Aidan Finn, IT Pro

I’m doing a lot of presentations lately that are just PowerPoint.  There’s no need to carry a laptop for demonstrations all of the time.  For example, I’m squeezing in a tonne of information into 3 hours at PubForum 2010 and I’m speaking at Epicenter in Dublin in a few weeks.  I also sometimes think that a smaller computer would be a great replacement for my Epson image tank – it’s a device photographers use in the field to store photos on when the requirements for memory cards are too much.  My Epson’s battery only lasts a very short while and additional ones cost a staggering and unjustifiable €90 or so.

My requirements for a netbook were simple:  VGA port, USB slots, decent sized hard drive and longer battery life than I’ll get from a laptop.  Check, check, check and 9 hours.  OK, it’s listed as 9 hours but I reckon it’ll give me 6.5.  There were machines that claim 12 hours life but they cost another €100 to €150.

Last night I ventured out and purchased a Samsung N150.  No, it’s not the latest, doesn’t do touch screen, doesn’t start with an “i”, and isn’t going to make nerds go “ooooooh!”.  But, it won’t overheat on a warm day, can run flash, and can run the OS I want: Windows 7.  That’ll make it great to replicate content from my laptop and PC via Mesh.

It came with an OEM build of Windows 7 Starter.  That wasn’t ever going to last too long on there but I decided to let it configure so I could see what was on there.  An hour later and the Samsung configurations were still running.  I quickly prepared a USB stick with a Windows 7 installer and wiped the netbook.  20 minutes later I was installing software and patching the OS.  I’ve no idea what Samsung were thinking but that was a great way to make their customer think they’d made a bad purchase.

As usual, the machine came with 1GB RAM.  I really don’t get that.  It’s got one slot but it’ll take up to 2GB so an upgrade will be done at some point.  All the usual good stuff will go on there: Office (I still have to use 2007 to use my publisher’s Word extensions), Live Essentials, MS Security Essentials, Faststone Image Viewer, etc.

The BPA for Hyper-V was released a while ago but I’ve not had any reason to use it up to now.  I put it onto a lab server yesterday to see what it would do for me.  The results were expected.

As those you will attend my “Best Practices” session on Hyper-V will learn, everything in Hyper-V comes down to the consultant’s favourite line: “it depends”.  Some things are great in some scenarios, some are not.  The advice I give is to understand the scenario, understand the architecture in Hyper-V and make decisions based on organizational goals with an understanding of the trade-offs.  A lot of understanding – and a great reason to pre-order my book or attend one of my presentations ;-)  This does not mean the BPA for Hyper-V is worthless.  Far from it.  You should install it.  You just need to understand what it might report.

The BPA for Hyper-V is a free download for Windows Server 2008 R2.  It takes advantage of the extensibility of Server Manager.  You browse to the Hyper-V role, scroll down and run the scan.  It only takes a few seconds.  A dialog will list a bunch of warnings and (hopefully no) errors.  Each one lists a “best practice” that is not met.  This is where the interpretation is necessary.

This be a powerful learning tool for those new to Hyper-V.  Install a pilot or test machine and run the tool to see what it advises.  From there, you can do a bunch of research to figure out what is right for your organization and infrastructure. 

I also think this will be a good place to start troubleshooting non-obvious issues with hosts or virtual machines.  For example, it’ll warn you about integration components not being installed or up to date.  It might give you a starting point for a certain VM acting up.

My advice?  Install it on every Hyper-V host (once your testing ensures it is fine for your network) and use it as required.  Just be sure to understand what it is telling you.

When it comes to choosing a manufacturer there’s a few factors to consider:

• Experience with their hardware?
• Do they have suitable servers and/or storage?
• Do they have hardware monitoring management packs?
• Do they have PRO tips management packs?

A big reason we choose Hyper-V for hardware virtualization is System Center.  That’s why two of those points focus on System Center.  I’ve previously talked about server hardware monitoring for IBM, Fujitsu, HP and Dell.  I’ve no experience with the Fujitsu stuff so I cannot rate it.  But that doesn’t stop me from ranking IBM as last in this category, based on my experience.  Dell and HP both do a great job in this category.  But that’s just the servers.  You should make sure your storage and networking solutions also have OpsMgr health and performance management packs.

One of the coolest aspects of Hyper-V/System Center is Performance and Resource Optimization (PRO).  PRO management packs can detect failures or performance issues in OpsMgr managed resources in your Hyper-V infrastructure.  That alert is passed on to Virtual Machine Manager.  VMM then takes an action, i.e. Live Migrate a VM, based on that failure.  For example, a NIC might fail in a host server.  Failover Clustering will not react to this but PRO will.  VM’s might be offline because of this so the VM’s are moved to the most suitable host for each workload.  This all means using a Hyper-V cluster.

You can find a listing of PRO management packs on the Microsoft site.  It’s an interesting list, including Dell, HP and IBM.  Storage components such as QLogic and Emulex (HBA’s) are there.  NetApp have a PRO pack.  Veeam even have one for VMM managed VMware environments – it seems like you might be able to bring PRO to vSphere!

So here’s what I’d do.  Start off by making sure there is an OpsMgr management pack for the hardware.  This really should be a free download from the manufacturer.  Then make sure the components you are going to be relying on for Hyper-V performance have PRO packs.  That’ll allow you to build a management system that builds in intelligence and automation into your virtualization and hardware.  You will really be able to change how you do IT; using accurate information to always make the best decisions, even when you’re asleep in bed!

Ben Armstrong posted lasted night on his blog about a new Hyper-V component poster.  You can see all the pieces and how they fit together.  This poster is available to download and print for yourself. Just visit Ben’s blog for the link.

I thought I would revisit this subject now that version 2.1 of the integration components has reached release candidate stage.  You really will want to use v2.1 because it introduces SMP support for multiple vCPU’s (up to 4) in a Linux VM as well as clock synch and host power integration (for clean guest shutdown or state save).

My original discussion said that if you were doing enterprise Hyper-V then you are probably also running Operations Manager.  The beauty of System Center and Hyper-V being used together is that you get a single management system for the entire computing stack.

OpsMgr 2007 R2, with Cumulative Update 1 supports a certain set of Linux distributions, versions and architectures.  Hyper-V’s Linux Integration Services 2.1 supports another set.  You really want to pick a Linux from the commonly supported distros.  The below diagram should help with that.

Note that RHEL x64 does not support the Pluggable Time Service integration service.  It also doesn’t have support from Project Satori (MS/Citrix project) for the VSC to capture a mouse.

It appears that SLES 11 (x86 and x64) and with RHEL 5 (x86 and x64) are the two to go with for deployment in the near future.  You might steer clear of RHEL x64 (and choose RHEL x86) if the partial support exceptions are an issue.

I’ve just been looking at the new 2U servers from HP. 

HP DL385 G7 (AMD) – The cheapest of the 2 CPU offerings

• HP ProLiant DL385 G7 6174 2P 16GB-R P410i/1GB FBWC Hot Plug SFF 750W RPS IC Sr
• AMD Opteron™ Model 6174 (12 core, 2.2 GHz, 12MB L3, 80W)
• 2 CPU
• 16 GB RAM
• Smart Array P410i/1GB FBWC Controller
• €5265 excluding VAT

HP DL380 G7 (Intel) – This is the cheapest 6-core Intel box

• HP ProLiant DL380 G7 X5650 2P 12GB-R P410i/1GB FBWC 8 SFF 750W RPS IC Server
• Intel® Xeon® X5650 (6 cores, 2.66 GHz, 12MB L3, 95W)
• 2 CPU
• 12 GB RAM
• Smart Array P410i/1GB FBWC Controller
• €5180 excluding VAT

You can get more computing power from the AMD server: 16 Cores and 16GB of base RAM compared to 12 cores and 12GB RAM in the Intel.  That could be the difference between an additional number of virtual machines, anywhere between 1 high end VM and 32 low end VM’s (based purely on CPU – additional memory would be required).

There is a 12 core AMD CPU model listed but it does not have a list price.  2 CPU’s would give it 24 cores!  That’s 48 Exchange 2010 VM vCPU’s or 24 SharePoint 2010 VM vCPU’s.  With the default 8:1 ratio that is 192 vCPU’s!

You should consider more than just hardware and scalability too.  If you are doing Windows 2008 R2 Datacenter per-CPU licensing for the parent partition (and VM’s) and System Center Management Suite (datacenter) per processor licensing for System Center then you save money with bigger CPU’s.  The more VM’s you can put on a host with bigger CPU’s –> fewer hosts & fewer CPU’s –> less licensing –> less space used –> less host management –> etcetera.

Right now, if I was doing a green field Hyper-V deployment then I would most certainly go with AMD CPU’s.  There is better value with their offering.

If you are expanding an existing Hyper-V deployment then you should stick with all-Intel or all-AMD so that VM’s can move between the hosts.

The Windows update MS10-24 for SMTP will wipe the SMTP configuration on Windows Server 2008.  I discovered this today when we found SMTP was no longer relaying email (or accepting local connections) on a couple of servers.  One server and I was scratching my head.  The second one and I knew there was only one common denominator.

It took me a couple of different search attempts to find the culprit.  Even then, I went to the official page for this update and I had to click through 3 pages to find a warning that there might be an issue (I linked the eventual page above).

The developer of this automatic update expects you to magically script a solution to run before the update and after it.  This will backup your SMTP configuration and restore it.  That’s even assuming that your crystal ball has warned you of a problem.  The next time I hear a MS security evangelist talk about instant approval and deployment of updates … …

I know the issue with this update is an exception.  But I am not impressed.  Believe me – I am holding back on how unimpressed I am.

*counting down from 10, 9, 8 …*

This one comes on foot of a thread on the Minasi forum related to how AV screwed up a VM on a Hyper-V host. 

My recommendation is to not put antivirus on a Hyper-V host.  Unfortunately there are times when the techies get overruled on that one.  If you have to install AV on a Hyper-V host then you must read every word of this page.  It deals with how to avoid the dreaded 0×800704C8, 0×80070037 or 0×800703E3 errors when you start up virtual machines.  Do not skim over the page, do not make any assumptions about knowing where VM files are, do not undervalue the “shortcuts” you might see, and be aware the hidden folder that is referred to.  Long-time readers might remember my first W2008 RC Hyper-V lab host and how a bunch of VM’s disappeared on me.  This was caused by AV scanning the VM files (including those “shortcuts”) after a host reboot.  The VM’s disappeared from the Hyper-V console, even though all the files were still there.

In a more general AV & Windows conversion, you should also pay attention to Microsoft’s doctrine on AV exclusions for enterprise deployments of Windows.  A long time ago, I had a Sysvol issue on a few DC’s in branch offices.  We ended up believing that our AV caused the issue.  Check out that site when you are putting in AV or configuring scan exclusions.

Call it what you want, ConfigMgr v.Next, Configuration Manager 2011, but the beta has just been launched.  It brings a bunch of new stuff in what is not just a refresh:

User centric application management  - Empowering Administrators to define intent, and end users flexible access to the right application at the right time

• Allow the administrator to think users first
• Application management model to capture admin intent
• End user self-service software portal

Infrastructure simplification – Simplify management infrastructure, processes and administrative overhead

• Unified management across PCs and devices
• New role based administration and end-user experiences
• Automated content distribution and troubleshooting
• Redesigned core infrastructure and improved scalability

Simplify Client Management – Daily tasks, model based configuration management and improvements over existing capabilities

• Automated compliance remediation
• Client health and auto remediation
• Remote control enhancements
• Offline servicing of OS images

I’ve already blogged about what I’ve seen so far.  This is a very exciting new release.  The last version seems to focus a lot on OS deployment.  This release is emphasising getting the right software to the end user, and allowing the end user to pull that software down on demand.  The demos are impressive.  Go check out the beta now.

I’ve previously blogged about this but I’ve been asked about it recently so I’m posting again.  I’ve also been watching lots of webcasts and reading web pages on the subject.

You an read the original text on the Microsoft TechNet site.

The first and most important thing to know is that Microsoft does not support the usage of DAG (database availability group) members on clustered virtualization solutions (Hyper-V, Xen, VMware, etc).  Their phrasing is that Exchange clustering solutions cannot be used on virtualization solutions.  No quick migration, no live migration, no vMotion, nothing.  This means that CCR and SCC are also not supported.

That’s it.  Simple as.  No negotiations.

I find this a little odd.  SQL supports guest failover clustering, host clustering, database mirroring in clustered virtual machines.  Other MS applications that use the ESE database have no issues with highly available virtualization.

What this means is that if you want to run Exchange DAG members as a virtual machine(s) then you need to run them on standalone hosts.  There’s no point in having one host; you’ll need two.  If you’re doing that then you’ll have at least two CAS, hub transport, CAS/Hubs, Edge, etc.  You can probably place one of each on your standalone hosts.

Why doesn’t Exchange support DAG on highly available virtualization?  I cannot think of a technical reason.  The Exchange product team has not shared one with us.  I’ve heard whispers of data corruption but I suspect that is pure speculation.  If you use Live Migration then you know that there is zero network traffic loss.  The “downtime” is 2 milliseconds; less than a TCP/IP timeout for single packet.  So it cannot be the fact that a VM is moved using Live Migration that is causing an “issue”.

[speculation] If I had to guess then here it is: The Exchange product group didn’t test it.  Usually, if an MS team doesn’t test something then they won’t support it.  Sometimes there are technical failings that cause the lack of support.  But when no reasons are given then that means they just didn’t have time, didn’t have the equipment or just didn’t see the point. I’m going out on a limb here: Exchange has been known to emphasise deadlines before product in the past (Exchange 2007 SP1 finished the product) and I would wonder if they just didn’t figure if the testing time was worth it.  They just couldn’t test Hyper-V; they’d have to cover all of the hardware virtualization solutions in SVVP.

Some people don’t _get_ virtualization so they don’t get the need for people to virtualize a Exchange VM’s with fault tolerance.  I’ve heard the argument: “why would you want to put highly available Exchange on a Hyper-V cluster?”.  Duh!  For all the usual virtualization reasons.  Any why on a cluster?  Because you don’t want to purchase host hardware just for Exchange.  Not everyone is one of the Fortune 1000’s and some of the reasons we virtualize is to get fewer physical hosts and lower ownership/operating costs.  A well designed, modern host can run a lot of high utilization VM’s. [/speculation]

Other stuff you should know about when it comes to Exchange (2007 SP1 and later) on hardware virtualization:

• Normally you get 8:1 vCPU to logical processor ratio in Hyper-V.  Exchange supports a 2:1 ratio.  Understandable if they believe Exchange will be a CPU eater.
• Dynamic VHD is not supported.  You have to use fixed VHD or passthrough disk.  I’m finding that this is a common one.  I’ve come to the conclusion that dynamic VHD is bad in production.  SQL has the same requirements. You can also use iSCSI storage that is initiated by the guest VM.
• The UM role cannot be virtualized.  This makes sense.
• Snapshots of a VM are not supported – this requirement is on every application I’ve checked out so far.
• Exchange 2003 is not supported on anything but Virtual Server 2005 R2 SP1.

I understand these requirements.  But I really do not get the clustering one. There isn’t an official technical reason that I know of.  It would be good if the Exchange product group got around to addressing this publicly before they got all wrapped up in Exchange 2010 SP1.

I just saw that John Kelbley and Mike Sterling have an updated version of their Hyper-V book hitting the shelves next month.  Windows Server 2008 R2 Hyper-V: Insiders Guide to Microsoft’s Hypervisor is available for pre-order now.  I have a copy of the previous Windows Server 2008 edition which gave a great insiders view into Hyper-V; both authors work for Microsoft as a part of the Hyper-V product group.  You can bet that the new book will be an informative read.

Do you want to know what the best practices for deploying Exchange, SharePoint and SQL are on Hyper-V (or any virtualization platform)?  Well here you go:

• Microsoft Virtualization Best Practices for Exchange Server
• Microsoft Virtualization Best Practices for SQL Server
• Deep Dive Microsoft Virtualization Best Practices for SQL Server
• Microsoft Virtualization Best Practices for SharePoint

There should be enough in there to keep you hiding from the boss for half a day.

Those in charge have told Microsoft that the corporation is now changing directions.  Much like what happened in the early mid-90’s with Internet technology, the company has been told to change or become less relevant in the future.  And this is why you will see more and more of “cloud” being pushed by Microsoft.

Staff are being brought into seminars to learn about what “cloud” means.  I wonder what definition they’ll use because there is not one accepted definition; every marketer has branded it the way that best represents the products that their company (or favourite company) sells.

Product is changing.  There is an Office online.  It’s even being integrated into Skydrive and Hotmail.  Azure and MS Online Services (BPOS) is being pushed in a big way – it’s the only thing the local office wants to talk about anymore.  System Center is moving towards cloud computing too – we’ll start to get a taste of that in v.Next in 2011 but I suspect 2013 will see direct integration, e.g. ConfigMgr child sites that live in MS Online Services.  And we already have heard that VMM v.Next probably will have the ability to move virtual machines from managed hosts and up into a new VM hosting service in Azure.  I’ve no idea whether Windows 8 will be going this way.  I suspect those going to TechEd in Berlin will be the first in the general public to hear about it.

Yes, I know, only the small organizations will put everything in the cloud and that not everything is appropriate.  However, one can argue that even the Fortune 100’s can put some stuff in the cloud or leverage from Software-as-a-Service products.  The big worry is reliability.  Will the product change and become not what you wanted?  You have no control over version upgrades of cloud services.  Will the service provider liquidate and take your data with them?  There is a certain amount of lock-in with SaaS and it’s very difficult to move between rival products.  Will they hike prices as soon as there is a dependency on them?  In Ireland and many other less developed countries, the network infrastructure often isn’t there to be able to be a cloud company. Outside of the major cities and towns, there is no broadband; only unreliable wireless/3G connectivity which is sometimes lucky to give you a 20KBPS transmission rate.

In reality, there will be a blend of on premises and cloud computing services in mid to large companies.

What I can confirm is: just like that first keynote at MMS (with 80+ mentions of the cloud in 82 minutes), all MS will want to talk to you about is cloud computing.

The Mastering Hyper-V Deployment book covers enterprise Hyper-V deployments (and we have stuff for the smaller guys too).  That means dealing with all the possible environments that you can encounter.  Building the lab for that in my house was a challenge – I don’t have an enterprise budget so I cannot splurge on servers as required.  Appropriately, virtualization is being leaned on quite heavily.

Here’s what the lab looks like:

At the heart of it all is my Hyper-V laptop.  I’m running a different eSATA drive caddy than my usual demo one for these labs.  The virtual machines won’t fit on it so they are on a large USB 2.0 drive which I had sitting on a shelf.  There is a mix of Wired and Wifi networking.  My house isn’t CAT wired and I use wifi.  The VMware ESX host won’t do wifi so I’m using wired networking between it and the Hyper-V host where vCenter and VMM virtual machines are running.  The Hyper-V laptop is also the Hyper-V server in the labs.

Everything works pretty well.  The only downside is moving large files across wifi which is very slow… but that gives me a chance to take a break or get some sleep at night.

I work from my writing laptop.  From there I can RDP onto any of the Windows machines that are on the wifi network (no routing enabled on the Hyper-V host) or alternatively use Hyper-V/VMM/vCenter connections to get on any of the VM’s.  I can grab my screen shots, save them on the laptop and write away until the wee hours of the morning.

I arrived in about an hour late for this event because I had to present at a cloud computing breakfast event in the city.  Writing until midnight, doing work until 1am and getting up at 05:30 has left me a bit numb so my notes today could be a mess.

The ash cloud has caused last minute havoc with the speakers but the MS Ireland guys have done a good job adjusting to it.

System Center v.Next

I arrived in time for Jeff Wettlaufer’s session.

The VMM v.Next console is open with an overview of a “datacenter", giving a glimpse of what is going on.  We see the library and shares which is much better laid out.  It includes Server App-V packages, templates, virtual hard disks, MSDeploy packages (IIS applications), SQL DAC packages, PowerShell, ISO and answer files.

VMM v.Next

The VMM model is shown next.  We can create a template for a service.  This includes virtual templates for virtual machines: database, application, web, etc.  The web VM is shown.  We can see the MS deploy package from the library is contained within the template for this VM.  The web tier in the model can be scaled out automatically using a control for the model.  The initial instance count, maximum and minimum instance counts can be set.  The binding to network cards can be sent too.

An instance of this model is deployed: lots of VM’s are included in the model.  One deployment = lots of new VM’s.  We now see the software update mechanism.  The compliant and non compliant running VHD’s are identified.  Normally we’d do maintenance windows, patching and reboots.  With this approach we can remediate the running VM’s VHD’s.  Because there are virtualised services, they can be migrated onto up-to-date VHD’s and the old VHD’s are remediated. The service stays running and there are no reboots or maintenance windows.

This makes private cloud computing even better.  We already can have very high uptimes with current technology.  The only blips are usually in upgrades.  This eliminates that.  The model approach also optimises the

Operations Manager 2007 R2 Azure Management Pack

You can use an onsite installation of OpsMgr to manage Azure hosted applications.  This is apparently out at the end of 2010.  We get a demo starting with a model, including web/database services, synthetic transactions and the Azure management pack containing Azure objects (a web front end that fronts the on-premises databases).  We see the usual alert and troubleshooting stuff from OpsMgr.  Now we see that tasks for Azure are integrated.  This includes the addition of a new web role instance on Azure.  In theory this could be automated as a response to underperforming services (use synthetic transactions) but it would need to be tested and monitored to avoid crazy responses that would cost a fortune.

Almost everything in the System Center world has a new release or refresh in 2011.  It will be a BIG year.  I suspect MMS 2011 will be nuts.

It looks like I missed 4 of the demos :-(  That’s work for ya!

Configuration Manager v.Next– Jeff Wettlaufer

Woohoo!  I didn’t miss it.

The focus on this release is user centric client management.  The typical user profile has changed.  Kids are entering the workplace who are IT savvy.  The current generation knows what they want (a lot of the time).  MS wants to empower them.  Users should self-provision, connect from anywhere, access devices and services from anywhere. 

There should be a unified systems management solution.  Do you want point solutions for software, auditing, patching, anti-malware, etc.

Control is always important.  Whether it is compliance for licensing, auditing, policy enforcement, etc.  Business assets must be available, reliable and secure.  Automation must be employed and expanded upon to remove the human element – more efficient, allow better use of time to focus on projects, less mistake prone.

ConfigMgr 2007 does a lot of this.  However, it didn’t do the last step: remediating non-compliance with policy (software, security, etc).

Notes: 75% of American and 80% of Japanese workers will be mobile in 2011.  The IT Pro needs to change: be more generalized and have a variety of skills capable of changing quickly.  IT in the business has “comsumerized”: they are dictating what they want or need rather than IT doing that.  I think many admins in small/medium organizations or those dealing with executives will say that there has always been some aspect to that.  The new profile of user will cause this to grow.

System Center ConfigMgr is moving towards answering these questions.  The end user will be empowered to be able to self-provision.  Right now, the 2007 release translates a user to a device, and s/w distribution is a glorified script.  It is also very fire and forget, e.g. an uninstalled application won’t be automatically reinstalled so there isn’t a policy approach.

The v.Next method changes this.  It will understand the difference between different types of device the user may have.  It is more flexible.  It is a policy management solution, e.g. an uninstalled application will be automatically reinstalled because it is policy defined/remediated.

Software distribution in v.Next: relationships will be maintained between the user and devices.  User assigned software will be installed only if the user is the primary user of the device – save on licensing and bandwidth.  S/W can be pre-deployed to the primary devices via WOL, off-peak hours, etc.

Application management is changing too.  Administrators will manage applications, not scripts.  The deployments are state based, i.e. ConfigMgr knows if the application is present or not and can re-install it.  Requirements for an application can be assessed at installation time to see if the application should even be installed at all.  Dependencies with other applications can be assessed automatically too.  All of this will simplify the application management process (collections) and troubleshooting of failed installations.

For the end user, there is a web based application catalog.  A user can easily find and install application.  A workflow for installation/license approval can back this up.  S/W will install immediately after selection/approval – this uses Silverlight to trigger the agent.  A user can define what their business hours are in the client to control installations or pre-deployments.  They can also manage things like automated reboots – no one likes a mandated reboot (after 5 minutes) while doing something important, e.g. a live meeting, demo, presentation, etc.  This is coming in beta2: there will be a pre-flight check feature where you can see what will happen with an application if you were to target it at a collection.  You then can do some pre-emptive work to avoid any failures.  I LIKE that!

We now see a demo of a software package/deployment.  An installer package for Adobe Reader is imported.  This isn’t alien from what we know now.  There is a tagging mechanisms for searches.  We can define the intent: install for user or install for system.  You can add deployment types for an existing application.  We see how an App-V manifest is added to the existing application which was previously contained _just_ an MSI package.  Now you can do an install or an App-V deployment (stream and/or complete deployment) with the one application in ConfigMgr.  So we now have 2 deployment types (packages) in a single application.  This makes management much easier. 

We see that the deployment of the application can be assigned to a user and will only be installed to their primary device.  System requirements for the application can be included in the package.

A deployment (used to be called an advertisement) is started and targeted at a collection.  The distribution points are selected.  Now you can specify an intent, e.g. make the application available to the user or push it.  The usual stuff like scheduling, OpsMgr integration are all present.

SQL is being leveraged more and more.  A lot of the file system and copy operations are going away and being replaces with SQL object replication.  It also sounds like the ConfigMgr server components might be 64-bit only.

The MMC GUI is being dropped.  The new UI is more intuitive, better laid out and faster.  It will filter content based on role/permissions  in ConfigMgr.  This will make usage of the console easier.  Wunderbars finally make an appearance in ConfigMgr to allow different views to be presented: Administration, Software Library, Assets and Compliance, and Monitoring.

Role Based Administration: The MMC did cause havoc with this.  A security role can be configured.  This moves in the same direction as VMM and OpsMgr.  13 roles are built into the beta1 build.  You can bound the rights and access in ConfigMgr, e.g. application administrator, asset analyst, mobile device analyst, read only roles, etc.  We are warned that this might change before RTM.  Custom roles can be created.  When a role logs into the console they will see only what is relevant (permitted).  Current ConfigMgr sites did this by tweaking files on site servers which is totally not supported and caused lots of PSS tickets.

Primary sites are needed only for scale out.  The current architecture can be very complex in a large network.  Content distribution can be done with secondary sites, DP’s (throttling/scheduling), BranchCache and Branch Distribution Points.  Client agents settings are configurable in a collection rather than in a primary site.

Note: we see zero hands go up when we are asked if anyone is using BranchCache.  That’s not surprising because of the licensing requirements, the limit of not having upload efficiencies (compared to network appliance solutions) and limited number of supported solutions.

Jeff says that client traffic to cross-wan ConfigMgr servers dropped by 92% when BranchCache was employed – the distribution point can be BITS (HTTPS) enabled.

Distribution point management has been simplified with groups.  Content can be added based on group membershpip.  Content can be staged to DP’s, as well as scheduled and throttled.

SQL investments mean that the inbox is gone in v.Next.  Support issue #1 was the inbox.  There are SQL methods for inter-site communications.  SQL Reporting Services is going to be used.  SQL skills will be required.  MS needs to invest in training people on this.

ConfigMgr client health features have been expanded.  There is configurable monitoring/remediation for client prerequisites, client reinstallation, windows services dependencies, WMI, etc.  There are in-console alerts when certain numbers of unhealthy clients are detected – configurable threshold.

There is a common administration experience for mobile device management – CAB files can be added to ConfigMgr applications (not just App-V and MSI/installer).  Cross-platform device support (Nokia Symbian) is being added.  User centric application and configuration management will be in it.  You can monitor and remediate out of date devices.

Software Updates introduces a group which contains collections.  You can target updates to a group.  This in turn targets the contained collections.  Auto-deployment rules are being introduced.  Some want to do patch tuesday updates automatically.  You DEFINITELY need to auto-approve anti-virus/malware updates (Microsoft Forefront updates flow through Windows Updates).  Auto-approved updates will automatically flow out to managed clients.  This has a new interface but it’s a similar idea to what you get with WSUS. 

Operating System Deployment is a BIG feature for MS in this product.  We now get offline servicing of images.  It supports component based servicing and uses the approved updates.  This means that newly deployed PC’s will be up to date when it comes to updates.  There is now a hierarchy-wide boot media (we don’t need one per site and saving time to create and manage it).  Unattended boot media mode with not need to press <Next>.  We can use PXE hooks to automatically select a task sequence so we don’t need to select one from a list.  USMT 4.0 will have UI integration and support hard-link, offline and shadow copy features.  In 2007 SP2, these features are supported but hidden behind the GUI.

Remote Control is back.  Someone wants it.  I don’t see why – the feature is built into Windows and can be controlled by GPO.

Settings Management (aka Desired Configuration Management) is where you can define a policy for settings and identify non-compliance.  V.Next introduces automated remediation of this via the GUI.  This is an option so it is not required: monitor versus enforce.  Audit tracking (who changed what) is added.

Readiness Tips: Get to 64-bit OS’s ASAP.  Start using BranchCache.  Plan on flattening the hierarchy.  Use W2008 64-bit or later.  Start learning SQL replication.  Use AD sites for site boundaries and UNC paths for content.

A VHD with a 500 day time bombed VHD will be made available by MS in a few weeks.  Some hand-on labs will be made available soon after in TechNet Online. 

Can you see why I reckon ConfigMgr is the biggest and most complex of the MS products?

Operations Manager

Irish OpsMgr MVP Paul Keely did this session.  I missed the first half hour because I was talking to Jeff Wettlaufer and Ryan O’Hara from Redmond.  When I came back I saw that Paul was talking about the updates that have been made available for OpsMgr 2007 R2.  The demo being shown was the SLA Dashboard for OpsMgr.

Management pack authoring: “you need to have a PhD to author a management pack”.  This is still so true.

Using a Viso/OpsMgr connector you can load a distributed application into Visio.  You can then export this into SharePoint where the DA can be viewed on a site.

KB979490 Cumulative Update 2 includes support for SLES 11 32-bit and 64-bit and zones for all versions of Solaris.

V.Next: MS have licensed “EMC Smarts” for network monitoring.  An agent can figure out what switch it is on and then figure out the network. This means OpsMgr can figure out the entire network infrastructure and detect when a component fails. 

Management packs are changing.  A new delay and correlation process will alert you about the root cause of an issue rather than alert you about every component that has failed because of the root cause.  This makes for a better informed and clearer issue notification.

Opalis

This is a recent System Center acquisition for automated work flows.  The speaker was to fly in this morning but the ash cloud caused airports to close.  MS Ireland have attempted to set up a Live Meeting where the speaker can present to us from the UK.

The speaker is Greg Charman and is present in a tiny window in the top left of the projector screen.

We have a number of IT silos: SQL, virtualisation, servers, etc.  Applications or processes tend to cross those silos, e.g. SQL is used by System Center.  Server management relies on virtualization.  Server management and virtualization both use System Center.

Opalis provides automation, orchestration and integration between System Center.  Currently (because it was recently acquired) it also plugs into 3rd party products. Maybe it will and maybe it won’t continue to support 3rd party products in future releases.

Opalis provides runbook/process automation.  You remove human action from the process to improve the speed and reliability.  It also allows processes to cross the IT silos.

In the architecture, there is an Integrated Data Bus.  Anything that can connect to this can interact with other services (in theory).  Lots of things are shown: Microsoft, BMC, HP, CA, IBM, EMC, and Custom Applications. 

A typical process today: OpsMgr raises an alert.  Manually investigate if it is valid.  Update a service desk ticket.  Figure out what broke and test solutions.  Maybe include a 3rd party service provider.  All of these tasks take time and the issue goes on and on.

Opalis: sees the alert and verifies the fault.  It updates the issue.  It does some diagnostics.  It passes the results back to the service desk.  It might fix the problem and close the ticket.  At the least it could provide lots of information for a manual remediation.

Opalis is used for:

• Incident management: orchestrate the troubleshooting.  Maybe identify the cause and remediate the issue.
• Virtual machine life cycle management: Automate provisioning and resource allocation.  Extend virtual machine management to the cloud.  Control VM sprawl.
• Change and control management: This integrates ConfigMgr and VMM.

The integration for some products will be released later in 2010.  The VMM and ConfigMgr integrations are in the roadmap, along with a bunch of other MS ones.

System Center Essentials 2010

This is presented by Wilbour Craddock.  As most companies in Ireland are small/medium, SCE 2010 should be a natural fit for a lot of them.  Remember that it is a little crippled compared to the full individual products.  It can manage up to 50 servers (physical or virtual) and up to 500 clients.

• Monitor server infrastructure using the OpsMgr components.
• Manage virtual machine using the VMM 2008 R2 components.  This include P2V and PRO tips.
• Manage s/w and updates using the ConfigMgr components.

The “SCE 2010 Plus” SKU adds DPM 2010 to the solution so you can backup your systems.

Inventorying: Runs every 22 hours and includes 60+ h/w and s/w attributes.  Visibility is through reports.  180 reports available.  New in 2010: Virtualization candidates.

Monitoring includes network management with SNMP v1 and SNMP v2.  It uses the same management packs as OpsMgr.  Third party and custom ones can be added.  The product will let you know when there is a new MP in the MS catalog.

Only the evaluation is available as an RTM right now.  The full RTM and pricing for it will be available in June.

Patching is done with WSUS and this is integrated with the solution.  Auto-approval deadlines are available.  It can synch with the Windows catalogue multiple times in a day.  There is a simple view for needed updates.

SCE can deploy software but it cannot deploy operating systems.  You can use the free WDS or MDT to do this.  Note that a new version of MDT seems to be on the way.  The software deployment process is much simpler than what you get with ConfigMgr, thanks to the reduced size of the network that it supports.  It assumes a much simpler network.

At first glimpse of the feature list, it appears to include most of the VMM features, but it not not be as good as VMM 2008 R2.  It cannot manage a VMware infrastructure but it can do V2V.  Host configuration might be better than VMM.  P2V is different than in VMM.  The Hyper-V console is still going to be regularly used, e.g. you can’t manage Hyper-V networking in SCE 2010.  Enabling a physical machine to run Hyper-V is as simple as clicking “Designate as a host”.  PowerShell scripts are not revealed in the GUI like in VMM but you can still use PowerShell scripts.

Software deployment now include filtering, e.g. CPU type X and Operating System Y.  You can modify the properties of existing packages.

The setup is simple: 10 screens.  Configuration is driven by a wizard.

Requirements: W2k* or W2K8 R2 64-bit only.  2.8GHz, 4GB RAM, 150GB disk recommended.  It can manage XP, W2003, and later.

The server with DPM will be around €800.  Each managed device (desktop or server) will require a management license.  You can purchase management licenses to include DPM support or not.  This means you can backup your servers, maybe a few PC’s and choose to use the cheaper management licenses for the rest of the PC’s.

Intune

Will talks about this.  Dublin/Ireland will be included in phase II of the beta.  It provides malware protection and asset assessment from the cloud.  It will be used in the smaller organizations that are too small for SCE 2010. 

That was the end of the event.  It was an enjoyable day and a good taster of what happened at MMS.

I’ve tuned into a System Center Influencers webcast (I’ll only see the first 15 minutes).  One of the slides says that demand for IT Pro specialists will plummet by 40% in 2010.  Wow!  IT Pro’s will need to have more varied skills in the future – according to the MS presenter, Bill Anderson.  So if you are “just” an AD pro, or “just” a software packing person, you need to start varying your skills now.

I like the idea of maintenance mode in System Center Virtual Machine Manager 2008 R2.  You simply put a host into maintenance mode and it uses Live Migration to flush all the VM’s to the most suitable hosts in the cluster.  Intelligent placement ignores that host until maintenance mode terminates.  You can then work away on it, e.g. patch it or do hardware maintenance.

The first time I tried it in anger in production I forgot to set maintenance mode in OpsMgr.  As you can expect, a few alerts went out and my boss contacted me pretty quickly.  That’s because VMM maintenance mode has nothing to do with Operations Manager’s maintenance mode.  OK – I’ll have to remember that from now on.

On a tangent: we patch almost everything automatically on a scheduled basis.  Scripts run on a scheduled basis to trigger maintenance mode.  That prevents most of the noise but still some gets through.  Our Hyper-V hosts are patched manually.  Live Migration enables this to be done during the day.

I watched the System Center Influencers (only) demo of the Virtual Machine Servicing Tool V3.0 beta the other evening.  It adds functionality to patch clustered W2008 R2 Hyper-V hosts in an automated scheduled basis.  Sweet!  It uses VMM to put each host, one at a time, in VMM maintenance mode and patches it.  Immediately I asked about OpsMgr.  There is no integration.

So I asked the question of MS and Michael Michael (MS VMM teams and author of Mastering Virtual Machine Manager 2008 R2) responded with a solution.  There is an OpsMgr 2007 and 2007 R2 management pack that will detect VMM 2008 R2 maintenance mode on your VMM server.  It will use this to put the relevant host into maintenance mode in OpsMgr.  Nice!

I’ve yet to test this so I cannot say how successful it will be.  I also don’t know if it will do anything to quieten down the Failover Clustering management pack which will create some noise when a clustered host reboots.  It should be noted that the developer provides it as is with no support statements.  That means it is not an official MS product.  Test it before you use it.

Microsoft has released a Best Practices Analyser for Hyper-V.  It is available for download now.  Like the other BPA’s for Windows Server 2008 R2, you will run it from Server Manager.  When I am asked about best practices I usually have to resort to the consultant’s answer: “it depends”.  But there are some things you can catch and that’s what this tool will do.

Some enterprising OpsMgr management pack author might be able to take advantage of this tool to do some cleverness: imagine if a management pack could run the tool and use the results to generate alerts.  That would be nice to run periodic automated checks of your Hyper-V hosts and virtual machines.

Microsoft has released version 2 of the Configuration Manager 2007 toolkit.  You can read more about it here.  Basically, it’s a bunch of utilities help with administration and troubleshooting.

There’s a lot of developments on the way for the next versions of Operations Manager and Virtual Machine Manager.  A lot of those are aimed at Azure integration.  You can read more about the future here.

The VMM team some guidance on how to troubleshoot scenarios where VMM has issues communicating with a managed host.

Ben Armstrong posted about EMC’s new VPLEX for spreading storage across multiple sites, e.g. a multi-site Hyper-V cluster.  It sounds kinda like the functionality you get from HP Lefthand or Compellent but I’m no EMC expert.

Remember that Microsoft Ireland is hosting a “best of MMS 2010” event next week on Monday the 17th.  Speakers from Ireland, Redmond and from MS UK will be presenting on some of the content from the show.  I’m most looking forward to the ConfigMgr, Service Manager and Opalis presentations.  MS UK is also running something similar so check out your local feeds.

This is a webcast for the System Center Influencers.  I’ll do my best to blog as it goes along.  It follows the recent beta release of VMST 3.0.  This is the release I’ve been waiting for.  Prior to this, it really only handled VM’s stored in an offline state in the library.  But now there is patching for:

• Offline virtual machines in a SCVMM library
• Stopped and saved state virtual machines on a host
• Virtual machine templates
• Offline virtual hard disks in a SCVMM library by injecting update packages (DISM)
• Automated patching of Windows Server 2008 R2 failover cluster hosts running Hyper-V (using Live Migration for zero VM downtime)

Now that’s what I’m talking about!!! We’re very slowly moving towards some of the cool patching functionality for templates that is in VMM v.Next.  That last one is a biggie!

The Challenges:

• Dormant VM’s miss patch Tuesday.
• When they wake up they are non-compliant and vulnerable to network threats.
• Patching without VMST is a manual process which is a waste of effort.

OVMST 2.1

• Works with stored VM’s in the VMM library
• Patches via WSUS & ConfigMgr with VMM
• Move VM to maintenance host, start VM, patch it, shutdown, move to library.
• Uses VMM PowerShell cmdlets.
• Supports Hyper-V and Virtual Server 2005 R2 SP1

VSMT 3.0 Beta

Note that it is no longer called the “Offline …” tool.  See the previous features for the reason why.

The offline VM process works as usual, by moving it onto a maintenance host, starting, patching, shutting down and restoring it to the library.

Demo of Configuration and Offline Servicing

We see a VMM library with offline VM’s and template VHD’s.  There are 2 hosts.  Some VM’s are stopped, some are in saved state.  One host is labelled as being a maintenance host.  The VMST GUI is the usual System Center MMC “wunderbar” GUI.  The VMM server is selected, along with ConfigMgr and/or WSUS.  The maintenance host is selected in the wizard.  Credentials for servicing offline VHD’s is entered.  Timeouts for copies and updates are also entered (be careful with service pack updates which can be VERY time consuming – lesson learned from SMS updating process back in 2005). 

You can create groups for VHD’s, from VM’s in the library, from VM’s in template groups, and from VM’s in host groups.  You now create a servicing job for selected VM’s from the group(s).  You can also specify if the VM should use its own configured virtual network or from a selected VLAN (maintenance network).  A schedule is entered for the job, e.g. now, later or on a recurring basis.  You can track the job process in VMST or in VMM.

Servicing Shutdown VM’s on a Host

The VM is moved from the production host to a maintenance host.  Here it is started and patched.  The VM is shutdown and returned to the original host.  The configuration is pretty similar, just using a “stopped VM group” instead.  You can include VM’s with a saved state – these VM’s will lose their saved state.  This is because the VM is powered (woken) up and powered down.

Patching Virtual Machine Templates

These are files stored in the VMM library along with metadata in the VMM SQL database.  Patching these requires using a different method.  VMST creates a “gold VM” from the template and maintains a mapping to it.  The gold VM is started on the maintenance host.  The gold VM is updated.  The gold VM is cloned (not moved or new template).  The cloned VM is sysprepped and replaced the template VHD.  The gold VM is left in place for the next patching.

In the demo, you can select a pre-existing VM from the template that you are going to maintain.  This means you need to deploy 1 VM from each 1 template you keep in the library.  You can choose to backup the template in the library (1 version only per template), just in case the patching breaks the template.

Patching Offline (not template) VHD’s

The VHD can be mounted using Diskpart on a maintenance host (not necc. Hyper-V: W7 or W2008 R2) and DISM is used to inject the update packages into the VHD.

Patching W2008 R2 Clustered Hyper-V Hosts

Must be W2008 R2 hosts and must be clustered.  It puts a host into VMM maintenance mode –> Live Migrates the VM’s to another host.  It patches the host and removes VMM maintenance mode.  The process repeats through the cluster nodes.

There is no integration with OpsMgr so you’ll need to configure a scheduled maintenance mode (by yourself) there for all of your hosts in the cluster to prevent all sorts of nasty alerts.

Summary

This was a good presentation – very demo focused which I like.  The product is now at a point where I think all VMM users should implement it.

I previously wrote a Hyper-V RAM Calculator spreadsheet.  During the process of writing Mastering Hyper-V Deployment, I decided that I needed to put together something that covers more than just RAM.  The new Hyper-V Calculator spreadsheet covers RAM, disk, clustering and CPU.  The CPU stuff is a little rough so you should use it more as a rule of thumb than anything else.

As usual, no promises are made.  Use it if you want and do so at your own risk.  You can download it from here.