Bloggarkiv

Microsoft Virtual Machine Converter 2.0

So this is such a great update I have to blog about it, I have been in many projects involving migrating from VMware to Hyper-V and there of course many options to choose from there. Alas Microsoft had its own Virtual Machine Converter but didn’t have support for the latest version.

Microsoft today released a new version of Virtual MAchine Converter which contains the following updates:

With the release today, you will be able to access many updated features including:

  • Added support for vCenter & ESX(i) 5.5
  • VMware virtual hardware version 4 – 10 support
  • Linux Guest OS migration support including CentOS, Debian, Oracle, Red Hat Enterprise, SuSE enterprise and Ubuntu.

We have also added two great new features:

  • On-Premises VM to Azure VM conversion: You can now migrate your VMware virtual machines straight to Azure. Ease your migration process and take advantage of Microsoft’s cloud infrastructure with a simple wizard driven experience.
  • PowerShell interface for scripting and automation support: Automate your migration via workflow tools including System Center Orchestrator and more. Hook MVMC 2.0 into greater processes including candidate identification and migration activities.

 

So alot of great new features which should make it even easier to convert Virtual Machines. Also another important factor here is this.

At this time, we are also announcing the expected availability of MVMC 3.0 in fall of 2014. In that release we will be providing physical to virtual (P2V) machine conversion for supported versions of Windows.

Since Microsoft removed this option from SCVMM in R2 release its great that it is coming back. You can download the tool from here –> http://www.microsoft.com/en-us/download/details.aspx?id=42497

Study resources 74-409 Server Virtualization with Windows Server Hyper-V and System Center

NOTE: This is work in progress
Now its a long time made since I made any of these, but been busy Smilefjes
Here is a new exam from Microsoft which just released earlier this november, this is the first Microsoft exam which contains Azure technology from an “it-pro” perspetive and it also contains stuff from the latest 2012 R2 release.
The exam also goes trough stuff like Generation 2 VMs, Hyper-V recovery manager and so on.
You can read more about the exam here –> http://www.microsoft.com/learning/en-us/exam.aspx?ID=74-409 This exam replaces the earlier MCTIP Server Virtualization for Windows Server 2008.

The exam will contain the following. So im addind study resources under each section.

Configure Hyper-V

  • Create and configure virtual machine settings.
    • This objective may include but is not limited to: Configure dynamic memory; configure smart paging; configure Resource Metering; configure guest integration services; create and configure Generation 1 and 2 virtual machines; configure and use extended session mode, and configure RemoteFX

Dynamic Memory –> http://technet.microsoft.com/en-us/library/hh831766.aspx
Enable Resource Metering –> http://technet.microsoft.com/en-us/library/hh848481.aspx
Configure Guest Integration –> http://www.techrepublic.com/blog/data-center/configure-integration-services-options-for-hyper-v-vms/
Create Gen 2 VMs –>http://blogs.technet.com/b/jhoward/archive/2013/10/24/hyper-v-generation-2-virtual-machines-part-1.aspx
Extended session –> http://technet.microsoft.com/en-us/library/dn282274.aspx
Configure RemoteFX –> http://social.technet.microsoft.com/wiki/contents/articles/16652.remotefx-vgpu-setup-and-configuration-guide-for-windows-server-2012.aspx

  • Create and configure virtual machine storage.
    • This objective may include but is not limited to: Create VHDs and VHDx; configure differencing drives; modify VHDs; configure pass-through disks; manage checkpoints; implement a virtual Fibre Channel adapter; configure storage Quality of Service

Create VHD and VHDX –> http://technet.microsoft.com/en-us/library/hh848503.aspx
Create Differeing disks –> http://lyncdup.com/2012/06/creating-hyper-v-3-differencing-disks-in-server-2012-with-gui-and-powershell/
Pass-trough disks –> http://www.petri.co.il/convert-hyper-v-pass-through-disk-to-a-vhdx.htm
Implement virtual fibre channel –> http://www.virtualizationadmin.com/articles-tutorials/microsoft-hyper-v-articles/storage-management/first-look-hyperv-vs-virtual-fibre-channel-feature-part2.html
Configure Storage QoS –> http://technet.microsoft.com/en-us/library/dn282276.aspx
Modify VHD –> http://technet.microsoft.com/en-us/library/dn282284.aspx

  • Create and configure virtual networks.
    • This objective may include but is not limited to: Configure Hyper-V virtual switches; optimize network performance; configure MAC addresses; configure network isolation; configure synthetic and legacy virtual network adapters; configure NIC teaming in virtual machines

Configure Hyper-V virtual Switches –> http://www.serverwatch.com/server-tutorials/harnessing-the-power-of-hyper-v-network-virtual-switches.html
Optimize network performance –> http://www.aidanfinn.com/?p=15414
Configure network isolation –> http://technet.microsoft.com/en-us/library/jj679878.aspx#bkmk_pvlan
Configure NIC teaming in virtual machines –> http://www.msserverpro.com/configuring-windows-server-2012-nic-teaming-to-a-hyper-v-virtual-machine/

Configure and Manage Virtual Machine High Availability

  • Configure failover clustering with Hyper-V.
    • This objective may include but is not limited to: Configure shared storage; configure Quorum; configure cluster networking; restore single node or cluster configuration; implement Cluster Aware Updating; upgrade a cluster; configure and optimize clustered shared volumes; and configure clusters without network names

Configure shared storage –> http://blogs.technet.com/b/keithmayer/archive/2012/12/12/step-by-step-building-a-free-hyper-v-server-2012-cluster-part-1-of-2.aspx
Configure Quorum –> http://technet.microsoft.com/en-us/library/jj612870.aspx
Configure cluster networking –> http://www.msserverpro.com/implementing-windows-server-2012-hyper-v-failover-clustering/
Optimizate clustered shared volumes –> http://technet.microsoft.com/en-us/library/jj612868.aspx
Restore cluster configuration –>
Configure clusters without network names –> http://technet.microsoft.com/en-us/library/dn265970.aspx
Cluster aware updating –> http://technet.microsoft.com/en-us/library/hh831694.aspx

  • Manage failover clustering roles.
    • This objective may include but is not limited to: Configure role-specific settings including continuously available shares; configure VM monitoring; configure failover and preference settings; and configure guest clustering

Configure VM monitoring –> http://blogs.msdn.com/b/clustering/archive/2012/04/18/10295158.aspx
Configure guest cluestering –>  http://technet.microsoft.com/en-us/library/dn265980.aspx 

  • Manage virtual machine movement.
    • This objective may include but is not limited to: Perform Live Migration; perform quick migration; perform storage migration; import, export, and copy VMs; configure Virtual Machine network health protection; configure drain on shutdown; manage Physical-to-Virtual (P2V) and Virtual-to-Virtual (V2V) migrations; and implement virtual machine migration between clouds

Live Migration –> http://technet.microsoft.com/en-us/library/hh831435.aspx http://technet.microsoft.com/en-us/library/jj860434.aspx
Virtual Machine network health protection –> http://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_VMHealth
Virtual Machine Drain on shutdown –> http://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_VMDrain
Physical-to-Virtual –> http://blogs.technet.com/b/scvmm/archive/2013/10/03/how-to-perform-a-p2v-in-a-scvmm-2012-r2-environment.aspx
V2V migration –> http://technet.microsoft.com/en-us/library/gg610672.aspx

Implement a Server Virtualization Infrastructure

  • Implement virtualization hosts.
    • This objective may include but is not limited to: implement delegation of virtualization environment (hosts, services, and virtual machines) including self-service capabilities; implement multi-host libraries including equivalent objects; implement host resource optimization; integrate third-party virtualization platforms; and deploying Hyper-V hosts to bare metal

Bare Metal –> http://technet.microsoft.com/en-us/library/gg610634.aspx
Host Resource optimization –> http://technet.microsoft.com/en-us/library/gg675109.aspx
Selv-service capabilites –> http://technet.microsoft.com/en-us/library/gg610573.aspx
Integrate third-party virtualization –> http://technet.microsoft.com/en-us/library/gg610687.aspx

  • Implement virtual machines.
    • This objective may include but is not limited to: Implement highly available VMs; implement guest resource optimization including shared VHDx; configure placement rules; create a Virtual Machine Manager template

Shared VHDx –> http://technet.microsoft.com/en-us/library/dn265972.aspx#BKMK_SharedVHDX
Placement rules –> http://technet.microsoft.com/en-us/library/jj860428.aspx
Create template –> http://technet.microsoft.com/en-us/library/hh427282.aspx

  • Implement virtualization networking.
    • This objective may include but is not limited to: Configure Virtual Machine Manager logical networks including virtual switch extensions and logical switches; configure IP address and MAC address settings across multiple Hyper-V hosts including network virtualization; configure virtual network optimization; plan and implement Windows Server Gateway; implement VLANs and pVLANs; plan and implement virtual machine networks; and implement converged networks
  • Implement virtualization storage.
    • This objective may include but is not limited to: Configure Hyper-V host clustered storage; configure Hyper-V virtual machine storage including virtual Fibre Channel, Internet SCSI (iSCSI), and shared VHDx; plan for storage optimization; and plan and implement storage by using SMB 3.0 file shares
  • Manage and maintain a server virtualization infrastructure.
    • This objective may include but is not limited to: Manage dynamic optimization and resource optimization; integrate Operations Manager with System Center Virtual Machine Manager and System Center Service Manager; update virtual machine images in libraries; implement backup and recovery of a virtualization infrastructure by using System Center Data Protection Manager (DPM)

Monitor and Maintain a Server Virtualization Infrastructure

  • Plan and implement a monitoring strategy.
    • This objective may include but is not limited to: planning considerations including monitoring servers using Audit Collection Services (ACS) and System Center Global Service Monitor, performance monitoring, application monitoring, centralized monitoring, and centralized reporting; implement and optimize System Center 2012 Operations Manager management packs; and plan for monitoring Active Directory
  • Plan and implement a business continuity and disaster recovery solution.
    • This objective may include but is not limited to: plan a backup and recovery strategy; planning considerations including Active Directory domain and forest recovery, Hyper-V replica including using Windows Azure Hyper-V Recovery Manager, domain controller restore and cloning, and Active Directory object and container restore using authoritative restore and Recycle Bin; and plan for and implement backup and recovery by using System Center Data Protection Manager (DPM)

Securing Hyper-V 2012R2 hosts and VMs

Microsoft has implemented a lot of new cool security features in Hyper-V on the 2012R2 release, and most importently statefull firewall and network inspection features.

From the 2012 release, Microsoft introduced features like
* ARP Guard https://msandbu.wordpress.com/2013/04/03/arp-guard-in-hyper-v-2012/
* DHCP Guard
* Router Guard
(These three functions are also included in regular network devices from most vendors)

image

The use of Bandwidth control as well is useful for limiting for instance DDOS attacks.
* Bitlocker with Network Unlock (To protect a VM from theft)
* NVGRE (Network virtualization, which is not a security feature but it can be used to define each customer to its own network segment without the use of VLANs (This offers security since it is not able for instance to use VLAN-hopping)
* PVLAN (In many cases the use of VLANS still has its purpose for instance you can define three types of PVLANs (Isolated, Promiscuous and Community)
* VM stateless firewalls (Not on the indvidual VM but on the Hyper-V traffic going to the VMs) But these had pretty limited functionality (Which was restricted to IP-ACL, couldn’t define port or TCP EST)
* Bitlocker for CSV (Encrypt everything in a cluster)

So what else has Microsoft implemented of Security mechanisms in the OS-stack with the new R2 release ?

Not much info here yet.. but they are mostly related to hyper-v networking rules, new generation VMs with UEFI boot options (UEFI enable secure boot which makes it harder for rootkits to get installed)
image

What else can you do to secure your hosts and VM*s running on Hyper-V?

Microsoft has released a built-in baseline configuration that you can start from Server Manager this has some rules that It can use to scan if your hosts are according to best-practice, this offers you tips on what you should do.

image

Microsoft also offers other tools that can be used deploy security according to best practice  (This uses Group Policy for deployment of security settings)  for instance Security Compliance Manager http://www.microsoft.com/en-us/download/details.aspx?displayLang=en&id=16776

image

Installing all Hyper-v hosts as Server Core will also limit the attack surface on the hosts since it does not install all the unnecessery components like Internet explorer, .Net framework etc.
Which makes the host less open for attacks. (And also don’t use RDP there have been many security holes here which hackers have taken advantage of so If you need to enable RDP use NLA as well)

Monitoring / Antivirus and Patching

Integration with System Center also can prove to be quite useful for many reasons.
Which can offer you features like
* Anti-malware / Anti-virus (Configuration Manager)
* Patch management (Virtual Machine Manager / Configuration Manager)
* Baselining and remediation (Configuration Manager / Virtual Machine Manager)
image
* Monitoring (Operations Manager)

But this will require a number of agents being installed on all VM’s for instance Configuration Manager with Endpoint Protection and Operations Manager (and VMM agent on Hyper-v hosts)
(NOTE: You can enable baseline configuration in Operations Manager as well, instead of using Server Manager and with the integration of System Center Advisor you will get more intel)

image

Now Microsoft recommends that the parent partition to be as clean as possible, therefore they recommend not installing AV on the Hyper-V hosts (Since you will also suffer some performance loss), but if it is a part of the company policy.
Remember that if you install endpoint protection for Hyper-V hosts, put exclusions for these folders.“%PROGRAMDATA%\Microsoft\Windows\Hyper-V”
C:\ClusterStorage
You can read more about it here –> http://social.technet.microsoft.com/wiki/contents/articles/2179.hyper-v-anti-virus-exclusions-for-hyper-v-hosts.aspx

When regarding firewalls, each host running Windows has Windows Firewall enabled by default, should we then use Hyper-V port ACLs also ?
Hyper-V port ACLs follow the virtual machines so if you move them to another host, the ACL sticks. But they have different features.
The built-in firewall from Windows can allow Applications to communicate and is not restricted to a port or protcol, the firewall can also use IPsec.
While a Hyper-V port ACL can check if it is a statefull connection while the built-in firewall cannot. Hyper-V port ACL can also measure the traffic bandwidth that goes trough.
For many reasons you should use for built-in firewall for most cases (Create Group policies for the most common use server roles) and in more extreme cases where you need to lock down more and controll the traffic flow more you deploy and hyper-v port ACL.

You should also move your management traffic to a dedicated NIC outside of other traffic so it is not so easy to “sniff” on your traffic.

RBAC (Role Based Access Control) an easy rule of thumb is to split user rights where you can.
For instance an hyper-v administrator should not have admin-rights on VMs and vice versa.
If  you are using SCVMM you should create custom User Roles (For instance you can define a user role that (Group 1) has access to which can be used to administrate their hosts (Which is under a host group) and access to certain run as roles)

image

Sysinternals also should be used when evaluating your security for instance to see if there are any open ports that shouldn’t be open by using TCPView
http://technet.microsoft.com/en-US/sysinternals
image

Make sure that your internal network is configured as it should.
By disabling CDP on access ports (If you are using Cisco)
Enabling all ports as Access Ports (Portfast) so you can’t be hijacked by STP attacks.

image

Other resources:
http://www.microsoft.com/en-us/download/details.aspx?id=16650 This is an old security guide from Microsoft but alot of it still applies today.

Might also mention that there are some third party solutions that you can use to secure Hyper-V.

5-Nine –> http://www.5nine.com/
Watchguard –> http://www.watchguard.com

ARP guard in Hyper-V 2012

So I decided to try the ARP guard functionality in Hyper-V 2012 and see how it works, and in the same case check if it is possible to change the Mac address.

I took a look at what documentation Microsoft had around the subject
http://blogs.technet.com/b/wincat/archive/2012/11/18/arp-spoofing-prevention-in-windows-server-2012-hyper-v.aspx
http://technet.microsoft.com/en-us/library/hh831823.aspx

And what they say here is that

 I am sure you already browsed the new Hyper-V Manager UI and found a couple of new settings like DHCP Guard, Router Guard but nothing specific for ARP Spoofing.
Well, the feature you are looking for is called Port Access Control Lists and is implemented in the new Hyper-V switch and must be configured via PowerShell.

Arp Spoofing is a technique that allows for man-in-the-middle attack.

I can for instance place my computer in the middle of another user and intercept all the traffic going between the end-user and the gateway and place a sniffer on my computer and scan all the traffic going in and out.
Without the user even knowing it. This can happen because of how the Arp protocol is built. It is built on trust, and how computers can find other computers on the same subnet and was never thought of as a secure protocol.

So in order to test this out I had to setup a minor lab built with a couple of VM’s running on a hyper-v 2012 virtual switch.
1: with Windows Server 2008 R2
1: one domain controller
1: Linux Backtrack (which I will use arp spoof and mac changer on)

So when I start my newly installed WS2008 server It has a clean arp table (which consists of the broadcast address)

And as you can see this computer has the IP address 10.0.0.56
So what happens when I ping this server from the backtrack computer ? First the arp request (who owns this ip ? )

You can see the arp request first, then the ICMP protocol start. Then the Arp table is updated.

As an dynamic update. Then I ping the domain controller, which has ip 10.0.0.1,

and it has added itself to the list, look at difference between the mac addresses of 1 and 77.
Next I start the arp-spoof attack from my backtrack computer.

And I can see in wireshark that I am spamming with ARP traffic

And notice here I am saying that IP 10.0.0.1 is at another MAC address.
If you check the arp table now on the other computer you can see that the arp table is updated (poisoned)

And after I activate IP forwarding on the backtrack server I can «act» as a man in the middle.
As you can see now when I try to ping 10.0.0.1 I get a response

but from my Backtrack server instead of my domain controller. And according to my server it responds fine from 10.0.0.1

So how does the arpguard in Windows Server fit in here? In addition, where can I configure it?
The answer is Port Access Control Lists via PowerShell.

This is configured on the Hyper-V host I find it a best to do it via the PowerShell ISE.
so what can I do ? First, I have to create a port ACL that defines that the virtual machine can ONLY communicate out with the IP address of 10.0.0.77 and not any other.

So when I apply this port ACL and try to ping 10.0.0.1 It will not receive a response, and since it does not get a response I tries an ARP request again and my backtrack computer is unable to respons because of the Port ACL

And the arp table is restored to its default.

 

 

Veeam under panseret

I dag finnes det et hav av muligheter når det gjelder backup, fokuset har skiftet I stor grad fra å kunne ta backup av kun fysiske maskiner til å kunne backup av fysiske, virtuelle og applikasjoner som ligger på maskinene (som SQL, Mail, Intraweb, fagapplikasjoner) Løsningene har fått høyere krav på seg I forhold til å håndtere store mengder data, samtidig som den skal være enkel i bruk og være kjapp til å kunne tilbakeføre data.

Det finnes mange forskjellige leverandører av backup programvare på markedet, for å nevne noen:
Altoro http://www.altaro.com/hyper-v-backup/
Acronis http://www.acronis.com/backup-recovery/enterprise.html#agents-windows
Microsoft DPM http://technet.microsoft.com/en-us/library/hh758173.aspx
Dell Appasure http://www.appassure.com/
Symantec Backup Exec 2012 http://www.symantec.com/products/data-backup-software
IBM TSM http://www-142.ibm.com/software/products/us/en/tivostormana/

Så har man Veeam:
Forskjellen med Veeam I forhold til de andre produsentene er at de fokuserer kun på det virtuelle laget, dermed vil man få en skreddersydd løsning som kun er rettet mot virtuell infrastruktur.
Veeam har også nylig lansert en ny utgave av sitt hovedprodukt Backup and Replication i versjon 6.5 som introduserer en del ny funksjonalitet og støtte for nye produkter, de har blant annet kommet med støtte for Windows Server 2012 og VMware vSphere 5.1, som gjør at de var først ute med støtte for disse nye produktene.  For de som ikke kjenner så godt til Veeam, så kan man lese litt mer om dem her –> http://www.veeam.com/company/about.html?ad=menu

Veeam har følgende programvare i sin portefølje:

Veeam Backup and Replication (Som er hovedproduktet til Veeam, brukes til backup og replikering av virtuelle maskiner (støtte for VMware og Hyper-V) pluss mye mer. Den har også egne verktøy for backup og gjenoppretting mot
Exchange,AD og SQL) Hørest ut som et vanlig backup produkt, men den har en del funksjonalitet som gjør den unik I forhold til konkurrentene Jeg kommer inn på det senere. Du kan lese mer om produktet her  http://bit.ly/SdvvAF

Veeam ONE (Som er et komplett overvåkningsverktøy for overvåkning av Hyper-V og Vmware, den har også innebygget rapporteringsverktøy)
Du kan lese mer om det her  http://bit.ly/TuYqU8

Veeam Management Pack (Som er et tilleggsprodukt (Management Pack) til System Center Operations Manager gir deg full overvåkning av din VMware infrastruktur i Operations Manager)
Tidligere også kalt nWorks Management Pack. Du kan lese mer om det her  http://bit.ly/Rtb5Gk

I tillegg har de også noen andre produkter:

Veeam Backup Free Edition (
Som er en minimal utgave av Backup and Replication som er mest brukt til å ta kopi av virtuelle maskiner og komprimere dem via VeeamZIP)

Veeam One Free Edition (Er en minimal utgave av Veeam One og har en del restriksjoner i forhold til hvor lenge den kan lagre data)

I løpet av de neste dagene vil jeg skrive mer om hvordan Veeam Backup and Replication fungerer under «panseret»
Hvordan man setter det opp mot sin infrastruktur. Hva de forskjellige tjenestene er for noe og hvordan de ulike komponentene fungerer sammen.
Stay tuned! Smile

Windows Server 2012 Hyper-v And Vsphere 5.1

A lot of fuzz is going on regarding virtualization these days, and the primary topic is Hyper-V vs VMware vSphere.
And of course there going to be some arguments regarding which one is better, and which of them has the more features and who is the most enterprise ready so on and so forth.
Just last week VMware released version 5.1 of vSphere which included some new functionality and improvements in  scalability, and Windows Server 2012 was released the 4th of September. So therefore like many before me I’m going to compare the two of them. I have read many blogs lately where people claim that one of the products are better then the other, and a lot of them compare features in the wrong way (For instance if Product 1 has feature 1 and Product 2 has feature 2 even thou they do the same the use different names and therefore aren’t compared). I’m not here to write down a conclusion of which one is better, I’m just going to lay down the facts so you can decide what you think is the better option.  And I’m not going to debate vCenter and System Center comparison, because that is another different story Smile

Windows and virtualization:
Microsoft first came out with its hyper-v virtualization platform in 2008 (With Windows Server 2008) Before that Microsoft has a product which was named Virtual Server, many people claim that Microsoft is pretty fresh in the server virtualization marked but actually Microsoft has been in the marked since 2004 (When the first release of Virtual Server was released) But was again later superseded by Hyper-V. Now the latest version of Hyper is called V 3.0 comes with Windows Server 2012.
You also have the free version of Hyper-V which is called Hyper-V server 2012. http://www.microsoft.com/en-us/server-cloud/hyper-v-server/ (This product only contains the hypervisor, Windows Server driver model, virtualization capabilities, and supporting components such as failover clustering but does not contain the rest of the features and roles in Windows Server. Therefore you get a small footprint on the host. But other then that the versions of Server 2012 that contains Hyper-V is Windows Server 2012 Standard and Windows Server 2012 Datacenter.
The difference licensing between the two is the following.

Standard edition = allows you to run 2 virtual machines $882 for a 2 physical CPU server
Datacenter edition = allows you to run unlimited virtual machines $4,809 for a 2 physical CPU server

Some examples;
1 server: 2 CPU and 4 virtual machines = You could either have 2 standard edition licenses or 1 datacenter edition license
1 server: 6 CPU and 8 virtual machines= You could either have 4 standard edition licensers or 3 datacenter edition licenses.
And in both scenarios you wouldn’t need a license for the VM because the license is for physical hosts!

In Windows Server 2012 Hyper-V 3.0 Windows has the following workloads and the following features.

Host max
Logical processors on hardware 320
Physical memory  4 TB
Virtual processors per host 2,048

Virtual machine max
Virtual processors per virtual machine 64
Memory per virtual machine  1 TB
Active virtual machines per server 1,024

Cluster max
Nodes 64
Virtual machines 8,000

Network
Quality of Service (QoS)
SR-IOV
Network Virtualization (Using GRE or IP rewrite) Link to the IEEE draft =
http://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-00
PVLAN support
Dynamic Virtual Machine Queue (D-VMQ) (allows the host’s network adapter to pass DMA packets directly into individual virtual machine memory stacks)
Receive Side Scaling (RSS spreads monitoring interrupts over multiple processors, so a single processor isn’t required to handle all I/O interrupts,)
Receive Segment Coalescing (RSC improves the scalability of the servers by reducing the overhead for processing a large amount of network I/O traffic.)
DHCP Guard (DHCP guard drops server messages from unauthorized virtual machines that are acting as DHCP servers.)
Router Guard (Router guard drops router advertisement and redirection messages from unauthorized virtual machines that are acting as routers.)
Port mirroring (not promiscuous mode, does a forward of all the packet to a VM to another destination)
Virtual Port ACLs
Trunk mode using 802.1q
IPsec Task offload
Integrated Network Adapter Teaming
Hyper-V Extensible Switch
Data Center Bridging (DCB)
Resource metering (Measure usage of CPU, Memory, Network and disk for a virtual machine)
NIC Teaming (Allows for LACP in the native OS, before this needed to be done by a third party product like Broadcom)

Management
PowerShell
SCVMM 2012 SP1 (You can use CTP release for Windows Server 2012 but official support comes with Service Pack 1 which is in Beta now)
Server Manager
Cluster Manager
Hyper-V Manager
Cluster Aware updating
IPAM

Storage
New Virtual Disk format (VHDX supports up to 64 TB Virtual Disks)
Offloaded Data Transfer – ODX (Is a feature of a SAN, allows the file transfer/copying between hosts on the SAN to be done by the SAN instead of the regular network transfer)
Live merging of VHDs and Snapshots
RDMA (IS a direct memory access from the memory of one computer into another without involving either’s OS.
SMB 3.0 (Allows to use regular network fileservers instead of expensive SAN solution)
Native 4 KB sector disks support (But for compability sake it allows for an 512-byte emulation called 512e )
Data De-duplication
Virtual Fibre Channel inside the Virtual Machines
VM boot from SAN
Storage Spaces (Software like RAID solution)
New File system ReFS (Luckily most of the system filters which a written for NTFS will work for ReFS, and it has improvements to resilience, reliability)
Bitlocker on CSV (Allows you to encrypt an CSV volume)
SMI-S (Is a storage standard by the SNIA which allows for management functions via HTTP)
Encrypt VHD files with Bitlocker Network Boot(Gives you an ability to encrypt an VHD file, so if it reboot it will contact a wds server and get the decryption keys and continue to boot)

Migration
Improved Live Migration
Unlimited Simultaneous live migrations
Live Storage Migration
Shared-Nothing Live Migration
Hyper-V Replica
Failover Prioritization

VMware and virtualization:
VMware started its life with VMware workstation which was released in 1999 (Yes its really that old!) And has since then been living on virtualization technology, the first release of vSphere came in 2001. They have also created an VDI product called VMware View, and in 2010 they acquired the open-source groupware solution Zimbra from Yahoo.  So they are expanding their horizon when relating to software products but their primary focus has always been virtualization. Now last week (
VMware released their newest version of vSphere, version 5.1 http://www.vmware.com/files/pdf/products/vsphere/vmware-what-is-new-vsphere51.pdf and VMware has also just recently killed of the vRAM memory tax, in order to compete with Windows.

VMware pricing and editions:

VMware vSphere 5.1 is licensed on a per- physical processor basis

Standard edition = $1144 (Is a bit more stripped version of the hypervisor)
Enterprise edition = $3308 (Is also a bit stripped version of the full version)
Enterprise plus edition = $4024 (Contains all of the features and has the full workload)
NOTE:These prices are fetched from VMware’s site which is usually listed as EURO not US$

Some examples;
1 Server = 1 CPU 4 Virtual Machines (IF you want all the features you need 1 Enterprise plus licenses)
1 Server = 2 CPU 4 Virtual Machines (IF you want all the features you need 2 Enterprise plus licenses)
So in both cases you would need a WS2012 Datacenter License in addition to the Vmware license (IF you wish to use Windows Server 2012 VM’s on that host)

VMware and vSphere 5.1 has the following workloads and the following features.(Enterprice plus edition)

Host max
Logical processors on hardware 256
Physical memory  2TB
Virtual CPU per host 2,048


Virtual machine max

Virtual processors per virtual machine 64
Memory per virtual machine  1 TB
Active virtual machines per server 1,024

Network
Netflow 10 (IPFIX)
Port Mirroring (RSPAN and ERSPAN)
LLDP
QOS (Network I/O)
SRV-IO
VXLAN
PVLAN
DCB (Data Center Bridging) refers to a set of enhancements to Ethernet local area networks for use in data center environments.
Receive Side Scaling (RSS spreads monitoring interrupts over multiple processors, so a single processor isn’t required to handle all I/O interrupts,)
TCP Segment Offload
Distributed Virtual Switch
LACP (Link Aggregation Control Protocol)

Management
vSphere webclient
Powershell via PowerCLI
vCenter
vCloud
SCVMM (Eventually will come with support, with SP1 you have support for up to vSphere 5.0)

Storage
vMotion enchancements ( similar to shared-nothing live migration)
Boot from Software FCoE
16Gb HBA Support
iSCSI jumbo frames
SSD Monitoring
VMFS-5 enchancements

So there is  a lot happening in both camps nowadays.
For higher workloads Windows seems to be the good option ,and you don’t think that anyone is actually going to max out those numbers? I’ve actually spoken to a service provider in the US which was a bit annoyed with the max VM per cluster since each server can hold 1,024 virtual machines and in a cluster with 32 nodes you can “only” have 4,000 virtual machines.  But another question, how is the performance ? There is no use having a 150HK engine if another car with 110HK can go right past you.
VMware actually has a performance document stating that each VM was performing about 18,9% on VMware 5. (This document is 2008R2 Hyper-v vs. VMware) http://www.vmware.com/files/pdf/products/vsphere/VMware-vSphere-vs-Hyper-V.pdf
Again this is for the old version, it is going to be interesting too see how the performance is going to impact with WS2012.

Microsoft is working hard these days with SP1 for System Center, since for enterprise deployment you are going to need SCVMM (Since full support for Server 2012 comes with SP1). VMware already has the management solution for its new hypervisor available so Microsoft better hurry up Smile
And Microsoft is also working with Service Provider foundation. For hosters that wish to deliver IaaS this is going to be big news! V1 of this is going to be avaliable with SP1 for System Center, if you don’t want to use this
Citrix has a Control Panel solution which integrates to SCVMM to deliver IaaS, Paas & SaaS called Cloudportal Services Manager (which does not use the Service Provieder Foundation API)
ExtendASP which also is a control panel solution for hosters have full support for Windows Server 2012, so it allows for hosters to easy deploy solutions for their customers.
VMware already has their IaaS solution in place with vCloud director so its going to be interesting to see how they compete in functionality and features.

Links:
(VMware comparison set of Hyper-V VS VMware) http://www.vmware.com/files/pdf/getthefacts/vmw-vSphere-5-vs-Hyper-V-3-Beta.pdf
(Microsoft comparison set of Hyper-V VS VMware)http://download.microsoft.com/download/5/A/0/5A0AAE2E-EB20-4E20-829D-131A768717D2/Competitive%20Advantages%20of%20Windows%20Server%202012%20RC%20Hyper-V%20over%20VMware%20vSphere%205%200%20V1%200.pdf
Vmware vSphere 5.1 http://www.vmware.com/pdf/vsphere5/r51/vsphere-51-configuration-maximums.pdf
What’s new in vSphere 5.1 Networking http://blogs.vmware.com/vsphere/2012/09/whats-new-in-vsphere-5-1-networking.html
What’s new in vsPhere 5.1 Storage http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Storage-Technical-Whitepaper.pdf
http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Performance-Technical-Whitepaper.pdf

Now this post is still in the making since there are still a lot of new facts and updates that appear each week.

System Center requirements

Just thought I post a quick post about system requirements regarding the System Center products, this is because im setting up a new lab enviroment with the 2012 edition of System center. And ill try to blog about installation and setup of these systems and how the integrate to each other. This post is most for myself so I can remember the requirements for each product. This new test lab will be running on a Windows 8 Hyper-v cluster.

  • SCOM ( System Center Operations Manager )
  • SCCM ( System Center Configuration Manager )
  • SCVMM ( System Center Virtual Machine Manager )
  • SCSM ( System Center Service Manager )
  • SCDPM ( System Center Data Protection Manager )
  • System Center Orchestrator
  • System Center App controller

SCOM 2012

Management Server

  • Server Operating System: must be Windows Server 2008 R2 SP1.
  • Windows PowerShell version: Windows PowerShell version 2.0.
  • Windows Remote Management: Windows Remote Management must be enabled for the management server.
  • Microsoft Core XML Services (MSXML) version: Microsoft Core XML Services 6.0 is required for the management server.
  • Both .NET Framework 3.5 Service Pack 1 (SP1) and .NET Framework 4 are required. For more information, see the following documents:

Operations Console

Web Console

  • Web browsers: Internet Explorer 7, Internet Explorer 8, Internet Explorer 9
  • Internet Information Services (IIS) 7.5 and later versions, with the IIS Management Console and the following role services installed
    • Static Content
    • Default Document
    • Directory Browsing
    • HTTP Errors
    • HTTP Logging
    • Request Monitor
    • Request Filtering
    • Static Content Compression
    • Web Server (IIS) Support
    • IIS 6 Metabase Compatibility
    • ASP.NET
    • Windows Authentication

Operational Database (This also applies to the Data warehouse database)

 SCCM 2012
 Most of these roles require .Net 3.5 SP1 and .Net 4.0
Site Server 
  • Remote Differential Compression
  • .Net 4.0
  • .Net 3.51 SP1
Application Catalog Web Service Point 
  • HTTP Activation
  • Non-HTTP Activation
  • ASP.NET
  • IIS 6 Metabase Compatibility
Application Catalog Web Site Point 
  • Common HTTP Features:
    • Static Content
    • Default Document
  • Application Development:
    • ASP.NET (and automatically selected options)
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
Distribution point
  • Application Development:
    • ISAPI Extensions
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
  • Common HTTP Features:
    • HTTP Redirection
  • IIS Management Scripts and Tools
    • Remote Differential Compression
    • BITS Server Extensions (and automatically selected options), or Background Intelligent Transfer Services (BITS) (and automatically selected options)
    • Incase of deployment you also need Windows Deployments Services
Management point
  • BITS
    • Application Development:
      • ISAPI Extensions
    • Security:
      • Windows Authentication
    • IIS 6 Management Compatibility:
      • IIS 6 Metabase Compatibility
      • IIS 6 WMI Compatibility
 Software update point
  • Requires Windows Server Update 3.0 SP2

Site database (have no idea but SCCM is a bit picky on which database version it supports)

  • SQL Server 2008 SP2 with Cumulative Update 9
  • SQL Server 2008 SP3 with Cumulative Update 4
  • SQL Server 2008 R2 with SP1 and Cumulative Update 4
  • The instance of SQL Server in use at each site must use the following collation: SQL_Latin1_General_CP1_CI_AS.

SCVMM 2012

VMM Database

  • SQL Server 2008 R2 SP1 or earlier
  • SQL Server 2008 SP2
VMM Management Server
  • Windows Automated Installation Kit (AIK) for Windows 7
  • At least Microsoft .NET Framework 3.5 Service Pack 1 (SP1)
VMM Self-Service Portal
  • .NET Extensibility
  • ASP.NET
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • IIS 6 Metabase Compatibility
  • IIS 6 WMI Compatibility
  • ISAPI Extensions
  • ISAPI Filters
  • Request Filtering
  • Static Content
  • .Net 3.5
SCSM 2012
Service Manager Server 
  • Windows Server 2008 R2 with SP1
  • Microsoft .NET Framework 3.5 with SP1
  • ADO.NET Data Services Update for .NET Framework 3.5 SP1
  • Windows PowerShell 2.0
  • Microsoft Report Viewer Redistributable

Database Server

  • Windows Server 2008 R2 with SP1
  • 64-bit version of SQL Server 2008 with SP1, SP2 or version 2008 R2
  • SQL Server Reporting Services

Service Manager console

  • Windows Powershell 1.0 or higher
  • Microsoft Report Viewer Redistributable
  • Microsoft .NET Framework 3.5 with SP1
  • ADO.NET Data Services Update for .NET Framework 3.5 SP1

Self-Service Portal

  • IIS 7.5 with IIS 6 metabase compatibility installed
  • Self-signed SSL certificate
  • ASP.NET 2.0
  • Microsoft .NET Framework 4.0
  • Microsoft Analysis Management Objects
  • Microsoft SharePoint Foundation 2010
  • Or Microsoft SharePoint Server 2010
  • Or Microsoft SharePoint 2010 for Internet Sites Enterprise
  • Excel Services in SharePoint 2010 is required for hosting dashboards for advanced analytical reports

SCDPM 2012

  • Microsoft .NET Framework 3.5 with Service Pack 1 (SP1)
  • Microsoft Visual C++ 2008 Redistributable
  • Windows PowerShell 2.0
  • Windows Single Instance Store (SIS)
  • Microsoft Application Error Reporting
  • 64-bit version of SQL Server 2008 R2, Enterprise or Standard Edition.

SC Orchestrator 2012

  • Microsoft SQL Server 2008 R2
  • SQL_Latin1_General_CP1_CI_AS
  • Microsoft .NET Framework 3.5 Service Pack 1
  • Microsoft .NET Framework 4

SC App controller 2012

  • Microsoft .NET Framework 4
  • Static Content
    • Default Document
    • Directory Browsing
    • HTTP Errors
    • ASP.NET
    • .NET Extensibility
    • ISAPI Extensions
    • ISAPI Filters
    • HTTP Logging
    • Request Monitor
    • Tracing
    • Basic Authentication
    • Windows Authentication
    • Request Filtering
    • Static Content Compression
    • IIS Management Console
  • SQL Server 2008 R2 Datacenter
  • SQL Server 2008 R2 Enterprise
  • SQL Server 2008 R2 Standard
  • SQL Server 2008 Enterprise
  • SQL Server 2008 Standard
Følg med

Få nye innlegg levert til din innboks.

Bli med 38 andre følgere