Aidan Finn, IT Pro

It’s being reported that Blackberry (RIM) are having outages for the second time this week in the USA.  This outage is also affecting South America.

That’s the problem with Blackberry.  You are relying on a third party.  I’m all for cloud computing but I’m not for “locked in” cloud computing like this.  If you deploy Blackberry handsets then what alternative have you got?

If you’re running Exchange you’ve long since had the ability to do push email without the need to pay good money to someone else.  Sure, Windows CE/Mobile handsets didn’t seem to compare too well.  But that has changed big time.  I’m using a small LG machine running Windows Mobile 6.5 and it’s usable, stable and has good battery life.

Way back when I was last an internal admin, we had Lotus Notes.  I remember the call for email enabled handsets came along.  We were a finance company and worried about where our data would be.  Our email admin, a savvy Notes guru, took a lot of time and went with Windows XDA and XDA III handsets.  Straight away the feedback came from directors who barely did email – that was dirty work for their PA’s.  They couldn’t carry these handsets; they weren’t as pretty as the Blackberry’s that directors from other companies had.  Ugh!  Style instead of functionality.

So if style is your thing then you can even run iPhones with Exchange ActiveSync.  And then you can annoy every person near you while you pretended that you invented the iPhone and show off every whizzbang feature that it has. 

HTC, LG and Samsung all make very stylish Windows Mobile 6.5 handsets too and in various form factors.  I quite like my LG.  It’s the size of a normal phone (not a mini brick) and it has an attached stylus.  I don’t have Exchange at home (I used to until Digiweb decided that they never game me a static IP address – I have the email to prove they did but their support chose to ignore that – and their website even used to advertise it) so I use other online email services.  My primary one works perfectly with the LG.  I even run both my personal email and my work email on it, both via IMAP.

So don’t let phone handsets decide the best way to make email available to your roaming workers.  Don’t rely on 3rd parties.  Just push the email from your own infrastructure.  Then you can read about other people’s email issues in your working email.

Microsoft has updated the page that lists the hot fixes for Hyper-V.  This now includes both Windows Server 2008 and Windows Server 2008 R2.

Now that I’ve dealt with backing up and restoring Hyper-V, let’s have a look at that management component, System Center Virtual Machine Manager (VMM).

The simplest solution is to simply backup the entire VMM server.  But what if it isn’t that simple for you?  What if you have a large or distributed environment?  How do you recover individual aspects?  How do you restore to a different computer?

There’s two aspects to VMM.  The library is a shared folder.  That’s easy to backup.  You just use any old VSS enabled backup tool to backup Windows 2008 or Windows 2008 R2.  But that’s only the library. 

What about all the intelligence, i.e. the database?  Well, you could just do a SQL backup of the database.  That’s one way.  VMM also provides a method do backup and recover the database using VMM native tools.

To backup the database you can:

1. In Administration view, click General, and then, in the Actions pane, click Back up Virtual Machine Manager.
2. In the Virtual Machine Manager Backup dialog box, type the path for a destination folder for the backup file. The folder must not be a root directory and must be accessible to the SQL Server.

That’s a GUI method and not something you’ll be able to do on a schedule reliably.  You’ll need a script.  VMM is based on PowerShell so with a little PSH you can create a script which you can schedule.  Luckily, Microsoft has the script up on TechNet for both VMM 2008 and VMM 2008 R2.

That’s the backup.  You’ll need to be able to restore it.  There is a tool that is on the DVD that you will need to do the restore.  It is not installed on the server.  It is called SCVMMRecover.exe and it is located on the DVD at %ROOT%\i386\bin for a 32-bit computer, or %ROOT%\amd64\bin for a 64-bit computer.  The syntax to run it is:

SCVMMRecover [-Path <location>] [-Confirm]

There are two scenarios for a recovery.  If you recover to the same machine, i.e. with the same SID, then you must do some clean up work:

• You must manually remove any hosts that were removed since the backup was done.
• You must manually add any hosts that were added since the backup was done.
• You must manually remove any VM entries for VM’s that were deleted since the backup was done.  These VM’s will be listed as "Missing".

If you recover the backup to a different VMM server then you must do some different steps.  This is because the computer is not recognised by the virtualisation hosts.  Your virtualisation hosts because they will have an "Access Denied" status.  You must re-associate those hosts with your new VMM server.  Then you can commence with the manual cleanup tasks listed above.

What would I do?

• Ensure you backup all servers hosting VMM roles, ideally including all components on the servers.  This will include backing up contents of all VMM libraries.
• Schedule the PowerShell script to also do a VMM native backup of the VMM database.  Include the results in your traditional server backups.

With this approach you have options when it comes to a restoration.  For example, if you have a complete VMM server failure you can do a traditional restore of all components.  But if you lose VMM database you can restore it quickly using the native tools.  And if that traditional recovery doesn’t work (for whatever reason), at least you can build a new VMM server and restore the database backup that you did using the VMM PowerShell cmdlets.

Reference: Backing Up and Restoring the VMM Database

Because you are dealing with virtual machines you have more options available to you than you did when backing up traditional tin servers.  What approach you take depends on whether you need to recover files, databases or just an entire server, what your budget is and how you configure the storage of your VM’s.  Oh yes, and your budget.

In-VM or On-Host Backup?

What does that mean?  There are two places you can do your backup from. 

On-Host Backup

This allows you to capture selected VM’s on the host as they are running.  There’s some catches to that which I’ll come back to later.  The benefit of this approach is that it’s a simple hammer that can hit everything.  If you need to recover all of your VM’s then you can do it.  But you have no knowledge of the VM’s contents nor the ability to recover single files from within the VM.  To do that with this approach you have to recover the entire VM to an isolated network, log into the VM, and then grab the files you need.

This on-host backup really needs to be Hyper-V aware, i.e. use the Hyper-V VSS (volume shadow copy service) writer.  When your backup software tries to backup the VM then the VM will be quickly brought to a “quiescent” state.  This is accomplished at two levels.  The parent partition uses VSS to access the VHD files.  The integration components feature a backup integration.  This allows the VSS writers in the VM to bring file services, Exchange, SQL (and any other VSS aware services) into a brief restful state too.  A snapshot of the VM can then be taken using VSS and the backup software get’s the VM’s running state.  Note that this quiescent state is not noticeable.  Odds are you are already using this VSS technology to backup Windows file servers, Exchange and SQL and haven’t noticed a thing.

You probably noticed a catch here.  The backup causes no noticeable downtime to the VM if (a) VSS is available in the VM operating system and (b) the backup integration component service is running in the VM.  That means you must be running Windows Server 2003 SP3 or later in the VM and you have installed the IC’s and left the backup integration service enabled.  All of the volumes in the VM must also have VSS enabled.

If you have VM’s that don’t meet both of those requirements then they must be stopped (saved state) before a backup can commence.  This will include, for example, VM’s that meet these conditions:

• VM’s that do not have the VSS service, e.g. Linux or Windows 2000
• VM’s that do not have the IC’s installed and the backup integration service enabled
• VM’s that do not have VSS enabled on all of their volumes.

Some types of storage cannot be backed up in this way.  Passthrough storage is not a file like a VHD so that is excluded from this approach.  And you need to be aware of remote storage that is directly connected to the VM.  It is not connected to the parent partition so it cannot be backed up with this approach.

You should also be aware that virtual network configurations are reportedly not backed up with this approach.

However the two big benefits are:

• You can do an “iron”-level backup of a VM.  If you lose the VM then you can instantly restore it to a known state with no need to build new VM’s, install software, patches, etc.
• As I’ve mentioned you should not use snapshots in production.  Using a VSS backup on the host you effectively get snapshot functionality.

In-VM Backup

The second approach is to do an in-VM backup.  This is pretty much doing what you’ve always done with your physical servers.  You log into the VM and do the backup from there.  Here are the benefits:

• You can use whatever backup tool you want that is installed in the VM.  It does not need to be Hyper-V VSS aware.  Although it doesn’t need to be Hyper-V VSS aware you should take steps to ensure you can still backup open files and backup databases (mail, Oracle, MySQL, etc) consistently.
• You can backup remote storage that is not connected to the host, e.g. where a VM directly connects to iSCSI storage.
• You can use this approach for Linux/Windows 2000/etc and where you do not (or cannot) install Integration Components, do/cannot not have VSS enabled on all volumes or do not/cannot enable the backup integration service.
• Best of all, this approach allows you to selectively backup files and allows you to selectively recover files or databases.  This is because the backup is in the VM and thus is aware of the data in the VM.

Recovering a lost VM with just this approach will be time consuming.  You would have to:

• Build a new VM and set up the operating system to be identical to the previous version including service pack.
• Do a complete restoration of the backup data.
• Test like crazy to ensure everything is OK.

Best of Both Worlds

The best solution is to do both types of backup.  You can do an on-host backup maybe once a day, once a week or once a month for all VM’s, depending on major changes on those VM’s.  Identify those VM’s that you need to backup/recover on a granular level, e.g. shared SQL servers, Exchange, file servers, etc.  For those machines you should configure in VM backup.  Of course, there are those VM’s that don’t meet the requirements for on-host backup.  Exclude them from the backup set and set up in-VM backups for them.  It might make sense to do an on-host backup once in a while for these VM’s.  This will require a scheduled maintenance window where you put the VM’s into a saved state to run the backup.  This will allow quicker recoveries in a major disaster for these VM’s.

Here’s how you can handle various recoveries now:

• VM destroyed: Recover the last backup of the VM from the host level.  Restore data from in-VM backup that has changes since that on-host backup.  This will bring the VM back up to date, e.g. SQL databases.
• Data lost from a VM, e.g. SQL database, files, etc: Recover the data from the in-VM backup.
• Host destroyed/Office Destroyed: Recover the complete on-host backups to another host or another host in another office.  Remember to configure the virtual networks.

Backup Tools

If you are operating on a shoestring then the solution for you is Windows Server Backup.  You can use this to backup your host and VM’s.  It’s not the prettiest solution but it works.  VM’s that are backed up at the host level that are not compliant with all the requirements will need to be put into a saved state either manually or via a (PowerShell) script.  In VM backup is complicated because you need to provide storage for the backups.  That means using either iSCSI or VHD’s and that adds complexity to your storage solution.

The ideal solution in a Microsoft centric network is Data Protection Manager.  DPM 2007 SP1 can backup Windows Server 2008 hosts and clusters.  It can also backup Windows Server 2008 R2 hosts and clusters.  However the caveat for Windows Server 2008 R2 clusters is that it cannot backup VM’s that are stored on Cluster Shared Volumes (CSV) and it is not Live Migration aware.  DPM 2010 (expected to RTM in Q2 2010 and in beta now) will resolve that.

DPM installs agents on the host and in the VM’s.  Licensing costs are reduced with System Center Enterprise (host and 4 VM’s on the host) and Datacenter (host and all VM’s on the host) CAL’s/SAL’s.  You can configure protection sets with schedules of your choice and your hosts/VM’s/data will be backed up to the disk storage set(s) on the DPM server.  For those VM’s that are not compliant with the Hyper-V VSS/IC requirements, DPM will automatically put them into a saved state and do the backup.  A nice touch with DPM is that it will allow replication of the backed up data to another DPM server.  This could be in a remote location, e.g. a hosting company, and have a tape drive attached to stream data from disk to tape for archival purposes.  DPM is quite clever with backups.  It backs up at a block level.  It only backs up differences rather than entire files.  It can also compress data on the wire.

What if you’ve made an investment in other backup technologies and want to keep it simple or you have lots of non-Microsoft technology?  You have a few options:

• If your backup vendor has Hyper-V VSS compliance then do what I’ve talked about above, picking and choosing between in-VM and on-host backups.  Windows Server 2008 R2 CSV is still pretty new so verify that the vendor also has compliance for that if you are deploying an R2 Hyper-V cluster.
• If your backup vendor does not have Hyper-V VSS compliance then you can only do in-VM backups.  It’s not ideal but it’s what you’ve been doing up to now with your physical servers so nothing has changed.  You’re just not able to take advantage of snapshot style functionality at the host level for your VM’s.
• Maybe add DPM into the mix for host-level backups only and do daily/weekly/monthly backups.  That way you get an “iron” level backup of the VM for those dreaded scenarios when you have to do a complete recovery.

Things To Watch Out For

• Patches.  No matter what your backup solution is, get all of the latest patches.  DPM 2007 SP1 requires a hot fix for W2008 Hyper-V support.  Install the June 2009 rollup.  DPM 2010 requires a hotfix on W2008 R2 Hyper-V RTM clusters too.
• DPM 2007 SP1 isn’t the completed solution for W2008 R2 clusters due to the lack of support for CSV and lack of Live Migration awareness.  If you are deploying DPM 2007 SP1 on W2008 R2 clusters then have your licensing set up to upgrade to DPM 2010 next year.
• The Windows Server Backup approach requires a registry change on the host.  Complete instructions are on the MS site.
• Even if you only do in-VM backups, ensure your vendor will support it.  Just because it’s in VM and should be pretty much identical to backing up a physical box, it doesn’t mean the vendor will actually support a VM backup.
• Test the crap out of this stuff once you have a lab or a pilot set up.

I’ve never heard of this one before but it turned up on the Microsoft downloads last night.  Server Server 2008 Express is a free product you can download and install.

“Search doesn’t have to be complicated
Bring enterprise search to your organization quickly and easily for FREE with Microsoft® Search Server 2008 Express. As an IT professional, you need a search solution that allows you to deliver the simple, easy-to-use experience your users expect while helping to meet the security and manageability requirements your IT environment demands. The download on this page has been updated to include Service Pack 2.
Note: In order to install Search Server 2008 Express on Windows Server 2008 R2, you must use this download. Previously available versions will not install.
Product Highlights
Quick to download and set up

• Reduce your risk in choosing a search solution by starting with a free, full application you can download and set up to meet your needs immediately
• Go from downloading to searching in minutes with a streamlined setup process

Easy to configure and maintain

• Review common administrative tasks, search status, and settings in a single view
• Manage content sources and search scopes, authoritative sources, key words, best bets, and other configurable relevancy settings through a powerful, easy-touse management console
• Index common information sources with Indexing Connectors for file servers, Web sites, Microsoft SharePoint® sites, Microsoft Exchange Server public folders, as well as EMC Documentum, IBM FileNet, and Lotus Notes repositories
• Monitor search performance and improve search relevance with query and results reporting
• Help ensure that only the right people can find information with a search engine that utilizes your user authentication infrastructure for enhanced security

Powerful enough to meet your search needs

• Empower your users to quickly find the information they need through a familiar, Web search-style interface
• Deploy a search capability optimized for business data to deliver highly relevant results across intranet and public-facing Web site content
• Scale your deployment to meet your needs with no preset document limits and continuous index propagation
• Easily upgrade to a multiserver topology with Microsoft Search Server 2008 or Microsoft Office SharePoint Server 2007 as your enterprise search needs evolve

For more information on Microsoft enterprise search products, please visit www.microsoft.com/enterprisesearch”

There also appears to be a commercial product offering more functionality.

Scott Lowe did a very nice job in this short and objective article on TechRepublic where he compares the features of Microsoft Windows Server 2008 R2 Hyper-V and VMware vSphere.  Importantly, he distinguishes between the paid-for editions of the products.  As they say, a picture paints a thousand words:

Thanks Scott and TechRepublic.

Before we get into this: yes I am pro-Microsoft.  But I have deployed and used VMware software in the past.  I have been a happy ESX customer.  I even agree with those who state VMware Workstation is the best product for virtualisation on Windows Vista/7.

Last night, I dissected an article by Elias Khnaser.  I wondered why he, in my opinion, had a poorly educated bias (isn’t that what ignorance is?) against Hyper-V.  I searched him out and found big ol’ VMware all over his site.  Ahh!

Maybe InformationWeek should really do a better job of hiring someone to evaluate Hyper-V?  For example, I wouldn’t hire me to write an evaluation of vSphere because I am not educated about it and I have a clear favour for Hyper-V – it doesn’t take a genius long to figure that out.  Or maybe it’s InformationWeek that had an agenda?  It’s not unlike some media to have a slant towards their advertisers.  That’s clearly evident in one publication’s annual summer awards issue where “big yellow” wins every time despite being the most hated s/w vendors on the planet.

Microsoft released two more updates for Operations Manager 2007 R2 cross platform extensions.

First is the management pack to take advantage of cross platform Audit Collection Services (ACS).

Second is a new management pack for monitoring cross platform agents, i.e. UNIX and Linux.

I’m not here to blow Microsoft’s trumpet.  I’m not a MS employee, don’t own shares and, to be honest, they have a billion dollar marketing engine and Jerry Seinfeld to do that for themselves.

But when I read something like InformationWeek’s “9 Reasons Enterprises Shouldn’t Switch To Hyper-V” by Elias Khnaser then I have to say something.  Let’s go through this point by point.

1) Breadth of OS Support

Referring to non-Microsoft OS’s “Hyper-V, however, supports only Windows and SuSE Linux”

Actually it also supports Red Hat Enterprise Linux.  And the IC’s have been released under GPLv2 and are finding their way into other Linux distros as I type this.  Hey Elias, seeing as you aren’t a fan of Microsoft, I guess you don’t Bing. Try Google and do some research next time.

2) Memory Management

“For starters, it recommends having a host in standby mode, which means, ‘Have a host that is not serving VMs running so that in the event of a host failure, the standby host can be used to cover for its martyred cousin’.”

This is known as host fault tolerance.  If a host fails then you automatically fail over the VM to another host.  It isn’t unique to Microsoft.  Xen and VMware do this too.  You allow for a spare host or two (depending on the size of the cluster and fault tolerance required) so that if a host fails you don’t lose your VM’s.  It’s a GOOOOOOD thing.

“If you don’t have memory oversubscription, how exactly do you expect to power-on VMs when a host experiences hardware failure?”

Yes, Hyper-V does not have memory over subscription or RAM bursting.  Memory oversubscription is not supported in production by VMware.  If something goes wrong you are told to turn it off by VMware support as step #1.

3) Security

“Hyper-V’s reliance on a general-purpose operating system, in this case Windows Server 2008, makes it a security vulnerability unto itself”.

Oh really?  How many breakout attacks has Windows Hyper-V had?  Or Microsoft virtualisation full stop?  Zero.  How many have VMware had on ESX in the last 2 years?  1.

How many Microsoft patches for Hyper-V or Service Packs have broken virtualization or lost VM’s in the last 2 years?  None.  How many updates have broken ESX hosts in the last two years?  At least two, including some Update 1 for ESX 4 which was withdrawn last week.

How easy is it to patch a Windows Server 2008 R2 cluster?  It’s a doddle with WSUS.  ESX or Xen?  I doubt it’s so easy.  Heck, an ESX patch is a complete OS upgrade.

If you so choose you can run Hyper-V Server 2008 R2 or a Core installation of Windows Server 2008 R2 to reduce the patching footprint.  I choose to go with a full OS for hardware troubleshooting reasons.  If some hardware breaks on my hosts I’ll ID it in no time at all – heck the OpsMgr HP Insight Manager management packs make that easy but I can also use the HP on-server tools in a GUI.

4) Live Migration

“Considering Microsoft’s frequent weekly updates for Windows Server 2008, that would take an administrator double or triple the time it would an ESX admin just to move VMs from host to host in order to apply security patches and properly secure his deployment”.

Really?  All VMware implementations can have multiple VM’s fail over at once on 1GB Ethernet?  Seriously, I wasn’t aware that this was possible.  Does the VMware solution require 100% host fault tolerance with VM shadowing for this?

Hyper-V allows you to initiate multiple Live Migrations at once but they are sequential.

Wait a second: “Considering Microsoft’s frequent weekly updates“.  MS normally releases updates every second Tuesday (Wednesday for those of us in Europe and east of here).  And if you use any sort of patch management then it’s up to you when you do that patch deployment.  Using VMM 2008 R2 you can put a clustered host into “maintenance mode” and go do something else for a while.  The VM’s will be moved automatically to hosts selected by Intelligent Placement.

5) VM Priority Restart

“If you intend on running all virtual—and you should—the ability to prioritize your VMs by importance is crucial, and the ability to recover from host failures based on VM importance is even more crucial”.

When I restart a standalone (un-clustered) Hyper-V host I actually do have VM start prioritisation.  You can specify how long after the parent partition boots up that each VM should start up.

“In the event a host that is running 60 VMs fails, for example, I want to make very sure that my virtual infrastructure can restart my failed VMs on another host in a certain order”.

I’ll grant you that one.  For a workaround I suspect you could do this if using VMM.  Specify a priority value in the VM custom properties in VMM.  Write a PowerShell script to gather the names of all non-running VM’s on that host.  Query those VM’s for the custom value.  Order the start-ups by that value.

“I don’t want Exchange, SQL, and IIS to come up before my domain controllers, DNS server, or DHCP servers”.

We who work in virtualisation call that chicken and egg.  I think you’ll find that VMware recommend that there should be at least one physical domain controller.  I certainly would advocate that, e.g. Hyper-V/VMM work best in a domain and why start up the hosts before the DC’s?

6) Fault Tolerance

“This feature takes system availability to highs that are truly unheard of, and to no one’s surprise, it is available only with vSphere. The ability to run a single VM in lockstep with a shadow VM simultaneously, executing on both primary and secondary VMs at the same time, provides for continuous high availability that we never had in the physical world with this much ease.”

OK, which is it for you Elias?  All the fault tolerance in the world or not spending money on hosts.  Go back to the quote on point 2 and you’ll see you are contradicting yourself.

Actually, you can do Live Migration between sites with Hyper-V.  It leverages hardware solutions from the likes of Compellent or HP LeftHand to create a cross-WAN/campus CSV and then do Live Migration across that.  EMC has something for their Clarion and HP have CLX for the EVA but they don’t support CSV yet.

7) Hot Adds

“In a virtual environment, however, there should be no reason why we cannot add more memory, disk, and peripherals on the fly to any powered-on VM. Except if you’re using Hyper-V”.

You can hot-add SCSI disks in Windows Server 2008 R2.  You just need to have added the virtual SCSI controller.  Hot add of RAM is not possible.

8) Third-Party Vendor Support

“However, when we examine the third-party tools that support Hyper-V and those that support vSphere, the gap is significant and swings heavily in VMware’s favour”.

That’s probably true.  But quantity does not equate to quality.  There are one or two partners I’d like to see supporting Hyper-V that aren’t.  But I’ll tell you this much, Microsoft’s more open approach sure seems more appealing than the “don’t dare compete with us” approach displayed by VMware at their conferences toward their partners, e.g. Veeam daring to back up VM’s on ESXi.

And anyway, I have solutions available to me for anything I need to do on Hyper-V/VMM.

9) Maturity

“When choosing a virtualization infrastructure, you are making a strategic decision about the basis upon which your organization’s critical systems are going to run. It is a decision that will have far-reaching consequences; this is not some piece of software that you can just decide to change half way through the project”.

Hyper-V has such a small footprint that maturity isn’t a big deal.  Does Hyper-V/VMM have all the bells and whistles of VMware’s ESX/vSphere?  Nope.

Here’s the facts about Hyper-V/VMM.  They are rock solid.  18 months of usage and no stability or performance issues.  Manageability is easy thanks to VMM and OpsMgr.  My job is easier thanks to them.  I’m excited about how well Hyper-V/VMM have worked out and about the future.  The new stuff coming from the Opalis acquisition, where things are going with Azure integration, server application virtualisation (independent of the OS), and the potential for leveraging boot-from-VHD for V2P based on performance monitoring … it’s all going to be fun over the next two years.

I wish journalists like this guy would do some research before they write.  These articles are misleading.

I have added a page to my blog to feature events that I’m either attending, speaking at or might be interesting to regular readers.

I first heard about Audit Collection Services (ACS) at TechEd in 2004.  It was going to be a free download like WSUS.  The idea is that it would be an intelligent alternative to SYSLOG for Microsoft platforms/applications, gathering security logs into a central database.  Instead of gathering everything, it would gather the important alerts/events only.

Time went by and no beta appeared.  Then ACS appeared as a feature in System Center Operations Manager 2007.  OpsMgr 2007 evolved in OpsMgr 2007 R2 to add cross platform support, i.e. MS written native agents and management packs for Linux and UNIX.

Microsoft has now added an extension to this cross platform support to offer ACS to Linux and UNIX:

“System Center Operations Manager 2007 R2 Cross Platform Audit Collection Services enables the collection and audit of events from UNIX and Linux Servers. Using Cross Platform ACS, events are collected from the desired Unix/Linux servers and stored in the Audit Collections Services Database. Audit reports for UNIX/Linux Server collected events are included.

Feature Summary

Collection of Audit events from UNIX/Linux server, including:

• AIX 5.3 (Power), 6.1 (Power)
• HP-UX 11iv2 (IA64/PA-RISC), 11iv3 (IA64/PA-RISC)
• Red Hat Enterprise Server 4 (x86/x64), 5 (x86/x64)
• Solaris 8 (SPARC), 9 (SPARC), 10 (SPARC/x86)
• SUSE Linux Enterprise Server 9 (x86), 10 (x86/x64), 11 (x86/x64)

Built in Audit Reports including:

• Access violations – unsuccessful logon attempts
• Account creation/deletion/password change
• Administrator activity – su, sudo
• Forensic – all events for a computer/event ID
• User logons”

Microsoft has released a document to help you get to know Hyper-V in a lab or pilot test environment.

“This guide provides detailed step-by-step walkthroughs for testing Hyper-V with Windows Server 2008 R2 in a preproduction environment. You can use this guide to become familiar with Hyper-V and the process of creating and managing virtual machines. This guide also includes scenarios that you can test to better understand how Hyper-V can address the business goals of your organization”.

Siliconrepublic is reporting that the worldwide sales numbers of PC’s has grown in the 3rd quarter of 2009.  Consumer laptops and netbooks have driven the growth numbers.  The “back to school” factor has probably played a big role.  College students have needed laptops for some time now and it’s becoming a necessary piece of equipment for school kids too.  There are predictions of good sales in 2010.  How reliable that is, I don’t know.  It’s hard to see much positivity when you live in a country on the precipice of an economic black hole and it’s managed by rejects from the Muppet show.  However, the news has me believing that much of the rest of the world is starting to recover.

I wonder how much Windows 7 has played a role in these new sales.  I think it will have had some importance in people’s decisions to purchase.  There is genuine excitement out there and I think the normal TV advertising that MS has done will raise consumer awareness.  When they asked their neighbourhood/family IT experts for opinions then the feedback was probably quite positive.

This blog is running using WordPress on Windows hosting (Windows 2008 & IIS7) on a shared hosting platform.  The control panel is Plesk.  The WordPress application was installed from the control panel rather than the usual manual installation.

For SEO reasons you need a sitemap.xml file to tell search engine crawlers about your site and it’s content.  There is a very handy Google (XML) Sitemaps Generator for WordPress.  I installed it when I set up the blog last month but I kept getting errors that it could not create neither the sitemap.xml nor the sitemap.xml.gz files.  When I tried manual executions of the build process then the page would fail to load.  I did a tonne of searching and found two solutions:

1. You have to create 2 empty files in the root folder of your WordPress site for each of the files.  The generator will not create these files, only edit existing files.  Empty notepad files will do on Windows.  Linux folks can “touch” them.
2. The next thing was permissions.  This is where it became obvious to me that most WordPress folks are on Linux hosting.  The advice was to use chmod or FTP to set the permissions to 777, i.e. all rights to all users, on the two files.

I’d done the first step.  The control panel doesn’t allow us to modify permissions on CP installed application files/folders.  I also couldn’t set the 777 rights via an FTP tool for this reason.  I viewed the permissions and donned my traditional least privileges approach.  The website runs using the application pool identity.  So if I grant that account write permissions on the files all should be OK.  Turns out that wasn’t true.  The plug-in was running as something else. 

I was unwilling to test more on my production site so I set up a dummy site and did a manual install of WordPress and the plug-in.  Now I had rights to set permissions.  I granted write permissions to web users (the only remaining group in the control panel).  Now I ran the job manually.  It worked!

I got the hoster helpdesk to set the permissions on the two files on this production site.  I re-ran the job manually.  Now it worked and my sitemap was created.  Excellent.  I’d been doing some other SEO stuff to bring search engines here and it has been starting to work.  But the sitemap should help greatly.

This one has come up a few times in the last couple of days.  As I’ve blogged previously, SQL 2005 and SQL 2008 do have support for Live Migration.  This is official.

Michael Niehaus recorded a very good video showing you how to go from A-Z to use MDT 2010 integrated into ConfigMgr 2007 to deploy operating system images.

HP has released an updated version of their Hyper-V sizing tool to include Windows Server 2008 R2 Hyper-V.

“The HP Sizer for Microsoft Hyper-V 2008 R2 is an automated, downloadable tool that provides quick and helpful sizing guidance for “best-fit” HP server and storage configurations running in a Hyper-V R2 environment. The tool is intended to assist with the planning of a Hyper-V R2 virtual server deployment project. It enables the user to quickly compare different solution configurations and produces a customizable server and storage solution complete with a detail Bill of Materials (BOM) that includes part numbers and prices.

The HP Sizer for Microsoft Hyper-V 2008 R2 allows users to create new solutions, open already existing solutions, or use other types of performance data collecting tools, such as the Microsoft Assessment and Planning tool (MAP), to build rich Hyper-V R2 configurations based on HP server and storage technology. The tool allows rapid comparison of Hyper-V R2 characterizations using various HP server and storage choices”.

It is available for download now.  An older version for Windows Server 2008 is still available.

Microsoft has released a paper called “Using Windows 7 and Windows Server 2008 R2 – Controlling Communication with the Internet”.

“Provides steps that administrators can take to limit, control, or prevent the communication that flows between the features in Windows 7 and Windows Server 2008 R2 and sites on the Internet.

This document provides information about the communication that flows between the features in Windows 7 and Windows Server 2008 R2 and sites on the Internet. It describes steps to take to limit, control, or prevent that communication in an organization with many users. This document is designed to assist administrators in planning strategies for deploying and maintaining Windows Server 2008 R2 and Windows 7 in a way that helps provide an appropriate level of security and privacy for an organization’s networked assets”.

Microsoft released a patch for Windows Server 2008 R2 Hyper-V host servers.  It fixes a problem where VM’s are experiencing heavy outgoing network traffic loads.  This can cause the virtual NIC to fail and the only way to fix it (otherwise) is to restart the VM.

“Consider the following scenario:

• You install the Hyper-V role on a computer that is running Windows Server 2008 R2.
• You run a virtual machine on the computer.
• You use a network adapter on the virtual machine to access a network.
• You establish many concurrent network connections, or there is heavy outgoing network traffic.
• In this scenario, the network connection on the virtual machine may be lost. Additionally, the network adapter is disabled.

Note: You have to restart the virtual machine to recover from this issue.”

This hotfix applies to

• Windows Server 2008 R2 Datacenter
• Windows Server 2008 R2 Enterprise
• Windows Server 2008 R2 Standard

It requires the host to be rebooted.

System Center Virtual Machine Manager can be integrated into System Center Operations Manager.  Using the information gathered by OpsMgr agents on hosts, virtual and physical machines you can gather information that is relevant to VMM:

You can see the reports above that are available when you are using Virtual Machine Manager 2008 R2.

Host utilization is a report you will run to see what the current resource usage is on that host.  Host utilization growth is similar.  What you will do with that report is specify two time frames.  The utilisation of the host in the second time frame will be compared with that of the first.

Virtual Machine Allocation is a summary report of the total resources used by virtual machines on your managed hosts.  Virtual Machine utilisation give you more detail.

You can see in this screenshot the utilisation of resources by specific virtual machines.  Note that I have blacked out the VM names and the host names.  Some of the VM’s also do not have OpsMgr agents and therefore are not producing performance stats that can be used in this report.

Finally you have the report that’s going to be popular with most virtualisation implementations.  If I was doing a traditional internal deployment of Hyper-V I would first deploy OpsMgr 2007 R2 and it’s agents to gather Windows Server performance information.  Next I would deploy VMM 2008 R2.  I would let them stew on information for a week before sizing the hosts.  Then I would run the last of the reports: Virtualization Candidates. 

With this report you specify a time frame and a set of criteria.  I’ve blacked out the names of the physical machines in this report.  You’ll use these performance criteria to dictate what is acceptable for a virtual machine candidate:

• Number of processors (Hyper-V supports a max of 4 virtual CPU’s in a VM)
• Processor speed
• Maximum CPU usage
• Average CPU usage
• Total RAM
• Average RAM usage

From this report you can ID your P2V candidates and then use VMM to convert those physical machines to virtual machines.

We have a VM where the load has been slowly growing over time.  It’s peak season is right around now and we started getting alerts from Operations Manager on Friday.  The contents of the alert were:

“Alert Monitor:  PRO CPU Utilization

Alert Description
Source:  MTGWSVR001  CPU utilization in the virtual machine has reached critical levels. The threshold monitor for this virtual machine has detected that the average of %Processor Time has been exceeded.

Summary
This monitor tracks the average CPU utilization for the virtual machine. The average Processor Time has exceeded the threshold. (The default threshold is 90 percent.)

Causes
The virtual machine is consuming too many CPU resources for its configuration.

Resolutions
Update the virtual machine configuration to allocate additional virtual CPU resources. For information about configuring the CPU requirements for a virtual machine, see Virtual Machine Manager 2008 R2 Help”.

The monitor in question is the interesting bit.  We have Virtual Machine Manager (2008 or later) running and it is integrated with Operations Manager (2007 SP1 or later).  We have a Windows Server 2008 R2 Hyper-V cluster which is being managed by VMM.  PRO (Performance and Resource Optimization) tips is enabled on the master host group (the top level host group, containing child host groups).  This allows OpsMgr to feed virtualisation performance alerts to VMM and VMM will act on them.

When the VM started getting increased resource demands it needed to use more CPU.  Eventually it got to the point where the CPU was being maxed out.  The PRO tips monitor in question runs every 60 seconds.  It measures the CPU utilisation of the VM.  If 3 sequential samples are greater than 90% CPU utilisation the monitor will create an alert.  That alert will auto resolve when things quieten down – it is a monitor which is a state engine, i.e. aware of good and bad scenarios unlike a basic rule.

Because PRO tips was enabled VMM was able to move the VM from it’s current host to another host.  That move was done using Live Migration so there was no downtime associated with the move of the VM.  This means that other VM’s on the original host weren’t being deprived of resources.  Moving the VM to another, less utilised host, gave it more CPU resources that it could use.  Which host was best?  That was decided by VMM using Intelligent Placement, which I blogged about last week.

What I’ve just described was dynamic IT.  A problem was automatically detected and resolved using two System Center products working closely together.  I was alerted to the issue.  I didn’t need to do anything right there and then because the alert auto resolved immediately after the PRO tips live migrated the VM.  I talked to the customer of the VM and found out that this is peak season for them and CPU demands would be high.  We scheduled a maintenance window for early this morning.  The VM was power down, an extra virtual CPU was added and the VM was powered back up again.  Less than 5 minutes and now the VM has all the CPU it needs.

Emma Healey (MS Licensing person capable of speaking both English and Microsoft Licensing) has just posted about some changes coming with SQL 2008 R2.  The edition comparisons (available now) are:

SQL Datacenter edition will continue to allow unlimited virtual machines to run SQL on a host.  Enterprise edition changes to now allow up to 4 SQL instances to run on a host.

A new book, Mastering Virtual Machine Manager 2008 R2, has been published by Sybex/Wiley covering the subject of VMM 2008 R2.  It is written by two members of the VMM product team so the facts contained will be good.  The product description reads as follows:

“One-of-a-kind guide from Microsoft insiders on Virtual Machine Manager 2008 R2!

What better way to learn VMM 2008 R2 than from the high-powered Microsoft program managers themselves? This stellar author team takes you under the hood of VMM 2008 R2, providing intermediate and advanced coverage of all features.

• Walks you through Microsoft’s new System Center Virtual Machine Manager 2008, a unified system for managing all virtual and physical assets; VMM 2008 not only supports Windows Server 2008 Hyper-V, but also VMware ESXas well!
• Features a winning author team behind the new VMM
• Describes all the new and enhanced features of VMM 2008 R2 and devotes ample time to how it also supports top competitors VMware ES
• Uses a hands-on approach, giving you plenty of practical examples to clarify concepts

Open this in-depth guide and discover techniques and processes you can put to immediate use”.

VMM 2008 R2 is a powerful tool.  I work almost exclusively from within it and OpsMgr 2007 R2.  The ability to manage a number of Hyper-V hosts, and ESXi/ESX and Virtual Server hosts, and leverage the library to speed up otherwise boring, time consuming and manual (i.e. mistakes) operations is worth the price alone.  On top of that, it adds more to Hyper-V.  I’ve seen several times over this past weekend how PRO tips and Live Migration have optimised the loads on our cluster when there were more-than-normal resource requirements.

If you’re interested in learning how to make the most of your Hyper-V platform then look into VMM.  If you want to learn about VMM 2008 R2 then a book written by members of the product team has to be the best place to start.

I’m going to be looking at alternative ways to put computers and other monitored resources (e.g. Web and port monitors) into maintenance mode in Operations Manager 2007 R2 this week.  We pushed out patches this weekend.  We warned customers that they might get one or two nuisance alerts.  Sure, each of them just got a couple of alerts but we got a LOT because we get all of them.  I’ve tried a few batch script and task scheduler approaches and each of them has sucked.

I’m going to have to do this in PowerShell I think.  I’ll see how this week goes.  Any non-customer engineering is frozen until the new year.  I don’t want to make changes that may cause unwanted faults over the holidays.  That gives me some time to do some work; I hope!  Pre-sales is still busy and I’m even going out on-site with some hosting customers to do some work with them.

Post a comment to let me know how you get around scheduling maintenance mode in OpsMgr.

I’m now on Facebook.  Don’t ask me the URL for my page; I haven’t a clue.  Search for me and odds are you’ll find me.