Month: December 2009

Blackberry Offline In USA

It’s being reported that Blackberry (RIM) are having outages for the second time this week in the USA.  This outage is also affecting South America.

That’s the problem with Blackberry.  You are relying on a third party.  I’m all for cloud computing but I’m not for “locked in” cloud computing like this.  If you deploy Blackberry handsets then what alternative have you got?

If you’re running Exchange you’ve long since had the ability to do push email without the need to pay good money to someone else.  Sure, Windows CE/Mobile handsets didn’t seem to compare too well.  But that has changed big time.  I’m using a small LG machine running Windows Mobile 6.5 and it’s usable, stable and has good battery life.

Way back when I was last an internal admin, we had Lotus Notes.  I remember the call for email enabled handsets came along.  We were a finance company and worried about where our data would be.  Our email admin, a savvy Notes guru, took a lot of time and went with Windows XDA and XDA III handsets.  Straight away the feedback came from directors who barely did email – that was dirty work for their PA’s.  They couldn’t carry these handsets; they weren’t as pretty as the Blackberry’s that directors from other companies had.  Ugh!  Style instead of functionality.

So if style is your thing then you can even run iPhones with Exchange ActiveSync.  And then you can annoy every person near you while you pretended that you invented the iPhone and show off every whizzbang feature that it has. 

HTC, LG and Samsung all make very stylish Windows Mobile 6.5 handsets too and in various form factors.  I quite like my LG.  It’s the size of a normal phone (not a mini brick) and it has an attached stylus.  I don’t have Exchange at home (I used to until Digiweb decided that they never game me a static IP address – I have the email to prove they did but their support chose to ignore that – and their website even used to advertise it) so I use other online email services.  My primary one works perfectly with the LG.  I even run both my personal email and my work email on it, both via IMAP.

So don’t let phone handsets decide the best way to make email available to your roaming workers.  Don’t rely on 3rd parties.  Just push the email from your own infrastructure.  Then you can read about other people’s email issues in your working email.

Backing Up Virtual Machine Manager

Now that I’ve dealt with backing up and restoring Hyper-V, let’s have a look at that management component, System Center Virtual Machine Manager (VMM).

The simplest solution is to simply backup the entire VMM server.  But what if it isn’t that simple for you?  What if you have a large or distributed environment?  How do you recover individual aspects?  How do you restore to a different computer?

There’s two aspects to VMM.  The library is a shared folder.  That’s easy to backup.  You just use any old VSS enabled backup tool to backup Windows 2008 or Windows 2008 R2.  But that’s only the library. 

What about all the intelligence, i.e. the database?  Well, you could just do a SQL backup of the database.  That’s one way.  VMM also provides a method do backup and recover the database using VMM native tools.

To backup the database you can:

  1. In Administration view, click General, and then, in the Actions pane, click Back up Virtual Machine Manager.
  2. In the Virtual Machine Manager Backup dialog box, type the path for a destination folder for the backup file. The folder must not be a root directory and must be accessible to the SQL Server.

That’s a GUI method and not something you’ll be able to do on a schedule reliably.  You’ll need a script.  VMM is based on PowerShell so with a little PSH you can create a script which you can schedule.  Luckily, Microsoft has the script up on TechNet for both VMM 2008 and VMM 2008 R2.

That’s the backup.  You’ll need to be able to restore it.  There is a tool that is on the DVD that you will need to do the restore.  It is not installed on the server.  It is called SCVMMRecover.exe and it is located on the DVD at %ROOT%i386bin for a 32-bit computer, or %ROOT%amd64bin for a 64-bit computer.  The syntax to run it is:

SCVMMRecover [-Path <location>] [-Confirm]

There are two scenarios for a recovery.  If you recover to the same machine, i.e. with the same SID, then you must do some clean up work:

  • You must manually remove any hosts that were removed since the backup was done.
  • You must manually add any hosts that were added since the backup was done.
  • You must manually remove any VM entries for VM’s that were deleted since the backup was done.  These VM’s will be listed as "Missing".

If you recover the backup to a different VMM server then you must do some different steps.  This is because the computer is not recognised by the virtualisation hosts.  Your virtualisation hosts because they will have an "Access Denied" status.  You must re-associate those hosts with your new VMM server.  Then you can commence with the manual cleanup tasks listed above.

What would I do?

  • Ensure you backup all servers hosting VMM roles, ideally including all components on the servers.  This will include backing up contents of all VMM libraries.
  • Schedule the PowerShell script to also do a VMM native backup of the VMM database.  Include the results in your traditional server backups.

With this approach you have options when it comes to a restoration.  For example, if you have a complete VMM server failure you can do a traditional restore of all components.  But if you lose VMM database you can restore it quickly using the native tools.  And if that traditional recovery doesn’t work (for whatever reason), at least you can build a new VMM server and restore the database backup that you did using the VMM PowerShell cmdlets.

Reference: Backing Up and Restoring the VMM Database

Technorati Tags: ,

Hyper-V Backup Strategies

Because you are dealing with virtual machines you have more options available to you than you did when backing up traditional tin servers.  What approach you take depends on whether you need to recover files, databases or just an entire server, what your budget is and how you configure the storage of your VM’s.  Oh yes, and your budget.

In-VM or On-Host Backup?

What does that mean?  There are two places you can do your backup from. 

On-Host Backup

This allows you to capture selected VM’s on the host as they are running.  There’s some catches to that which I’ll come back to later.  The benefit of this approach is that it’s a simple hammer that can hit everything.  If you need to recover all of your VM’s then you can do it.  But you have no knowledge of the VM’s contents nor the ability to recover single files from within the VM.  To do that with this approach you have to recover the entire VM to an isolated network, log into the VM, and then grab the files you need.

This on-host backup really needs to be Hyper-V aware, i.e. use the Hyper-V VSS (volume shadow copy service) writer.  When your backup software tries to backup the VM then the VM will be quickly brought to a “quiescent” state.  This is accomplished at two levels.  The parent partition uses VSS to access the VHD files.  The integration components feature a backup integration.  This allows the VSS writers in the VM to bring file services, Exchange, SQL (and any other VSS aware services) into a brief restful state too.  A snapshot of the VM can then be taken using VSS and the backup software get’s the VM’s running state.  Note that this quiescent state is not noticeable.  Odds are you are already using this VSS technology to backup Windows file servers, Exchange and SQL and haven’t noticed a thing.

You probably noticed a catch here.  The backup causes no noticeable downtime to the VM if (a) VSS is available in the VM operating system and (b) the backup integration component service is running in the VM.  That means you must be running Windows Server 2003 SP3 or later in the VM and you have installed the IC’s and left the backup integration service enabled.  All of the volumes in the VM must also have VSS enabled.

If you have VM’s that don’t meet both of those requirements then they must be stopped (saved state) before a backup can commence.  This will include, for example, VM’s that meet these conditions:

  • VM’s that do not have the VSS service, e.g. Linux or Windows 2000
  • VM’s that do not have the IC’s installed and the backup integration service enabled
  • VM’s that do not have VSS enabled on all of their volumes.

Some types of storage cannot be backed up in this way.  Passthrough storage is not a file like a VHD so that is excluded from this approach.  And you need to be aware of remote storage that is directly connected to the VM.  It is not connected to the parent partition so it cannot be backed up with this approach.

You should also be aware that virtual network configurations are reportedly not backed up with this approach.

However the two big benefits are:

  • You can do an “iron”-level backup of a VM.  If you lose the VM then you can instantly restore it to a known state with no need to build new VM’s, install software, patches, etc.
  • As I’ve mentioned you should not use snapshots in production.  Using a VSS backup on the host you effectively get snapshot functionality.

In-VM Backup

The second approach is to do an in-VM backup.  This is pretty much doing what you’ve always done with your physical servers.  You log into the VM and do the backup from there.  Here are the benefits:

  • You can use whatever backup tool you want that is installed in the VM.  It does not need to be Hyper-V VSS aware.  Although it doesn’t need to be Hyper-V VSS aware you should take steps to ensure you can still backup open files and backup databases (mail, Oracle, MySQL, etc) consistently.
  • You can backup remote storage that is not connected to the host, e.g. where a VM directly connects to iSCSI storage.
  • You can use this approach for Linux/Windows 2000/etc and where you do not (or cannot) install Integration Components, do/cannot not have VSS enabled on all volumes or do not/cannot enable the backup integration service.
  • Best of all, this approach allows you to selectively backup files and allows you to selectively recover files or databases.  This is because the backup is in the VM and thus is aware of the data in the VM.

Recovering a lost VM with just this approach will be time consuming.  You would have to:

  • Build a new VM and set up the operating system to be identical to the previous version including service pack.
  • Do a complete restoration of the backup data.
  • Test like crazy to ensure everything is OK.

Best of Both Worlds

The best solution is to do both types of backup.  You can do an on-host backup maybe once a day, once a week or once a month for all VM’s, depending on major changes on those VM’s.  Identify those VM’s that you need to backup/recover on a granular level, e.g. shared SQL servers, Exchange, file servers, etc.  For those machines you should configure in VM backup.  Of course, there are those VM’s that don’t meet the requirements for on-host backup.  Exclude them from the backup set and set up in-VM backups for them.  It might make sense to do an on-host backup once in a while for these VM’s.  This will require a scheduled maintenance window where you put the VM’s into a saved state to run the backup.  This will allow quicker recoveries in a major disaster for these VM’s.

Here’s how you can handle various recoveries now:

  • VM destroyed: Recover the last backup of the VM from the host level.  Restore data from in-VM backup that has changes since that on-host backup.  This will bring the VM back up to date, e.g. SQL databases.
  • Data lost from a VM, e.g. SQL database, files, etc: Recover the data from the in-VM backup.
  • Host destroyed/Office Destroyed: Recover the complete on-host backups to another host or another host in another office.  Remember to configure the virtual networks.

Backup Tools

If you are operating on a shoestring then the solution for you is Windows Server Backup.  You can use this to backup your host and VM’s.  It’s not the prettiest solution but it works.  VM’s that are backed up at the host level that are not compliant with all the requirements will need to be put into a saved state either manually or via a (PowerShell) script.  In VM backup is complicated because you need to provide storage for the backups.  That means using either iSCSI or VHD’s and that adds complexity to your storage solution.

The ideal solution in a Microsoft centric network is Data Protection Manager.  DPM 2007 SP1 can backup Windows Server 2008 hosts and clusters.  It can also backup Windows Server 2008 R2 hosts and clusters.  However the caveat for Windows Server 2008 R2 clusters is that it cannot backup VM’s that are stored on Cluster Shared Volumes (CSV) and it is not Live Migration aware.  DPM 2010 (expected to RTM in Q2 2010 and in beta now) will resolve that.

DPM installs agents on the host and in the VM’s.  Licensing costs are reduced with System Center Enterprise (host and 4 VM’s on the host) and Datacenter (host and all VM’s on the host) CAL’s/SAL’s.  You can configure protection sets with schedules of your choice and your hosts/VM’s/data will be backed up to the disk storage set(s) on the DPM server.  For those VM’s that are not compliant with the Hyper-V VSS/IC requirements, DPM will automatically put them into a saved state and do the backup.  A nice touch with DPM is that it will allow replication of the backed up data to another DPM server.  This could be in a remote location, e.g. a hosting company, and have a tape drive attached to stream data from disk to tape for archival purposes.  DPM is quite clever with backups.  It backs up at a block level.  It only backs up differences rather than entire files.  It can also compress data on the wire.

What if you’ve made an investment in other backup technologies and want to keep it simple or you have lots of non-Microsoft technology?  You have a few options:

  • If your backup vendor has Hyper-V VSS compliance then do what I’ve talked about above, picking and choosing between in-VM and on-host backups.  Windows Server 2008 R2 CSV is still pretty new so verify that the vendor also has compliance for that if you are deploying an R2 Hyper-V cluster.
  • If your backup vendor does not have Hyper-V VSS compliance then you can only do in-VM backups.  It’s not ideal but it’s what you’ve been doing up to now with your physical servers so nothing has changed.  You’re just not able to take advantage of snapshot style functionality at the host level for your VM’s.
  • Maybe add DPM into the mix for host-level backups only and do daily/weekly/monthly backups.  That way you get an “iron” level backup of the VM for those dreaded scenarios when you have to do a complete recovery.

Things To Watch Out For

  • Patches.  No matter what your backup solution is, get all of the latest patches.  DPM 2007 SP1 requires a hot fix for W2008 Hyper-V support.  Install the June 2009 rollup.  DPM 2010 requires a hotfix on W2008 R2 Hyper-V RTM clusters too.
  • DPM 2007 SP1 isn’t the completed solution for W2008 R2 clusters due to the lack of support for CSV and lack of Live Migration awareness.  If you are deploying DPM 2007 SP1 on W2008 R2 clusters then have your licensing set up to upgrade to DPM 2010 next year.
  • The Windows Server Backup approach requires a registry change on the host.  Complete instructions are on the MS site.
  • Even if you only do in-VM backups, ensure your vendor will support it.  Just because it’s in VM and should be pretty much identical to backing up a physical box, it doesn’t mean the vendor will actually support a VM backup.
  • Test the crap out of this stuff once you have a lab or a pilot set up.

Search Server 2008

I’ve never heard of this one before but it turned up on the Microsoft downloads last night.  Server Server 2008 Express is a free product you can download and install.

Search doesn’t have to be complicated
Bring enterprise search to your organization quickly and easily for FREE with Microsoft® Search Server 2008 Express. As an IT professional, you need a search solution that allows you to deliver the simple, easy-to-use experience your users expect while helping to meet the security and manageability requirements your IT environment demands. The download on this page has been updated to include Service Pack 2.
Note: In order to install Search Server 2008 Express on Windows Server 2008 R2, you must use this download. Previously available versions will not install.
Product Highlights
Quick to download and set up

  • Reduce your risk in choosing a search solution by starting with a free, full application you can download and set up to meet your needs immediately
  • Go from downloading to searching in minutes with a streamlined setup process

Easy to configure and maintain

  • Review common administrative tasks, search status, and settings in a single view
  • Manage content sources and search scopes, authoritative sources, key words, best bets, and other configurable relevancy settings through a powerful, easy-touse management console
  • Index common information sources with Indexing Connectors for file servers, Web sites, Microsoft SharePoint® sites, Microsoft Exchange Server public folders, as well as EMC Documentum, IBM FileNet, and Lotus Notes repositories
  • Monitor search performance and improve search relevance with query and results reporting
  • Help ensure that only the right people can find information with a search engine that utilizes your user authentication infrastructure for enhanced security

Powerful enough to meet your search needs

  • Empower your users to quickly find the information they need through a familiar, Web search-style interface
  • Deploy a search capability optimized for business data to deliver highly relevant results across intranet and public-facing Web site content
  • Scale your deployment to meet your needs with no preset document limits and continuous index propagation
  • Easily upgrade to a multiserver topology with Microsoft Search Server 2008 or Microsoft Office SharePoint Server 2007 as your enterprise search needs evolve

For more information on Microsoft enterprise search products, please visit www.microsoft.com/enterprisesearch

There also appears to be a commercial product offering more functionality.

Scott Lowe/TechRepublic: Feature Comparison Between Hyper-V and vSphere

Scott Lowe did a very nice job in this short and objective article on TechRepublic where he compares the features of Microsoft Windows Server 2008 R2 Hyper-V and VMware vSphere.  Importantly, he distinguishes between the paid-for editions of the products.  As they say, a picture paints a thousand words:

Thanks Scott and TechRepublic.

Technorati Tags: ,

Why Is Elias Khnaser So Biased Against Hyper-V?

Before we get into this: yes I am pro-Microsoft.  But I have deployed and used VMware software in the past.  I have been a happy ESX customer.  I even agree with those who state VMware Workstation is the best product for virtualisation on Windows Vista/7.

Last night, I dissected an article by Elias Khnaser.  I wondered why he, in my opinion, had a poorly educated bias (isn’t that what ignorance is?) against Hyper-V.  I searched him out and found big ol’ VMware all over his site.  Ahh!

Maybe InformationWeek should really do a better job of hiring someone to evaluate Hyper-V?  For example, I wouldn’t hire me to write an evaluation of vSphere because I am not educated about it and I have a clear favour for Hyper-V – it doesn’t take a genius long to figure that out.  Or maybe it’s InformationWeek that had an agenda?  It’s not unlike some media to have a slant towards their advertisers.  That’s clearly evident in one publication’s annual summer awards issue where “big yellow” wins every time despite being the most hated s/w vendors on the planet.

Some More Cross Platform Updates For OpsMgr 2007 R2

Microsoft released two more updates for Operations Manager 2007 R2 cross platform extensions.

First is the management pack to take advantage of cross platform Audit Collection Services (ACS).

Second is a new management pack for monitoring cross platform agents, i.e. UNIX and Linux.

Technorati Tags:

Looking Into “9 Reasons Enterprises Shouldn’t Switch To Hyper-V

I’m not here to blow Microsoft’s trumpet.  I’m not a MS employee, don’t own shares and, to be honest, they have a billion dollar marketing engine and Jerry Seinfeld to do that for themselves.

But when I read something like InformationWeek’s “9 Reasons Enterprises Shouldn’t Switch To Hyper-V” by Elias Khnaser then I have to say something.  Let’s go through this point by point.

1) Breadth of OS Support

Referring to non-Microsoft OS’s “Hyper-V, however, supports only Windows and SuSE Linux”

Actually it also supports Red Hat Enterprise Linux.  And the IC’s have been released under GPLv2 and are finding their way into other Linux distros as I type this.  Hey Elias, seeing as you aren’t a fan of Microsoft, I guess you don’t Bing. Try Google and do some research next time.

2) Memory Management

“For starters, it recommends having a host in standby mode, which means, ‘Have a host that is not serving VMs running so that in the event of a host failure, the standby host can be used to cover for its martyred cousin’.”

This is known as host fault tolerance.  If a host fails then you automatically fail over the VM to another host.  It isn’t unique to Microsoft.  Xen and VMware do this too.  You allow for a spare host or two (depending on the size of the cluster and fault tolerance required) so that if a host fails you don’t lose your VM’s.  It’s a GOOOOOOD thing.

“If you don’t have memory oversubscription, how exactly do you expect to power-on VMs when a host experiences hardware failure?”

Yes, Hyper-V does not have memory over subscription or RAM bursting.  Memory oversubscription is not supported in production by VMware.  If something goes wrong you are told to turn it off by VMware support as step #1.

3) Security

“Hyper-V’s reliance on a general-purpose operating system, in this case Windows Server 2008, makes it a security vulnerability unto itself”.

Oh really?  How many breakout attacks has Windows Hyper-V had?  Or Microsoft virtualisation full stop?  Zero.  How many have VMware had on ESX in the last 2 years?  1.

How many Microsoft patches for Hyper-V or Service Packs have broken virtualization or lost VM’s in the last 2 years?  None.  How many updates have broken ESX hosts in the last two years?  At least two, including some Update 1 for ESX 4 which was withdrawn last week.

How easy is it to patch a Windows Server 2008 R2 cluster?  It’s a doddle with WSUS.  ESX or Xen?  I doubt it’s so easy.  Heck, an ESX patch is a complete OS upgrade.

If you so choose you can run Hyper-V Server 2008 R2 or a Core installation of Windows Server 2008 R2 to reduce the patching footprint.  I choose to go with a full OS for hardware troubleshooting reasons.  If some hardware breaks on my hosts I’ll ID it in no time at all – heck the OpsMgr HP Insight Manager management packs make that easy but I can also use the HP on-server tools in a GUI.

4) Live Migration

“Considering Microsoft’s frequent weekly updates for Windows Server 2008, that would take an administrator double or triple the time it would an ESX admin just to move VMs from host to host in order to apply security patches and properly secure his deployment”.

Really?  All VMware implementations can have multiple VM’s fail over at once on 1GB Ethernet?  Seriously, I wasn’t aware that this was possible.  Does the VMware solution require 100% host fault tolerance with VM shadowing for this?

Hyper-V allows you to initiate multiple Live Migrations at once but they are sequential.

Wait a second: “Considering Microsoft’s frequent weekly updates“.  MS normally releases updates every second Tuesday (Wednesday for those of us in Europe and east of here).  And if you use any sort of patch management then it’s up to you when you do that patch deployment.  Using VMM 2008 R2 you can put a clustered host into “maintenance mode” and go do something else for a while.  The VM’s will be moved automatically to hosts selected by Intelligent Placement.

5) VM Priority Restart

“If you intend on running all virtual—and you should—the ability to prioritize your VMs by importance is crucial, and the ability to recover from host failures based on VM importance is even more crucial”.

When I restart a standalone (un-clustered) Hyper-V host I actually do have VM start prioritisation.  You can specify how long after the parent partition boots up that each VM should start up.

“In the event a host that is running 60 VMs fails, for example, I want to make very sure that my virtual infrastructure can restart my failed VMs on another host in a certain order”.

I’ll grant you that one.  For a workaround I suspect you could do this if using VMM.  Specify a priority value in the VM custom properties in VMM.  Write a PowerShell script to gather the names of all non-running VM’s on that host.  Query those VM’s for the custom value.  Order the start-ups by that value.

“I don’t want Exchange, SQL, and IIS to come up before my domain controllers, DNS server, or DHCP servers”.

We who work in virtualisation call that chicken and egg.  I think you’ll find that VMware recommend that there should be at least one physical domain controller.  I certainly would advocate that, e.g. Hyper-V/VMM work best in a domain and why start up the hosts before the DC’s?

6) Fault Tolerance

“This feature takes system availability to highs that are truly unheard of, and to no one’s surprise, it is available only with vSphere. The ability to run a single VM in lockstep with a shadow VM simultaneously, executing on both primary and secondary VMs at the same time, provides for continuous high availability that we never had in the physical world with this much ease.”

OK, which is it for you Elias?  All the fault tolerance in the world or not spending money on hosts.  Go back to the quote on point 2 and you’ll see you are contradicting yourself.

Actually, you can do Live Migration between sites with Hyper-V.  It leverages hardware solutions from the likes of Compellent or HP LeftHand to create a cross-WAN/campus CSV and then do Live Migration across that.  EMC has something for their Clarion and HP have CLX for the EVA but they don’t support CSV yet.

7) Hot Adds

“In a virtual environment, however, there should be no reason why we cannot add more memory, disk, and peripherals on the fly to any powered-on VM. Except if you’re using Hyper-V”.

You can hot-add SCSI disks in Windows Server 2008 R2.  You just need to have added the virtual SCSI controller.  Hot add of RAM is not possible.

8) Third-Party Vendor Support

“However, when we examine the third-party tools that support Hyper-V and those that support vSphere, the gap is significant and swings heavily in VMware’s favour”.

That’s probably true.  But quantity does not equate to quality.  There are one or two partners I’d like to see supporting Hyper-V that aren’t.  But I’ll tell you this much, Microsoft’s more open approach sure seems more appealing than the “don’t dare compete with us” approach displayed by VMware at their conferences toward their partners, e.g. Veeam daring to back up VM’s on ESXi.

And anyway, I have solutions available to me for anything I need to do on Hyper-V/VMM.

9) Maturity

“When choosing a virtualization infrastructure, you are making a strategic decision about the basis upon which your organization’s critical systems are going to run. It is a decision that will have far-reaching consequences; this is not some piece of software that you can just decide to change half way through the project”.

Hyper-V has such a small footprint that maturity isn’t a big deal.  Does Hyper-V/VMM have all the bells and whistles of VMware’s ESX/vSphere?  Nope.

Here’s the facts about Hyper-V/VMM.  They are rock solid.  18 months of usage and no stability or performance issues.  Manageability is easy thanks to VMM and OpsMgr.  My job is easier thanks to them.  I’m excited about how well Hyper-V/VMM have worked out and about the future.  The new stuff coming from the Opalis acquisition, where things are going with Azure integration, server application virtualisation (independent of the OS), and the potential for leveraging boot-from-VHD for V2P based on performance monitoring … it’s all going to be fun over the next two years.

I wish journalists like this guy would do some research before they write.  These articles are misleading.