what a Microsoft Valuable Professional (MVP) is and how a person can become one. The description from the Microsoft web site is:
“MVPs make exceptional contributions to technical communities, sharing their passion, knowledge, and know-how. Meanwhile, because MVPs hear the opinions and needs of many others in the technical community, they are well-placed to share highly focused feedback with Microsoft.
MVPs are independent experts who are offered a close connection with people at Microsoft. To acknowledge MVPs’ leadership and provide a platform to help support their efforts, Microsoft often gives MVPs early access to Microsoft products, as well as the opportunity to pass on their highly targeted feedback and recommendations about product design, development, and support”.
To put it simply, Microsoft awards MVP status to people who are experts and who share their expertise. There are no exams. You are evaluated by Microsoft staff. An MVP will usually have some expertise on a specific product or set of products. For example, I have been a Configuration Manager MVP and I am currently a Virtual Machine MVP. The expertises span the breadth of Microsoft products, e.g. XBox to .NET to Active Directory. The directory gives you a good idea of what expertises are covered.
MVP’s come from around the world. There are around 4,000 of us globally, including 90 or so expertises and 40 languages. There are around 11 or 12 of us in Ireland.
The word independent is important when it comes to describing an MVP. We certainly are not shills. One Microsoft executive once described an MVP as a person who makes a statement of opinion to Microsoft and sticks a question mark on the end. Very often, we’re quite critical, trying to get the most out of the product. Dealing with MS employees, I feel very safe in saying that they genuinely want the same thing. I guess you could see us as being intermediaries; we often convey MS’s message to our audiences and we provide the feedback directly into the product groups in Microsoft.
It’s hard to describe how to become an MVP. It’s not like deciding to become an MCSE. You cannot sit down and say “I will be an MVP by June 2010”. It helps if you are an expert on some particular subject related to Microsoft products. You then have to share that expertise. That can come in many forms:
Those last two really help. I think they were the difference to me originally becoming an MVP. I started the Windows User Group and I’ve done a good deal of speaking. Obviously it helps to write, blog and speak about your expertise. Paid work such as consulting doesn’t really count. This is about community and sharing.
You then need to be nominated either by an MVP or a Microsoft employee. Quite often your first awareness that you’ve been nominated is when a local MVP lead will then contact you to start the process. This varies depending on the region. It basically comes down to documenting your last year of activity that qualifies as participating in the community. This documentation is used to evaluate you. You either get the status or you don’t.
The awards are granted every 3 months, January 1st, April 1st, July 1st and October 1st. Your MVP status normally lasts for 1 year. Within your last 3 months you will be contacted again by the MVP lead and go through the documentation process again so Microsoft can re-evaluate you. My experience was that I was more tense when I was re-evaluated than when I was originally evaluated.
Why would you want to become an MVP? It doesn’t add points to your company’s partner status. Most people have no idea what MVP means so it’s not much good on your CV or resume. I sometimes wonder if people mistake it for a MCP!
When you become an MVP you are being recognised for your work. That’s pretty cool. But the real perks are things like:
The best of all the perks is the MVP Summit. This is a conference where all of the MVP’s are invited to get together over in Microsoft’s HQ in Redmond. After the obligatory firmware upgrade (kidding!), we get to interact with each other and members of the product groups in person. It’s an interesting opportunity. The product groups often brief the MVP’s on and demonstrate new technology that is still in the works. MVP’s learn lots and are able to prepare for when they can talk in public about it. Microsoft also gets feedback from independent people who are using these technologies, possibly in ways they didn’t anticipate. This is my second year as an MVP and the trip this year will be my first one.
Being an MVP has been fun. I’ve met and interacted with lots of cool and very intelligent people. I’ve gained personally by learning more and by getting exposure. And it’s probably fair to say that my employers gained too because I come away from different events knowing more and feeling excited about the stuff I work with. In fact, very often the sales people at work call me saying “I just met XYZ and they say they know you” but I don’t know them!
If this is something you are interested in then do the work. Learn something and share that knowledge. It can take years. It’ll boost your career and help others. Eventually you will have the body of work and get recognised. When that certificate comes in the post you’ll feel like I did … a million bucks! You’ll be a part of a small, invite-only club, with elite people from around the world.
Did I mention the secret handshake yet?
Good old Vodafone Ireland is up to their old tricks again. I was just doing some online banking a few minutes ago and noticed that there was an unexpected amount charged to my credit card. My Vodafone Ireland mobile phone is set up to direct debit from that every month.
In December I upgraded my old Nokia to an Nokia N85. It was an unusable piece of junk and it was incapable of sending text messages. It was incorrectly reading the SMS message centre number from the SIM card and it was a locked setting. Vodafone accepted that I could return the phone (by courier collection arranged by them) and that I would not be charged for it. I could then order something else. I ended up ordering a LG Windows Mobile 6.5 phone.
I checked my bill for December when I saw the large charge. Not only had I been billed for both phones but I was also billed for the insurance program which I would never choose to order.
I rang Customer Don’t Care. I was rather blunt: “I have been over charged by Vodafone Ireland. I want my money back by midnight on Monday or I am charging you for the money with 50% compound interest per day”. Believe it or not, that is a quite legal act to do in Ireland. If someone rips you off, you can set the terms. It’s handy to listen to those customer affairs segments on drive-time radio.
That got the agent’s attention. At first there was an effort to make the return payment complicated. I was blunt once again: “Fine; send a courier down with a cheque. I don’t care how you do it”.
One quick confer with his manager and the agent promised the funds would be returned to my credit card today. We’ll see.
It is getting to the point where I’m considering shutting down my efforts on the Windows User Group. A lot of time goes into arranging an event, let alone speaking at one. Time after time, I hear people moaning that they don’t know how to do something and they aren’t given the information. Two of those topics were how to deploy Windows and how to make legacy applications work on a new version of Windows. The last two events we ran were focused on those topics.
Today was application compatibility. Vikas Sahni, a MS trained expert on the subject, took the time to prepare a presentation and give it at no cost to anyone and at great effort for himself. 4 people turned up.
That’s just pathetic. Around 6,200 people were made aware of this event. Now I know there are people who cannot make it to every single event. But out of 6,200 people I would expect maybe 20 or 30 would have the time, would care enough, and would make the effort. But no, that’s just not the Irish way.
Foreign speakers who have presented here cannot believe how bad the Irish audience is at turning up for events compared to their own and other countries. Microsoft Ireland even knows that if 30 people register for one of their events that they only need to have catering for 12. Someone who works here and regularly speaks here was amazed at the turnout to an event that they presented at in Iceland and wished it was like that here.
Some will say “maybe if you had the event at 14:00 or 19:00”. It doesn’t make a difference. I was once at a fully registered event at 14:00 and 2 people turned up. Our last night time event (on Windows 7) in the Spring last year had a handful of people turn up.
As I said, it isn’t down to effort. 6,200+ people were notified of these events. IT “pros” in Ireland don’t care. I’m wondering why I do.
Suggestions other than “I’m too busy” and “Have it at X time” are welcome.
Jeff Wettlaufer posted a blog listing some of the performance improvements you’ll find in Configuration Manager 2007 R3.
SCE is possibly the least known of Microsoft System Center family. The existing 2007 version is a merger of the core components of Operations Manager 2007 and Configuration Manager 2007. It is a subset and it does support fewer servers and desktops. That’s because it is aimed at small to medium companies. For example, SCE 2007 manages up to 30 servers.
Microsoft is updating the product. OpsMgr has seen changes with 2007 R2 and Configuration Manager is undergoing development for an R3 release for this year. It doesn’t end there.
Microsoft knows that SME’s are quite likely to deploy Hyper-V for virtualisation. The number of hosts might grow. I know one small software company that runs two hosts with dozens of VM’s. Developers want new VM’s for test and development on a frequent basis. That sounds like maybe VMM would be handy. And so SCE 2010 will include functionality from VMM to manage Hyper-V. Virtualisation typically means there will be more servers. Therefore SCE 2010 will manage up to 50 servers.
A release candidate (test) version of SCE 2010 is available.
“The Windows Server 2008 R2 licensing guide provides an in-depth overview of the Windows Server 2008 R2 core product offerings, including product names, available sales channels, licensing models, and number of running instances allowed per license in physical and virtual operating system environments (POSEs and VOSEs)”.
I don’t have any VMware hosts to manage but I wanted to know what ones are supported by Virtual Machine Manager 2008 R2. Finding that information wasn’t so quick and easy. The supported hosts are:
None of the official sites I’ve seen mention vSphere 4.0. However, it has been said by Microsoft people (and quoted by the online press) that any functionality that works with earlier editions will work in vSphere 4. New functionality does not yet work.
VMM 2008 R2 adds something that VMM 2008 didn’t have; that is the ability to use VMware port groups.
As my friend Monika recently tweeted, VMM is “One Console to rule them all, One to bring them all and in the darkness bind them In the Land of Mordor where the Shadows lie”. VMM gives you to manage other virtualisation managers. You can manage many VMware managers. The listed ones are:
That allows you to use VMM as your central point for day to day operations. And if you’re tempted, you can even migrate your virtual machines from VMware to Hyper-V or Virtual Server.
I was upgrading an application this morning. Part of the process was to upgrade SQL 2000 to SQL 2005 (the application is developed by a company that tends to not be adventurous about version platform support). After I’d gone through the setup wizard, it went to do a last check and came up with this error:
When you’re dealing with something like a SQL upgrade and see something like this … well … you start looking for the phone and dialling 999 (911 for those of you across the pond).
A very quick search later and I had the solution. A simple folder creation and a file copy sorts things out.
Today I was working with one of my colleagues to upgrade an application we are running on some physical servers. We’re both working from home with a VPN connection into the data centre. Reboots were required. This is the bit I hate … a continuous ping times out for what feels like an eternity. Eventually that first response appears and the tightening of the chest relaxes :)
VM reboots are so quick because there is no hardware to POST. I could also take a copy of the VM to test the upgrade process before hitting production.
Windows 7 release candidates will soon start to deliberately misbehave. On March 1st 2010 you will see them shutdown every 2 hours. On June 1st 2010 they will start the “This copy of Windows is not genuine” experience.
Microsoft urges you to do a clean installation of Windows 7. Let’s face it, will you really want to go back to Vista or Windows XP?
I’ve still got a laptop running the RC. It was used while writing the book, Mastering Windows Server 2008 R2. It was also used for another project that is ending now so I guess I will rebuild it when I get a chance. Of course, I will be going with Windows 7 Ultimate.
Microsoft released version 2.0 of the Linux Integration Components for Hyper-V on the 29th of January. They include support for installing on not only SUSE Enterprise Linux (10 SP1 and 10 SP2) but also RedHat Enterprise Linux 5.
Now I’ve got to expand the possible Linux OS’s I would run on my Hyper-V farm. Remember, I’m monitoring using Operations Manager 2007 R2. It can support RHEL 4 and RHEL 5. Hyper-V now has supported integration components for RHEL 5.
That means I can now run SLES 10 SP1 or RHEL 5 on my Hyper-V farm and be able to monitor the internal goings-on of those VM’s using Operations Manager 2007 R2. I’m more likely to go with RHEL. It appears to me to be more accepted and has more documentation in the blog-o-sphere that SLES.
It is possible using Virtual Machine Manager 2008 R2 to migrate virtual machines from one hardware virtualisation platform to another. This is known as Virtual to Virtual or V2V. The possible migrations you can do are:
This is a one-way process. You cannot go from Hyper-V back to the original host platform.
Supported V2V VM Operating Systems
Just like with P2V, there is a matrix of supported operating systems:
|
Operating System |
VMM 2008 |
VMM 2008 R2 |
|
Microsoft Windows 2000 Server with Service Pack 4 (SP4) or later |
Yes |
Yes |
|
Microsoft Windows 2000 Advanced Server SP4 or later |
Yes |
Yes |
|
Windows XP Professional with Service Pack 2 (SP2) or later |
Yes |
Yes |
|
Windows XP 64-Bit Edition SP2 or later |
Yes |
Yes |
|
Windows Server 2003 Standard Edition (32-bit x86) |
Yes (Requires SP1 or later.) |
Yes (Requires SP2 or later.) |
|
Windows Server 2003 Enterprise Edition (32-bit x86) |
Yes (Requires SP1 or later.) |
Yes (Requires SP2 or later.) |
|
Windows Server 2003 Datacenter Edition (32-bit x86) |
Yes (Requires SP1 or later.) |
Yes (Requires SP2 or later.) |
|
Windows Server 2003 x64 Standard Edition |
Yes (Requires SP1 or later.) |
Yes (Requires SP2 or later.) |
|
Windows Server 2003 Enterprise x64 Edition |
Yes (Requires SP1 or later.) |
Yes (Requires SP2 or later.) |
|
Windows Server 2003 Datacenter x64 Edition |
Yes (Requires SP1 or later.) |
Yes (Requires SP2 or later.) |
|
Windows Server 2003 Web Edition |
Yes |
Yes |
|
Windows Small Business Server 2003 |
Yes |
Yes |
|
Windows Vista with Service Pack 1 (SP1) |
Yes |
Yes |
|
64-bit edition of Windows Vista with Service Pack 1 (SP1) |
Yes |
Yes |
|
Windows Server 2008 Standard 32-Bit |
Yes |
Yes |
|
Windows Server 2008 Enterprise 32-Bit |
Yes |
Yes |
|
Windows Server 2008 Datacenter 32-Bit |
Yes |
Yes |
|
64-bit edition of Windows Server 2008 Standard |
Yes |
Yes |
|
64-bit edition of Windows Server 2008 Enterprise |
Yes |
Yes |
|
64-bit edition of Windows Server 2008 Datacenter |
Yes |
Yes |
|
Windows Web Server 2008 |
Yes |
Yes |
|
Windows 7 |
No |
Yes |
|
64-bit edition of Windows 7 |
No |
Yes |
|
64-bit edition of Windows Server 2008 R2 Standard |
No |
Yes |
|
64-bit edition of Windows Server 2008 R2 Enterprise |
No |
Yes |
|
64-bit edition of Windows Server 2008 R2 Datacenter |
No |
Yes |
|
Windows Web Server 2008 R2 |
No |
Yes |
Not Got VMM?
There is a manual process to convert Virtual Server 2005 R2 SP1 VM’s to Hyper-V if you do not have VMM. There are 3rd party and free tools for this. There are also 3rd party and free tools you can use to V2V from VMware to Hyper-V without VMM. However, these would be very manual processes and VMM makes that all the much easier through it’s job process.
Destination Host Requirements
The destination machine should have the disk and the RAM to cater for the VM. MS actually recommends RAM of the VM + 256MB for the conversion process. The host should also be in a network that allows all necessary communications with the VMM server.
Original VM Requirements
Before you migrate any VMware machine to a Microsoft platform you must uninstall the VMware additions/tools. That’s the VMware equivalent of the Microsoft integration components/services. You also need to remove any checkpoints.
Library V2V
There are then two possible ways to do the conversion. As I stated earlier, you can copy a VMware VM into the library and V2V the VM from there. To do this in VMM, choose to use the Convert Virtual Machine Wizard. You cannot V2V a VMware VM that uses raw disks (same idea as pass through disks). You need access to the .VMX file (describes the VM) and the VMDK file(s) (the virtual hard disks). Each VMDK will be converted into a VHD.
Host V2V
If your VM is on another host, e.g. Virtual Server 2005 R2 SP1 or VMware, then make sure the source host is being managed by VMM. You can then use an offline migration, i.e. power off the VM, right-click the VM and Migrate it. Make sure the hosts filter is adjusted to show your destination Microsoft virtualisation host.
Integration Components
When the job is completing, you’ll see that VMM will install the integration components/services for Hyper-V. That will optimise the performance of the VM and cuts down on the manual labour.
Linux VM’s
Interestingly, Microsoft says you can V2V a Linux VM. However, any OS not in the above table will not get the integration components. And remember, only certain enterprise versions of SUSE (no IC’s) and RedHat (no IC’s) are supported. If you V2V a supported SLES VM you will have to manually install the Linux integration components.
I’ve seen a line flying around Twitter a bunch of times over the last 24 hours saying that in the year 2012, 20% of all businesses will own no IT assets. OK, now I’m getting visions of dodgy TV shows like the BBC’s “Tomorrow’s World” or that classic piece of Australian tomfoolery, “Beyond 2000”. Actually maybe it’s more along the lines of Conan O’’Brien’s “In the year 2000”.
Back to the seriousness. I work in the online business and we obviously would love more and more stuff to go online. And it is. Software-as-a-Service (SaaS), heck Anything-as-a-Service is all anyone is talking about and it is big business. But 0% IT assets?
How exactly does one get onto the Net to access those services without a PC or a phone? I’ve heard some talk about businesses allowing employees to supply their own PC. That’s a huge change. Massive. You could imagine that the office network becomes no different to an Internet café. But that will only ever happen in small businesses. My experience says that it will not happen, certainly not in the next 2 years, to that 20% of businesses. It might happen with a few adventurous thinking businesses but that’s it.
[shines torch] “The PC will most likely remain an IT asset for more than 99% of businesses in the year 2012” [/shines torch]
That’s an asset and a risk. It has to be managed, protected and kept compliant. That means anti virus, patching, software management, auditing, policy enforcement, network access protection, etc.
There is a trimmed down version of System Center Desktop Management on the way. You can think of that as Configuration Manager Lite from the cloud. Features include:
Larger companies may strip down the branch office and go with things like BPOS or 3rd party solutions for SasS. But those PC’s in the branch office will continue to be managed from HQ by System Center. Operations Manager will audit security, Configuration Manager will do all of the good desktop stuff. Data Protection Manager might backup a couple of key computers. I personally think 3rd parties like Iron Mountain’s Connected is the best roaming user laptop backup solution. And Active Directory will continue to be the policy engine. You can see how a single Hyper-V host could run the branch office systems management, e.g. VM’s that offer a Read Only Domain Controller, a local BranchCache, a local DPM presence, etc.
No matter what you do, there will be some sort of IT asset that needs to be secured, protected, managed and made compliant. And the rumours of the PC’s death have been greatly exaggerated.
ReadyBoost is a feature of Windows Vista and Windows 7 that is aimed at PC’s and laptops that have slow hard disks, i.e. under 7,200 RPM. It allows you to use a USB stick (or even internal USB) as a cache for files that are read from the hard disk, thus making them quicker to load and improving the performance of your PC. You can read more here.
I was looking up something for someone earlier when I found that Intel NIC teaming does not support Virtual Machine Queue (VMQ) or VMDq as Intel calls it.
“… teaming is not compatible with VMDq and Hyper-V*. Intel PROSet version 14.7 or later will automatically disable VMDq for adapters in teams. Intel plans a future software release that will allow both ANS teaming and VMDq to be enabled at the same time.
If you use Intel PROSet versions prior to version 14.7 to configure teams or VLANs with Virtual Machine Queues enabled, system instability may occur including a potential Windows* bug check (popularly known as Blue Screen of Death or BSOD).
To recover from a Windows* bug check (BSOD) caused by configuring ANS teams or VLANS, unplug the Ethernet cables. After starting Windows remove the ANS configured teams and VLANs or disable Virtual Machine Queues”.
EDIT #1:
As you’ll see in the comments, the Intel v15.0 drivers do add support for VMW with Intel NIC teaming. Thanks to Brian Johnson of Intel for that info.
This is something that struck me today. I was doing some checks in Operations Manager to see what free space was like on some of the servers we run online backup services with. Then I thought – let’s have a look at the cluster shared volume on our Hyper-V cluster. The problem is that Operations Manager deals with logical drives that have a letter. It seems to ignore drive such as the CSV: a mounted drive that appears as a folder in C:\ClusterStorage\Volume 1, Volume2, etc.
There are two ways to check this manually that I have found so far. The first is to open up the Failover Clustering MMC and connect to the cluster. You’ll see the size and free space for the Cluster Shared Volume there.
You can also do it in VMM by right-clicking on the cluster object and viewing the properties.
You can ignore the witness disk (at the top); I really hope you’re not so desperate for VM storage that you consider that!
I cannot find anything in Operations Manager for tracking this critical function. It’s not in the Failover Clustering MP (where it probably should be), Hyper-V or VMM management packs.
I’d advise that you keep an eye on this, especially if you are experiencing growth or using self service in VMM. For example, I’ve switched to using dynamic VHD’s. Yeah, early on that means I save on storage space. My C: VHD’s are half the size they were with Windows Server 2008 fixed VHD’s. But eventually they will grow and consume space on the CSV. You need to know when to trigger a growth of the LUN on the SAN and expand the NTFS volume before we reach critical levels. Bad things happen when a growing VHD doesn’t have any space left.
I saw this post being re-tweeted by Ben Armstrong and read it this morning. It might actually be the solution to a weird problem we’ve been having at work.
Think back to your computer science classes. Every process on a computer only ever gets a slice of time on the processor. When it is moved from the processor is is places in a frozen state, allowing another process to execute. A 4 core processor allows 4 processes to run at once but lots of other processes are frozen in a non-responsive state. These idle times are extremely short. We cannot perceive them.
A virtual machine (on any platform) is a process. Therefore a VM can at times not actually be executing on the processor and be unresponsive to the network. Again, this is an incredibly short window.
Hyper-V handles this by buffering network traffic for the VM. The default size is 1MB. The blog post shows you how to make a change to this buffer size when dealing with larger amount of network traffic, i.e. there is a risk of the buffer filling and network traffic being lost. They suggest expanding the buffer to 2MB those scenarios, or to its maximum of 4MB in extreme scenarios.
The process is rather manual because it is very VM specific (finding the GUID for the virtual network card, searching for the GUID in the registry, adding some values) which is a pity. I hope MS comes up with a way to make this simpler, e.g. a slide control in the VM properties, or a policy setting for a VMM host group.
I’ve tuned into a webcast aimed at the System Center Influencers and I’m going to try blog from it live. Microsoft’s line is that System Center is the way to manage SharePoint because Microsoft understands the requirements.
SharePoint often started as some ad-hoc solution but grew from there to be mission critical and containing urgent business data. Administration is complex: users, file server admins, web admins, database admins and web developers.
System Center Improves Availability:
Administration
Centralised Management
This is the norm for System Center. Centralised management with delegation is how System Center works. For example, a Sharepoint administrator could deploy a front end server in minutes using the VMM 2008 R2 self service portal. A quota will control sprawl but the network administrators don’t need to be as involved.
OpsMgr Management Pack
We’re shown an OpsMgr diagram that shows the architecture of a SharePoint deployment. If you haven’t seen these, they are hierarchical diagrams that give you a visualisation of some system, e.g. HP Blade farm, Hyper-V cluster, SharePoint farm.
The 2010 management pack allows you to monitor a particular web application in SharePoint 2010. The management pack is more aware of what components are deployed where and the interdependencies – sorry I’m not a SharePoint guru so I’m missing some of the terminology here.
Rules administration has been simplified. There is a view in the Monitoring pane to view the health of all rules for the SharePoint 2010 management pack. I like this. I’ve not seen it in any other management pack. The SQL guys should have coffee with the SharePoint folks :)
Three are 300% more discoveries and 1293% more classes and 300% more monitors than in 2007. That is a huge increase in automated knowledge being built into OpsMgr to look after SharePoint 2010. There are 45% fewer rules. This is a good thing because there is duplicated effort being reduced for IIS and SQL management pack to reduce noise. Microsoft assumes you’ll install those other management packs. approximately 150 TechNet articles are linked in the pack to guide you to fixing certain detected issues.
Data Protection Manager 2010
DPM 2010 is due out around April 2010. It important to Hyper-V admins because it adds support for CSV. DPM allows you to backup to disk and then optionally stream to tape. You can also replicate one DPM server to another for
SharePoint 2003 and WSS 2.0 are backed up basically as SQL. You need the native SP tool to complete the backup..
SharePoint 2007 and WSS 3.0 is backed up using a SharePoint VSS writer. Every server (web/content/config/index) gets an agent. DPM reaches out to “the farm” and can back up everything required.
DPM is designed to know what to back up. 3rd party solutions are generic and don’t have that. For example, a new server in the farm will be detected. The DPM administrator needs to authorise this addition.
DPM 2010 does something similar with SharePoint 2010. However, it is completely automated, allowing your delegated VMM administrators or Configuration Manager administrators (SharePoint administrators) to deploy VM’s or physical machines.
One of the cool things about DPM is that it doesn’t have specialised agents. It’s using VSS writers. That means there is 1 agent for all types of protected servers.
We get a demo now and we see the DPM administrator can just select “the farm” and back that up. There’s no selecting of components or roles. The speaker only sets up his destination and retention policies.
DPM 2007 is noisy, e.g. data consistency checks. I’ve seen this when I did some lab work. The job wizard allows you to either to perform a heal/check if a problem is found, on a scheduled basis or not at all. This is a self healing feature.
Recoveries can be done at the farm level, an individual content (SQL) database. SharePoint 2007 can restore a site collection, a site or a document. This requires a recovery farm, i.e. a server, consuming resources and increasing costs. SharePoint 2010 with DPM 2010 does not require a recovery farm. You can directly recover an item into the production farm. Trust me, that’s huge.
The release candidate for DPM 2010 comes out next week.
Virtualisation
My Take
My advice on top of this: Monitor everything using VMM and Operations Manager. You soon see if something is a candidate for virtualisation or if a VM needs to be migrated to physical.
If you run everything on a Hyper-V 2008 R2 cluster then enable PRO in VMM. Any performance issues will allow an automatic Live Migration (if you allow it) to avoid performance bottlenecks.
If you are going physical for the production environment then consider virtual for the DR site if reduced capacity is OK. For example, your production site is backed up with DPM. You keep a Hyper-V farm in the DR site. Your DPM server replicates to a DR site DPM server. During a DR you can do a restoration. Will it work? Who knows :) It’s something you can test pretty cheaply with Hyper-V Server 2008 R2. Money is tight everywhere and this might be an option.
Those Configuration Manager teams in Redmond must be incredibly busy and well managed. They have two product developments going on (ConfigMgr 2007 R3 and ConfigMgr v.Next) as well as producing add-ons for existing products.
The latest is the Application Compatibility Toolkit for Configuration Manager as blogged about by Jeff Wettlaufer. The concept is simple enough; using ConfigMgr you can audit your existing desktops to see which applications you have. You can use this information to assess Windows 7 compatibility. It will also do the same for device drivers. This reads like MAP for Windows 7 taking on the power and scalability of ConfigMgr. MAP would be fine in a single office. ConfigMgr takes this to the WAN.
That’s another bow to the string for Windows 7 deployment in the Enterprise.
Ben Armstrong (MS virtualisation whiz, The Virtual PC Guy) blogged overnight about a tool that allows administrators or developers to get at and analyse the contents of RAM in a saved state Hyper-V VM. The tool is called VM2DMP. It will convert a Hyper-V saved state memory to a DMP file that DMP analysis tools can load up.
This brings up a question: security. Lets forget about TV shows like 24 and movies like the Net. That stuff can be fun. Sit back and think: what is the easiest way to gain access to some piece of data or files? The answer is simple. Gain physical access and literally steal the disks.
If I had access to a saved state VM then in theory (if I had the skills) I could use that tool to convert the memory, poke around and gain access to sensitive items that were stored in RAM.
Virtualisation makes this even easier. You don’t have to remove the disks because they’re files. Gain access to the host and away you go. I remember when I started working on server virtualisation and having a chat with my cousin who is a senior security consultant with a major international company. His previous role had him working in a lab and projects were to think up scenarios and find threats. So he asked me: “how do you secure VM’s when they are only files?”.
It’s possible. But you’ve got to do all the right things.
Security starts and ends with physical access. Control access to the computer room(s) and monitor that access. Be very strict about it. The data centre I work in doesn’t care if they see you every day. If you are not expected or not properly processed then you don’t get past the front door. It sounds inflexible and it is. But damn is that place secure!
Hyper-V run on Windows Server 2008 and Windows Server 2008 R2. You have the option of enabling BitLocker on the host. That’ll work on standalone hosts but not on a cluster.
Maintain control of who can log into the host. You’ve got to treat host logon permissions the same way as you would treat computer room access. That logon prompt and those drive access rights must be at least as important as access through the door. If you can log into a host or gain access to drives remotely then the door is wide open to play.
There is no need to give access (administrative or interactive logon) to a host beyond the virtualisation team. Rights can be delegated. The ideal solution for that is VMM. You can allow delegated administrators to do admin work via the VMM console. Members of self-service roles can use the portal to deploy and manage VM’s. If you don’t have VMM then you can use the Hyper-V authorisation manager to delegate access.
And yes, you can enable and RDP into a VM.
Most of this stuff goes back to the basics of what you should be doing already. Membership of domain admins should be very limited. Nested groups and local group population via Group Policy (restricted groups) allows delegation. Give only the access that is required. Treat physical access like getting into somewhere like the NSA. Use the right tools for the right reasons and don’t be lazy. And the stuff I’m talking about here is not unique to Hyper-V. You need to take precautions with all hardware virtualisation solutions.
The tool that Ben blogged about has legitimate uses; just be sure that only the right people get to use it on your Hyper-V hosts.
If you do and you’ve experienced issues then you should consider doing the following three things:
Confirm It Is A EchoLife HG556a
Browse to this Vodafone Ireland page and get the advanced configuration username and password. They should be:
User name: admin
Password: VF-IRhg556
Log into the router (probably http://192.168.1.1) using those credentials. That should open the Device Info page. If the product name is EchoLife HG556a then you should consider doing the next two steps.
Update The Firmware
You’ll find a link and instructions for this on the Vodafone Ireland page.
I found (it might be a coincidence) that my slow home broadband browsing issue seems to be gone afterwards. I’m not saying that it’s fixed but it’s not present now. I am not closing my call – there still might be an issue and only testing over a longer time frame will confirm that.
Change the QoS Setting
I’ve been having issues with streaming media to my XBox from a media PC for a while now. I decided to browse through the settings on the router to see what the manufacturers/Vodafone Ireland have done. There is a setting called QoS (Quality of Service). QoS allows network administrators to slow down certain types of traffic to allow other types to speed up. Here’s the rub: there is no one size-fits all that works. I found this setting (Advanced Setup – Enable QoS) was enabled. I disabled it, saved the setting and rebooted the router.
Now I tested XBox media streaming from a media PC. It worked like it should do, no delays, no stutters, and the sound was staying in synch with the video.
