Month: April 2012

See Windows Server 8 Hyper-V Simultaneous Live Migration & Cluster Host Drain In Action

Yesterday I showed you how my Windows Server 8 Hyper-V lab is currently built (I’m in the process of wiping to build something more flexible).  Today, I’m going to show you two things:

  1. Not just Live Migration in action, but simultaneous Live Migration.  I’ll be moving all 66 VMs from Host1 to Host2, and they’ll move 20 at a time.  This is a huge improvement over the 1 at a time that we can do in W2008 R2, and way more than the maximum of 4 (on 1 GbE) or 8 (on 10 GbE) that vSphere 5.0 can handle.  BTW, I was moving all of them at once last night Smile
  2. I’m going to perform the move by draining Host1 using a new pause function.  This is used for host maintenance (similar to VMM maintenance mode) and will Live Migrate the VMs to the most suitable host (Failover Clustering measures memory, where VMM does Intelligent Placement).  This pause function is used by Windows Server 8 Cluster Aware Updating.

In the demo, you’ll see my 20 GbE NIC team that is used for Live Migration and the 1 GbE file server where the VMs are located:

 

 

How I Currently Have A Windows Server 8 Hyper-V Cluster Configured

The great thing about a lab with lots of NICs is that you can configure in lots of ways.  Today I built out a new Windows Server 8 Hyper-V cluster, using SMB 2.2 as the storage for the VMs.  This is how I configured it:

image

You might notice that the configuration isn’t all that different from what you’re used to.  You still require certain communication channels.  How you create those channels can vary wildly in Windows Server 8.  In W2008/R2 you require physical NICs.  In the new version of Hyper-V you can do that, you can create that same effect with native NIC teams to aggregate bandwidth (as I did here), or you can create converged fabrics (as few as 2 physical NICs), or fabrics with isolation, and on and on.  But you still need 2 channels for the cluster, as you can see in the middle of my diagram.

I went a little nuts then.  I used my PowerShell script to create 76 VMs.  Off I went to a meeting, and they were waiting for me when I came back.  And then I did my first stress test of concurrent Live Migration.  You can see that I had a 20 GbE pipe made up of 2 * 10 GbE NICs in a NIC team.  It ran pretty quickly … 38 GB of VM RAM from Host1 to Host2.  I think I might try to script that Live Migration, and run it back and forth again and again to see what happens Smile

A Few IT Podcasts To Consider

You’ve probably seen me mention TWiT a few times in the past.  There’s two podcasts, hosted by Leo Laporte, that they do that I subscribe to.

Security Now

Steve Gibson is the featured presenter.  The focus is security, but it often (weekly) strays into off-topic but mostly interesting areas.  In the first part of the show, you get a breakdown of what’s happened in IT security in the last week, be it a big hack, a new vulnerability, updates to be especially aware of, and so on.  Steve’s gift here is that he’s a 1’s and 0’s developer and really understands it.  The rest of the show alternates between delving into a topic one week (like router buffer bloat) or Q&A on recent discussions the next week.  And then there’s the tangents … coffee making, sci-fi books, gadget purchases, portable dog silencing devices, … you get the idea Smile 

Windows Weekly

Paul Thurrot and Mary-Jo Foley are featured in this podcast, talking all things Windows.  It is very much consumer oriented, but every now and then Mary-Jo sneaks in some Hyper-V news, much to the enjoyment of Leo Winking smile  My pet peeve is the Windows Phone news, but I guess someone has bought one Smile with tongue out  The value of this show is to hear the story behind the blog posts from two of the biggest names in Microsoft news reporting.

RunAs Radio

I’ve been looking for a podcast aimed at the IT Pro listener ever since I got my iPhone.  And somehow my searches never found RunAs Radio.  To be honest, I only found them when I was asked about being a guest one week (I recorded the show on Monday night and it will be released in a few weeks).  I might be late to the party, but it’s a treasure trove.  I drove around 1,000 KM last week for a road show, and this podcast kept me entertained and educated for a large portion of it.  Each week, the host Richard Campbell – sometimes with Greg Hughes – chats with a guest about some topic that we who work with IT in the business world will want to listen to … MDT 2012, System Center 2012, Hyper-V, SQL 2012, IPv6 …. it’s all there and more, with guests like MVPs, Mark Minasi, Rhonda Layfield, Jeff Woolsey … and soon: me!

So if you want to make your travelling more enjoyable and educational, fire up iTunes and subscribe to these podcasts … or find their RSS feeds and copy/paste them into Zune … and happy listening!

Deploy Pre-Configured Windows Server 8 Hyper-V VMs From A Template VHD

Windows Server 8 Hyper-V is giving me so many more cool options.  I wanted to deploy a new VM that would be a DC, DNS, and DHCP server.  I copied my template VHD, and created a VM.  Before powering up, I fired up Server Manager in Windows Server 8 and decided to add roles/features.  I added the DC, DNS, and DHCP roles to the VHD.  Then I powered up the VM.  The roles were pre-installed, and all I had to do was DCPROMO (now done in Server Manager) and configure the DHCP service.  Nice!

I haven’t checked but I guess I can automate this using Server Manager PowerShell cmdlets.  Yet more options!  Loving it!

Will Windows 8 Metro & Microsoft Store Increase Our Security?

As yet another Java update (only thing more frequent is Adobe) is installed on my work PC, I wonder how many people have disabled auto updates or fail to deploy updates in a “managed” environment.  This morning, I woke up, checked my iPad *gasp* and noticed there was an update to the Netflix app to solve a login problem I’d been having.  Nice, and a bunch of other apps wanted updates too.  Sure, why not?  I’d update the lot with a click.

If you’ve spent some time with the Windows 8 Consumer Preview then you’ve seen something similar.  The Store tile updates with a number to show how many updates are available, which you can then install with a tap/click.

Metro apps van only be installed/updated via the Store.  That means as soon as a publisher has a new version, they load it into the store, and we just update.  So in theory, if they fix something (a bug or security issue), we can update with a click.

That should increase our security levels.  We’ll be aware of updates via the tile, just like when the AppStore icon on iOS shows a red number in the corner.  The question is, will the users click that?  Remember that rule #1 says users are stupid. 

I hope businesses get a way to force updates.  I’d love to see the Windows Update service pull down and install Metro app updates.  We can force that nicely, and it would give us a single update mechanism.  But the flaw there is those consumer focused WOA (Windows on ARM) tablets with no domain membership.  We’ve heard whispers of a business friendly app store.  Maybe that will exist, and maybe it’ll give us an update policy engine.  Who knows!?!?!?  I guess we’ll learn more in the coming months.

But what I do know is, that updates will be easier and quicker for publisher and user alike, and will make the app on the desktop more secure.

Technorati Tags: ,

System Center 2012 RTM is Available To Download

I just saw a tweet by Anthony Crotty where he said:

Stumbled across the System Center 2012 Suite on the Volume License website

So I just checked and ….

image

… there it is.  I just checked MSDN but it is not there yet.  Your distributor or LAR should have pricing as of this morning – we did, as well as for the new CIS license.

That explains the glut of System Center 2012 downloads that came out overnight and continue to appear today on the Downloads site.

EDIT:

Thanks to Wilbour Craddock for this: TechNet and MSDN now have System Center 2012 available for download.

Technorati Tags: ,

System Center 2012 Technical Documentation Downloads

Smell that?  We’re getting close to release!  Microsoft has released a bunch of technical documentation downloads for System Center 2012:

And there’s a lot of related downloads available too:

  • Microsoft Security Compliance Manager: Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.
  • System Center 2012 – Service Manager Component Add-ons and Extensions: Download and install add-ons and extensions for the System Center 2012 – Service Manager component.
  • System Center 2012 – Orchestrator Component Add-ons and Extensions: Download and install add-ons and extensions for the System Center 2012 – Orchestrator component.

And there are some new management packs too!  Check the catalog, read the documentation, prep, download, import, and configure as specified in that documentation you made sure to read first, rather than lazily importing the management packs via the import GUI and hoping for the best Smile

Application Catalog Is The Killer Feature In System Center 2012 Configuration Manager

I deliberately picked the Application Catalog as the focal point of my demo/presentation at the System Center 2012 launch events in Dublin and Belfast because it shows how System Center 2012 recognises that IT services must change to empower the user and embrace IT controlled/secured/audited automation.

The Past

SMS 2003 was the first “System Center” product that I worked with.  We wanted something that was more powerful than Group Policy for software deployment.  The company I was working for also just signed a Microsoft enterprise agreement and we needed a software auditing solution to live up to our requirements.  So I asked one of my team, who previously did consulting on SMS 2.0, to deploy it, and I learned the product from him.

The software deployment feature was powerful.  We’d import or create a package containing the files.  Maybe we’d have to teak or create a program to install/uninstall the package.  We’d distribute the files to distribution points/secondary sites.  And then we’d advertise the required program to a collection of machines.  We never targeted users because they could roam and needlessly drag expensive software, such as Visio or Project, around with them, driving up our licensing costs.

It was easy to push out standard software like Adobe Reader.  It would go out to all Windows XP (as it was at the time) machines.  But Visio or Project?  We basically had to wait on a request.  A user would call the helpdesk asking for Visio and then a low priority ticket was created.  That ticket could wait until the higher priority tickets were dealt with.  Our Helpdesk had a 4 hour SLA so maybe 4 hours later (usually much less) they’d drop the user’s computer account into a security group for machines that should get Visio. 

And here’s why I told people that you need patience with Configuration Manager.  The process has gone unchanged … it’s just now we have a different way to tackle it.  In the past we had to push that software.  ConfigMgr/SMS would update collection memberships on a schedule, every 24 hours by default.  We had a “small” network (by Microsoft or ConfigMgr standards) so we scheduled the collection to update every hour.  Then it would query the new group membership and update its own membership. 

On the client machine, the ConfigMgr/SMS client would automatically connect to the Management Point every hour to get new policy.  At that point it would, thanks to the new Visio collection membership, realise it should install Visio.  It would then download the files and install.

Think about how long this took:

  • Helpdesk to respond – up to 4 hours (let’s go worst case scenario) – 4 hours
  • The collection to update – we’ll say 1 hour but it could have been 24 hours – 1 hour
  • The client to connect to the management point – up to 1 hour but we’ll say 1 hour

That’s a 6 hour wait for the end user to get a new application.  No wonder the business thinks that IT holds them back!  They can avail of cloud computing or a personal device (app on a tablet) in minutes, to deal with whatever business opportunity/challenge/threat is before them.  But with our push solution, IT takes 6 hours … and that could have easily been 29 hours!  That’s some “service”.

The Present

System Center 2012 is user centric.  That means the user is empowered to consume IT services in an on demand basis.  Those services are provided via System Center 2012, allowing IT to automate more, enable the user to consume as and when they need it, but IT can control, secure, and audit it.

Let’s take the Visio example.  I can create a Visio package with the automated installation.  I then create an application in System Center 2012 Configuration Manager.  I can two 2 types of deployment.  The first is a push, which is similar to what I discussed above.  That’s for when you’ want to push out software by policy.  And being a policy, the software will automatically get re-installed if it is uninstalled while the policy still applies.  There is a delay in the push, but we don’t mind.  That’s because we’re pushing out a policy to a large number of machines, and that’s probably something we do outside normal hours, and not to some “we want it now” demand.  Adobe Reader, Office, and so on are the sorts of app that you would deploy like this.

The second approach we can use is to publish the application in the Application Catalog.  Here you can list all elective software, the stuff you don’t include in your OS images or deploy on a widespread basis via policy.  Visio is a perfect example of this kind of app; it’s too expensive to deploy everywhere, and a few people will have a business case to require it.  When you create the application, you can add all sorts of text and keywords to describe the app and to make it searchable.

You can publish the URL to the Application Catalog to everyone’s browser via GPO.  And there’s a link to it in the new utility on the managed PC called Software Center.  Now a user wants Visio to open a VSD file.  The click the link to open the Application Catalog.  They can search, e.g. for .VSD file, and Visio appears in the results.  The click the Install button, and Visio installs … just like that.  It’s actually ConfigMgr doing the install, using the unattended config that you set up in the package.

Now Visio is expensive, so you don’t want everyone lashing it onto their PCs.  Not a problem!  With a mouse click, you configure the installation to require approval.  Instead of an Install button, the user is given a Request button.  They are asked to give a reason for the install and the request goes off into ConfigMgr where an administrator can review it and approve/reject it.  If it’s approved, the user will get an Install button.

The Future

We’d like that request process to be more auditable and to include non-IT staff, such as a faculty or department IT budget owner.  That’s where the Application Approval Workflow (AAW) comes in.  This combines the deployment functionality of Configuration Manager with the process and control functionality of System Center 2012 Service Manager.  Now the user can go into either the ConfigMgr Application Catalog or the portal of Service Manager, where they’d normally go to request IT services.  Requesting an approval-required application will create a service ticket in Service Manager and kick off an approval workflow. 

The engineering possibilities of workflow allow you to bring in alternative approvers based on your business or customer processes.  In other words, a budget owner can be notified of the request, read the business case, and reject/approve the install of the application.  And now IT just manages the system, instead of slowing down the business.  If there is slowness with this solution, the business can only look inwards to find a cause.

See Windows Server 8 Hyper-V Shared Nothing Live Migration In Action

A month ago I went into some detail on Windows Server 8 Hyper-V Live Migration.  In short, Live Migration has been removed from Failover Clustering and is possible between clustered and non-clustered hosts.  The VMs can be on a SAN or on an SMB 2.2 file share (or Scale Out File Server/SOFS).  The VMs can also reside on internal disk/DAS on the host.  This can take advantage of Live Storage Migration to move the VM (process, memory, CPU) and its storage (VHD or VHDX), if you want, to the new host.  There’s nothing like a demo to illustrate this:

In this demo, I move a running VM from Host1 to Host2, both running Windows Server 8 Beta.  The only networking is a single 1 GbE NIC.  I ping the VM, move it, and double check that (a) there is no network loss (normally you expect 1 ping to be lost in the UDP-based ping, but TCP would tolerate this) and (b) the VM is still running.