Bloggarkiv

Azure Pack configuration for Windows Server 2012 R2

So Microsoft has released the new wave of products into preview, including the next version of Katal (Azure Services) for Microsoft, called Azure Pack. This pack transforms your datacenter into Azure allowing users to sign up using plans and be able to use your infrastructure into a IaaS platform.

You can download the trial for Azure Pack here –> http://www.microsoft.com/en-us/server-cloud/windows-azure-pack.aspx

Now there are some prerequisites for using this pack.
You can read more about them here –> http://technet.microsoft.com/en-us/library/dn296442.aspx

But in order to integrate Azure pack with your on-premise solution it uses Service Provider Foundation (Which is included in the Orchestrator installation media)

image

Not that this requires the installation of SCVMM 2012 R2 Console on the same machine as SPF since it uses the VMM APIs to communicate with it.

It also requires some other prerequisites such as

image

WCF Data Services 5.0 can be found here –> http://www.microsoft.com/en-us/download/details.aspx?id=29306

.NET features 4.5 WCF is a part of .Net 4.5 which can be installed from Server Manager

Management ODATA IIS is also a part of 2012 R2 installation media

ASP.NET MVC 4 can be downloaded from here –> http://www.asp.net/mvc/mvc4

Next we configure a database for use for SPF

image

In this database the SPF stores information such as
Tenants
Usage Records
Gallery Items
Roles
Servers
And Tenants Stamps

Next we choose where to deploy the SPF files and what certificate we want to use.
In my case for this demo I used a self-signed certificate.

image

Next we define credentials for the admin web service

image

NOTE: If you choose Network Service here you need to make sure that the machine account is a VMM administrator

In my case I choose a Service Account and entered a domain user.
After that you are done with SPF

image

Next we move on to the Azure Pack installation
You can download the pack from here –> http://technet.microsoft.com/en-us/library/dn296435.aspx?CR_CC=200142594

All it does is download a profile which uses webdeploy.

image

Now by default it will install all the web roles on the same servere

image

Click I accept (ill come back to what the different roles do)
And Note this installing part may take some time.

After that is done, press Continue and ill will start the Service Management Configuration site.

image

It will open a browser window on the localhost on port 30101, and again we will have to define a Database and server for the Azure Pack.

Here you have the option to use a Windows user or a regular SQL user.
Remember that you have to enable Mixed Mode on the SQL server in order to use regular SQL users.

image

Make sure that you write down the passphrase. If you forget or lose this passphrase, there is no way to recover it. This is used to encrypt and decrypt the Configuration Store..

Next we define a FQDN for the host

image

After this is done it will start configuring the different roles on the Server

image

After that is done we continue on with the configuration

image

NOTE: You may need to log out of your system and log back in before you can access the management portal for administrators. This is due to Windows authentication and the need to add the security group to your security token.

If you continue to see an access denied error, even after logging back in, close all Internet Explorer windows, and run Internet Explorer as an administrator.

Now the setup will open a browser on port 30091 which is the default port for the management portal for administrators

image

 

Now you can see the difference between “Katal” and Azure Pack

Katal (The old version)

image

(Azure Pack the New one)

image

New stuff is including
Reporting provider (This is also a feature that is on the Orchestrator installation media)
Service Bus Clouds (Read more about setting up service bus here –> http://msdn.microsoft.com/en-us/library/windowsazure/dn282152(v=azure.10).aspx )
Automation (This requires Service Management Automation web service)

So in my case I define the Service Provider Foundation endpoint for Azure Pack
And then Go to VM Clouds and connect to my VMM Management Server.

Add some bugs when connecting to my cloud but after a IISreset it worked just fine

image

This gets the cloud container from VMM, from here I can view resources in my cloud

image

Now for the end-user I can sign up using the tenant portal.
Which is on the same server you installed Azure Pack only on port 30081 remember thou that you need to create a plan and publish it in order for users to subscribe to that plan.

Here I signed up with a regular user account

image

Choose Add Plan and select a public plan which was created on the management portal.
Note thou that here we have external users created we can also use AD authentication

For the tenant portal you can configure this using ADFS here –> http://technet.microsoft.com/en-us/library/dn296436.aspx#WAP_AddADFSAuth

Note when you sign up for a plan you need to go back to the administration portal and approve the subscription.

Now If I want to automate a task associated with VM create I can do this in the management portal

image

All for this time, all dive in a bit more when I got the time Smilefjes 
Stay tuned

ARP guard in Hyper-V 2012

So I decided to try the ARP guard functionality in Hyper-V 2012 and see how it works, and in the same case check if it is possible to change the Mac address.

I took a look at what documentation Microsoft had around the subject
http://blogs.technet.com/b/wincat/archive/2012/11/18/arp-spoofing-prevention-in-windows-server-2012-hyper-v.aspx
http://technet.microsoft.com/en-us/library/hh831823.aspx

And what they say here is that

 I am sure you already browsed the new Hyper-V Manager UI and found a couple of new settings like DHCP Guard, Router Guard but nothing specific for ARP Spoofing.
Well, the feature you are looking for is called Port Access Control Lists and is implemented in the new Hyper-V switch and must be configured via PowerShell.

Arp Spoofing is a technique that allows for man-in-the-middle attack.

I can for instance place my computer in the middle of another user and intercept all the traffic going between the end-user and the gateway and place a sniffer on my computer and scan all the traffic going in and out.
Without the user even knowing it. This can happen because of how the Arp protocol is built. It is built on trust, and how computers can find other computers on the same subnet and was never thought of as a secure protocol.

So in order to test this out I had to setup a minor lab built with a couple of VM’s running on a hyper-v 2012 virtual switch.
1: with Windows Server 2008 R2
1: one domain controller
1: Linux Backtrack (which I will use arp spoof and mac changer on)

So when I start my newly installed WS2008 server It has a clean arp table (which consists of the broadcast address)

And as you can see this computer has the IP address 10.0.0.56
So what happens when I ping this server from the backtrack computer ? First the arp request (who owns this ip ? )

You can see the arp request first, then the ICMP protocol start. Then the Arp table is updated.

As an dynamic update. Then I ping the domain controller, which has ip 10.0.0.1,

and it has added itself to the list, look at difference between the mac addresses of 1 and 77.
Next I start the arp-spoof attack from my backtrack computer.

And I can see in wireshark that I am spamming with ARP traffic

And notice here I am saying that IP 10.0.0.1 is at another MAC address.
If you check the arp table now on the other computer you can see that the arp table is updated (poisoned)

And after I activate IP forwarding on the backtrack server I can «act» as a man in the middle.
As you can see now when I try to ping 10.0.0.1 I get a response

but from my Backtrack server instead of my domain controller. And according to my server it responds fine from 10.0.0.1

So how does the arpguard in Windows Server fit in here? In addition, where can I configure it?
The answer is Port Access Control Lists via PowerShell.

This is configured on the Hyper-V host I find it a best to do it via the PowerShell ISE.
so what can I do ? First, I have to create a port ACL that defines that the virtual machine can ONLY communicate out with the IP address of 10.0.0.77 and not any other.

So when I apply this port ACL and try to ping 10.0.0.1 It will not receive a response, and since it does not get a response I tries an ARP request again and my backtrack computer is unable to respons because of the Port ACL

And the arp table is restored to its default.

 

 

Veeam under panseret del 2

Backup and Replication er som jeg nevnte I forrige post, er rettet mot virtuell infrastruktur. For å kunne vise hvordan det fungerer kommer jeg til å sette opp B&R mot et miljø bestående av Hyper-V, B&R består I all hovesak av 3 komponenter.

Proxy Server : Det er denne som gjør jobben med å hente ut data fra serveren som det skal tas backup av og legger dette på et repository.
Backup Server : Administrasjonsserveren, her legger du inn backup jobbene som du ønsker og kjøre. Alt av jobber og statistikk blir lagret in en SQL database tilknyttet serveren.
Repository : Det er her backupdata blir lagt.

Så I all hovedsak så er det Proxy serveren som går inn  og henter ut data fra serveren og sender dette videre til et Backup Repository. Visst du merker at en backup job tar for lang tid kan du enkelt legge til flere proxy servere (da Proxy serveren jobber veldig CPU intensivt)
Jeg skal vise hvordan man kan definere ulike proxy servere for ulike jobber I en neste post.
Men når man skal avdekke bottlenecks er det 4 ting å se etter. NB: Visst Veeam avdekker at det er en bottleneck vil den senke ned “farten” på resten av komponentene til å kunne den farten som det svakeste leddet håndterer. 
data_pipe_hyperv
1: Hyper-V hosten (Mye lese og skrive mot disk ? )
2: Proxy serveren (Er CPU’en nådd maks ? )
3: Nettverket (Har det nådd maks båndbredde?)
4: Target repository  (Mye lese og skrive mot disk ? )

Andre komponenter:

Enterprise Backup Server: Muligheten til og administrere flere backup servere, den gir deg også mulighet til å søke gjennom backupene etter enkeltfiler
Backup Search: Bruker MOSS integration Services på en Microsoft search server for og kunne kjappere søke igjennom data.

Arkitekturen på Hyper-V

advanced_deployment_hyperv

I utgangspunktet vil det bli innstallert en proxy server på Hyper-V hosten, visst du har behov for å ta lasten vekk fra Hyper-V hosten må du ha en server som er satt opp som Offhost Data Proxy
(Dette krever en server som er installert med Hyper-V pga VSS og bør være samme Hyper-V versjon som hosten den skal ta backup av)

Arkitekturen på VMware

 

For VMware sin del er det ingenting som blir installert på selve hosten, du må sette opp en egen Windows server som kjører som Backup Proxy (Denne serveren bør ha tilgang til samme lagringen som VMware hosten)
denne serveren kan også være en virtuell maskin som kjører på VMware men dette krever at serveren har HotAdd tilgang til VMene på Datastoren) http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vddk.pg.doc_50%2FvddkDataStruct.5.5.html

Støttet systemer:

Hypervisor

Microsoft Hyper‑V Server 2008 R2 SP1
Microsoft Windows Server 2008 R2 SP1 med Hyper-V
Microsoft Windows Server 2012 med Hyper-V

Management Server (Ikke nødvendig)
Visst man ønsker å ta backup mot VMM krever det installasjon av VMM konsollet på Backup serveren)

Microsoft System Center 2008 Virtual Machine Manager R2 SP1
Microsoft System Center 2012 Virtual Machine Manager

Du kan lese mer om anbefalinger rundt hardware og supporterte systemer her –>
http://bit.ly/VSqfn0

Installasjon:
Installasjonen av Veeam krever at man også har installert
.Net Framework 4.0
En SQL Server enten lokalt eller på en annen server.

Visst man ikke har noen av delene vil Veeam installasjonen installere begge deler (dog en SQL Express utgave av 2008 R2)

Installasjonen er veldig enkel og strømlinjeformet

1

Legg inn lisensnøkkelen du har fått utgitt.

2

Management Console (Er Backupserveren med komponenter)
Catalog Service (Er ansvarlig for å indeksere VM OS filer)
PowerShell snap-in (Gir deg PowerShell kommandoer som kan brukes til å automatisere backup akviteter via script)

3

Visst du ikke har noen SQL database server tilgjengelig velger du lokalt oppsett (Da vil installasjonen sette opp en SQL Express 2008R2)
Applikasjonen har støtte for de fleste MSSQL versjoner

•Microsoft SQL Server 2005 (Full og Express Edition)
•Microsoft SQL Server 2008 (Full og Express Edition)
•Microsoft SQL Server 2008 R2 (Full og Express Edition)
•Microsoft SQL Server 2012 (Full og Express Edition)

6

Her må du oppgi en bruker som har full database tilganger på databasen. Samme brukeren vil også automatisk bli gitt “Log on as a service” rettigheten på serveren.
Så her er det å anbefale å bruke en least-privilege bruker.

5

Deretter er det bare å klikke Next og så install.
B&R kan nå startes fra skrivebordet eller under startmenyen.

8

Før vi begynner å legge til Hyper-V servere og konfigurer backup er det viktig at vi går igjennom oppsettet på serveren å hvilken konfigurasjons muligheter som finnes der.
Slik ser grensesnittet ut når du inne.

konfigurasjon-del1

Det er I all hovedsak delt opp I 5 faner.

Backup & Replication (Her definerer du backup og replikerings jobber, får opp alle backupene du har satt opp)
Virtual Machines (Lister opp alle virtuelle maskiner som er knyttet opp I mot Veeam )
Files (Lister opp filer på de fysiske hostene)
Backup Infrastructure (Her definerer du hvilken servere som skal være Proxy servere, hvilken server som skal være repository og hvilken servere som er administrert av Veeam)
History (Lister opp alle jobbene som har blitt kjørt via Veeam)

I tillegg har du en ekstra meny når du klikker på Session Tools knappen øverst til venstre, her får du tilgang til PowerShell modulen, muligheter til å sette
brukertilganger, definere traffic throttling, ta backup av konfigurasjonen og sette opp varsling (snmp og e-post) Jeg kommer til å komme litt innom PowerShell og eksempler du kan bruke senere.
Under “Help” menyen har du også mulighet til å se på lisensen som er bundet opp I mot Veeam serveren og muligheten til å endre lisensen.

32

Da ble denne posten lang nok, neste gang vil jeg gå igjennom hvordan man legger til Hyper-V servere å setter opp en Backup Job og hva de ulike innstillingene gjør for noe.

Windows Server 2012 deployment via PowerShell

Now with the release of Windows Server 2012, Microsoft has added a huge huge huge improvement in PowerShell, there are about 2400 cmdlets available, and Microsoft have said that there are more to tome.
Just to display how easy it is, I thought Id give a walkthrough deployment of a simple Server 2012 farm.
Including
1x AD Domain Controller
1x RDS server session deployment with remoteapps.
1x File Server using data DE duplication and used for serving the user profile disks on the RDS server with NIC teaming. And Having 3 disks in a storage space and volumes using disk parity.

Now we are going to host all of these 3 servers on a WS2012 Hyper-V server. So first of we create a virtual network where these hosts are going to be.

First we create the switch

New-VMswitch –name vm-switch –switchtype internal

Then we create the first virtual machine and add it to that internal network.

New-VM -NewVHDPath e:\vm\ad.vhdx -NewVHDSizeBytes 20GB -BootDevice CD -MemoryStartupBytes 2GB -Name AD
Remove-VMNetworkAdapter –VMName AD –Name “Network Adapter”
Add-VMNetworkAdapter -VMName AD -Name «Network Adapter» -SwitchName vm-switch


After that we can boot the first computer. This is going to be our domain controller, and for the purpose of this demonstration we are going to install this as a Server Core server. (Server Core is a stripped down server which basically gives you an command prompt that you can work from.
IF you wish to manage the server you either need to use sconfig, PowerShell or Server Manager

If you wish to install full GUI on it afterwards you can do this using the commands

Install-WindowsFeature server-gui-mgmt-infra,server-gui-shell -source:wim:d:\sources\install.wim:4 –restart

If you look at the last command there you see that I needed to specify the source (Because when I install with Server Core it removes all the unnecessary binaries from the install so you need to insert the installation media and in my case it was ISO file on the D: drive.  And I also needed to specify the install WIM file and the WIM file contains the images for Datacenter and Standard Core and with GUI so the number 4 states Datacenter with GUI.

When the server is up and running we have to configure the network, domain name and such.

New-Netipaddress –ipaddress 192.168.0.1 –interfacealias «Ethernet» –Prefixlenght 24
Set-DnsClientServerAddress -InterfaceAlias «Ethernet» -ServerAddresses 192.168.0.1
Rename-computer adds
Restart-computer

This will add the IP address of 192.168.0.2 on the interface Ethernet with a subnet mask of 255.255.255.0 /24
And set the DNSclient to itself (since the ADDS installs DNS as well)
Renames the computer ADDS and does a restart.

After that we install ADDS. This is the simplest setup and uses most of the default values.

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Install-ADDSForest –DomainName test.local
Restart-computer

This will install a ADDS domain service on this server (as well including DNS server) with the domain name of test.local
after that you have to restart the computer. When the server is finished booting, you have a fully functional domain server so now its time to install the RDS server.

New-VM -NewVHDPath e:\vm\rds.vhdx -NewVHDSizeBytes 20GB -BootDevice CD -MemoryStartupBytes 2GB -Name RDS
Remove-Vmnetworkadapter –Vmware RDS –name “network adapter”
Add-VMNetworkAdapter -VMName AD -Name «Network Adapter» -SwitchName vm-switch

So now we run the same create vm command as we ran before just change the name and file name.
We install a full server with GUI this time since we want the remote desktop users to get a full desktop Smile
After the server is finished installing we need to setup the basic stuff as we did before.

New-Netipaddress –ipaddress 192.168.0.2 –interfacealias «Ethernet» –Prefixlenght 24
Set-DnsClientServerAddress -InterfaceAlias «Ethernet» -ServerAddresses 192.168.0.1
Rename-computer rds
Add-Computer -Domainname test.local –Credential
Restart-computer

This time we set the DNS client to point to the AD server. And change its name and join it to the domain. After the restart we have to install the RDS server role.
As we are going to host all the server roles on the same server (not very secure or recommended but simple Smile 

New-RDSessionDeployment -ConnectionBroker test02.test.local -WebAccessServer test02.test.local -SessionHost test02.test.local

Restart-Computer

 

Remove-RDSessionCollection QuickSessionCollection

New-RDSessionCollection -Collectionname Statistikk -sessionhost test02.test.local -connectionbroker test02.test.local

New-RDremoteApp -Collectionname Statistikk -Alias Notepad -Filepath C:\windows\system32\notepad.exe -ShowInWebAccess 1 -ConnectionBroker test02.test.local -Displayname skriveskrive

Now what this does is to 1: Install the RDS server roles and point to where each server role is located, and then restart the computer.
After that is done it removes the QuickSessionCollection as is created by default when using Quick Deployment.

Creates a new collection and points to which sessionshost and connection broker is included in this collection.
Then it publishes the application Notepad and makes in available to users via the RDweb portal.  And note I didn’t set up user profile disk on the RDS server yet since we need to set up the file server before we do that.

Now we have to create the file server, now this server needs to have multiple network cards and multiple disks in order to have High-availability.
So we start by creating the VM with multiple nics and hdds.

New-VM -NewVHDPath e:\vm\rds.vhdx -NewVHDSizeBytes 20GB -BootDevice CD -MemoryStartupBytes 2GB -Name FS

New-Netipaddress –ipaddress 192.168.0.3 –interfacealias «Ethernet» –Prefixlenght 24
Set-DnsClientServerAddress -InterfaceAlias «Ethernet» -ServerAddresses 192.168.0.1
Rename-computer fs
Add-Computer -Domainname test.local –Credential
Restart-computer

So here we create a fileserver virtual machine with 2 NICs and 3 virtual harddrives.
Drive 2 and 3 will be used for a storage pool with mirrored setup. Now setting up two virtual drives in a mirrored setup doesn’t make much sense but this is just to show how easy and flexible the deployment is.
Now after the server is finished installign and has joined the domain we can start by setting up the NIC teaming.

New-lbfoteam –name Test –Teammembers «ethernet 2», «ethernet» -loadbalancingalgorithm Ipaddresses –teamingmode switchindependent –teamnicname SuperPowah

You can run the command

get-lbfoteam and get-lbfoteamnic

To see the status of the team and the NIC (If its up and down or not )
Now what this does is to create a new load balance and failover team called Test, and it includes the two interfaces ethernet 2 and ethernet and the load balancing algorithm is based on IP addresses, and I choose the teaming mode switch independent and the team nice is called SuperPowah. Now that we have done that the first NIC loses it’s IP address settings so now we have to setup an IP setting for the new NIC name SuperPowah

New-Netipaddress –ipaddress 192.168.0.3 –interfacealias «SuperPowah» –Prefixlenght 24
Set-DnsClientServerAddress -InterfaceAlias «SuperPowah» -ServerAddresses 192.168.0.1

Next we have to install the dedup features (Which is not installed by default. )

Install-windowsfeature FS-data-deduplication

By default the schedule for a dedup job is set to default 5 days, but that can be changed. You can also run it manually by running the command.

Start-dedupjob –volume e: –type optimization

You can view the status by running the command

Get-dedupjob
get-dedupstatus

If you wish to remove dedup from a disk you can run the command

Start-dedupjob –volume e: –type unoptimization

Next we create a new folder on the new share then we share the folder.

mkdir userdata on C:\
new-smbshare –path c:\userdata –name userdata

Now after that share is created. We have to update the RDS collection configuration

Set-RDSessionCollectionConfiguration –Collectionname statistikk –EnableUserProfileDisk –diskpath \\fs\userdata –MaxProfileDiskSizeGB 40

So there you go, I will try to update this with some other scenarios as well.

Error when starting a VM in Hyper-V 2012

Quick post!
Got an error after I’ve upgraded my servers from 2008 R2 to 2012 and I wanted to boot my VM’s.
In the event viewer I got this error message Hypervisor launch failed; Secure Mode Extensions have been enabled by the BIOS. Please disable Secure Mode Extensions in the BIOS to launch Hyper-V.
I the hyper-v manager I got the message:

Virtual machine ‘VM_Name’ could not be started because the hypervisor is not running (Virtual machine ID <Virtual_Machine_ID>). The following actions may help you resolve the problem:

  1. Verify that the processor of the physical computer has a supported version of hardware-assisted virtualization.
  2. Verify that hardware-assisted virtualization and hardware-assisted data execution protection are enabled in the BIOS of the physical computer. (If you edit the BIOS to enable either setting, you must turn off the power to the physical computer and then turn it back on. Resetting the physical computer is not sufficient.)
  3. If you have made changes to the Boot Configuration Data store, review these changes to ensure that the hypervisor is configured to launch automatically.

This was a bit odd since it was working for 2008 R2, so I tried the basics.

First I ran systeminfo and saw under Hyper-V requirements to see that it was fully supported.

Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes Second Level Address Translation: Yes Data Execution Prevention Available: Yes

I ran the command bcdedit /set hypervisorlaunchtype auto
Since it stated that the Hypervisor was not running.

Tried a reboot, but still nothing happened.
In my case it was because I had an old BIOS driver on my server so when I updated my BIOS everything started working again , so remember to check that you have the latest BIOS driver, that is always a good best practice Smile

Windows Server 2012 & System Center 2012 licensing

Even thou Microsoft said that it would be easier it was still a bit difficult for me to understand how it worked, but in the end I finally got a good grasp of how the licensing model works so therefore I would like to share it with you. Windows Server 2012 and System Center 2012 is licensed in the same manner, so therefore it easier to combine both of them.

First of System Center and Windows Server 2012 comes in two editions. Standard and Datacenter
The difference between the two is the the right to virtualize.

Standard allows you to have 2 virtual server OSE
Datacenter allows for unlimited virtual servers OSE 

And also remember that each license covers two processors
You also need to remember that there are no differences between Standard and Datacenter, they have all the same functions and they have no restrictions.
If you plan to have implement both these solutions you might want to consider a Core Infrastructure license with contains either Standard ( Windows Server & System Center ) or Datacenter ( Windows Server & System Center) at a reduced price.

Some estimated prices on Server: Datacenter $4,809 Standard $882
and on System Center: Datacenter $3,607 Standard $1,323

Some examples of pricing.
1 physical server, 1 CPU, 1 VM = 1 Standard license
1 physical server, 4 CPU, 1 VM = 2 Standard license (or 2 datacenter) 
1 physical server, 4 CPU, 10 VM = 5 Standard license ( or 2 datacenter)
1 physical server, 4 CPU, 20 VM = 10 standard license ( or 2 datacenter would be a lot cheaper to buy datacenter here)
2 physical server, 2 CPU each, 2 VM each = 2 standard license (or 2 datacenter ofc it would be a lot cheaper to buy standard here)

So some other examples (What if I have 1 Datacenter license on Server 2012 and System Center and I have 2 CPU’s and I have Operations Manager installed, what happens if I want to install Configuration Manager on some virtual machines on the server?) Nothing! licensing is based on physical processors not virtual.

So what is the catch, what else do I need to think of ?
For Server you still need a CAL for each user that is accessing the server
For System Center you still need a Client ML(Management License) for each managed device that run non-server OSE’s
And for System Center you have 3 different Client ML
Configuration Manager Client ML ( Configuration Manager and Virtual Machine Manager) (Included in Core CAL)
Endpoint Protection Subscription ( Endpoint Protection ) (Included in Core CAL)
Client Management Suite Client ML ( Service Manager, Operations Manager, Data Protection Manager, Orchestrator) (Included in Enterprise CAL)

So if have 1 server with 2 physical CPU (without virtual machines on that server) and you wish to manage 50 computers using ConfigMgr and have Endpoint Protection you would need
1 Standard Server license, 1 System Center Standard license, 50 Configuration Manager Client ML + Endpoint Protection Subscription (Unless you have an Core CAL in place)

Windows Server 2012 Hyper-v And Vsphere 5.1

A lot of fuzz is going on regarding virtualization these days, and the primary topic is Hyper-V vs VMware vSphere.
And of course there going to be some arguments regarding which one is better, and which of them has the more features and who is the most enterprise ready so on and so forth.
Just last week VMware released version 5.1 of vSphere which included some new functionality and improvements in  scalability, and Windows Server 2012 was released the 4th of September. So therefore like many before me I’m going to compare the two of them. I have read many blogs lately where people claim that one of the products are better then the other, and a lot of them compare features in the wrong way (For instance if Product 1 has feature 1 and Product 2 has feature 2 even thou they do the same the use different names and therefore aren’t compared). I’m not here to write down a conclusion of which one is better, I’m just going to lay down the facts so you can decide what you think is the better option.  And I’m not going to debate vCenter and System Center comparison, because that is another different story Smile

Windows and virtualization:
Microsoft first came out with its hyper-v virtualization platform in 2008 (With Windows Server 2008) Before that Microsoft has a product which was named Virtual Server, many people claim that Microsoft is pretty fresh in the server virtualization marked but actually Microsoft has been in the marked since 2004 (When the first release of Virtual Server was released) But was again later superseded by Hyper-V. Now the latest version of Hyper is called V 3.0 comes with Windows Server 2012.
You also have the free version of Hyper-V which is called Hyper-V server 2012. http://www.microsoft.com/en-us/server-cloud/hyper-v-server/ (This product only contains the hypervisor, Windows Server driver model, virtualization capabilities, and supporting components such as failover clustering but does not contain the rest of the features and roles in Windows Server. Therefore you get a small footprint on the host. But other then that the versions of Server 2012 that contains Hyper-V is Windows Server 2012 Standard and Windows Server 2012 Datacenter.
The difference licensing between the two is the following.

Standard edition = allows you to run 2 virtual machines $882 for a 2 physical CPU server
Datacenter edition = allows you to run unlimited virtual machines $4,809 for a 2 physical CPU server

Some examples;
1 server: 2 CPU and 4 virtual machines = You could either have 2 standard edition licenses or 1 datacenter edition license
1 server: 6 CPU and 8 virtual machines= You could either have 4 standard edition licensers or 3 datacenter edition licenses.
And in both scenarios you wouldn’t need a license for the VM because the license is for physical hosts!

In Windows Server 2012 Hyper-V 3.0 Windows has the following workloads and the following features.

Host max
Logical processors on hardware 320
Physical memory  4 TB
Virtual processors per host 2,048

Virtual machine max
Virtual processors per virtual machine 64
Memory per virtual machine  1 TB
Active virtual machines per server 1,024

Cluster max
Nodes 64
Virtual machines 8,000

Network
Quality of Service (QoS)
SR-IOV
Network Virtualization (Using GRE or IP rewrite) Link to the IEEE draft =
http://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-00
PVLAN support
Dynamic Virtual Machine Queue (D-VMQ) (allows the host’s network adapter to pass DMA packets directly into individual virtual machine memory stacks)
Receive Side Scaling (RSS spreads monitoring interrupts over multiple processors, so a single processor isn’t required to handle all I/O interrupts,)
Receive Segment Coalescing (RSC improves the scalability of the servers by reducing the overhead for processing a large amount of network I/O traffic.)
DHCP Guard (DHCP guard drops server messages from unauthorized virtual machines that are acting as DHCP servers.)
Router Guard (Router guard drops router advertisement and redirection messages from unauthorized virtual machines that are acting as routers.)
Port mirroring (not promiscuous mode, does a forward of all the packet to a VM to another destination)
Virtual Port ACLs
Trunk mode using 802.1q
IPsec Task offload
Integrated Network Adapter Teaming
Hyper-V Extensible Switch
Data Center Bridging (DCB)
Resource metering (Measure usage of CPU, Memory, Network and disk for a virtual machine)
NIC Teaming (Allows for LACP in the native OS, before this needed to be done by a third party product like Broadcom)

Management
PowerShell
SCVMM 2012 SP1 (You can use CTP release for Windows Server 2012 but official support comes with Service Pack 1 which is in Beta now)
Server Manager
Cluster Manager
Hyper-V Manager
Cluster Aware updating
IPAM

Storage
New Virtual Disk format (VHDX supports up to 64 TB Virtual Disks)
Offloaded Data Transfer – ODX (Is a feature of a SAN, allows the file transfer/copying between hosts on the SAN to be done by the SAN instead of the regular network transfer)
Live merging of VHDs and Snapshots
RDMA (IS a direct memory access from the memory of one computer into another without involving either’s OS.
SMB 3.0 (Allows to use regular network fileservers instead of expensive SAN solution)
Native 4 KB sector disks support (But for compability sake it allows for an 512-byte emulation called 512e )
Data De-duplication
Virtual Fibre Channel inside the Virtual Machines
VM boot from SAN
Storage Spaces (Software like RAID solution)
New File system ReFS (Luckily most of the system filters which a written for NTFS will work for ReFS, and it has improvements to resilience, reliability)
Bitlocker on CSV (Allows you to encrypt an CSV volume)
SMI-S (Is a storage standard by the SNIA which allows for management functions via HTTP)
Encrypt VHD files with Bitlocker Network Boot(Gives you an ability to encrypt an VHD file, so if it reboot it will contact a wds server and get the decryption keys and continue to boot)

Migration
Improved Live Migration
Unlimited Simultaneous live migrations
Live Storage Migration
Shared-Nothing Live Migration
Hyper-V Replica
Failover Prioritization

VMware and virtualization:
VMware started its life with VMware workstation which was released in 1999 (Yes its really that old!) And has since then been living on virtualization technology, the first release of vSphere came in 2001. They have also created an VDI product called VMware View, and in 2010 they acquired the open-source groupware solution Zimbra from Yahoo.  So they are expanding their horizon when relating to software products but their primary focus has always been virtualization. Now last week (
VMware released their newest version of vSphere, version 5.1 http://www.vmware.com/files/pdf/products/vsphere/vmware-what-is-new-vsphere51.pdf and VMware has also just recently killed of the vRAM memory tax, in order to compete with Windows.

VMware pricing and editions:

VMware vSphere 5.1 is licensed on a per- physical processor basis

Standard edition = $1144 (Is a bit more stripped version of the hypervisor)
Enterprise edition = $3308 (Is also a bit stripped version of the full version)
Enterprise plus edition = $4024 (Contains all of the features and has the full workload)
NOTE:These prices are fetched from VMware’s site which is usually listed as EURO not US$

Some examples;
1 Server = 1 CPU 4 Virtual Machines (IF you want all the features you need 1 Enterprise plus licenses)
1 Server = 2 CPU 4 Virtual Machines (IF you want all the features you need 2 Enterprise plus licenses)
So in both cases you would need a WS2012 Datacenter License in addition to the Vmware license (IF you wish to use Windows Server 2012 VM’s on that host)

VMware and vSphere 5.1 has the following workloads and the following features.(Enterprice plus edition)

Host max
Logical processors on hardware 256
Physical memory  2TB
Virtual CPU per host 2,048


Virtual machine max

Virtual processors per virtual machine 64
Memory per virtual machine  1 TB
Active virtual machines per server 1,024

Network
Netflow 10 (IPFIX)
Port Mirroring (RSPAN and ERSPAN)
LLDP
QOS (Network I/O)
SRV-IO
VXLAN
PVLAN
DCB (Data Center Bridging) refers to a set of enhancements to Ethernet local area networks for use in data center environments.
Receive Side Scaling (RSS spreads monitoring interrupts over multiple processors, so a single processor isn’t required to handle all I/O interrupts,)
TCP Segment Offload
Distributed Virtual Switch
LACP (Link Aggregation Control Protocol)

Management
vSphere webclient
Powershell via PowerCLI
vCenter
vCloud
SCVMM (Eventually will come with support, with SP1 you have support for up to vSphere 5.0)

Storage
vMotion enchancements ( similar to shared-nothing live migration)
Boot from Software FCoE
16Gb HBA Support
iSCSI jumbo frames
SSD Monitoring
VMFS-5 enchancements

So there is  a lot happening in both camps nowadays.
For higher workloads Windows seems to be the good option ,and you don’t think that anyone is actually going to max out those numbers? I’ve actually spoken to a service provider in the US which was a bit annoyed with the max VM per cluster since each server can hold 1,024 virtual machines and in a cluster with 32 nodes you can “only” have 4,000 virtual machines.  But another question, how is the performance ? There is no use having a 150HK engine if another car with 110HK can go right past you.
VMware actually has a performance document stating that each VM was performing about 18,9% on VMware 5. (This document is 2008R2 Hyper-v vs. VMware) http://www.vmware.com/files/pdf/products/vsphere/VMware-vSphere-vs-Hyper-V.pdf
Again this is for the old version, it is going to be interesting too see how the performance is going to impact with WS2012.

Microsoft is working hard these days with SP1 for System Center, since for enterprise deployment you are going to need SCVMM (Since full support for Server 2012 comes with SP1). VMware already has the management solution for its new hypervisor available so Microsoft better hurry up Smile
And Microsoft is also working with Service Provider foundation. For hosters that wish to deliver IaaS this is going to be big news! V1 of this is going to be avaliable with SP1 for System Center, if you don’t want to use this
Citrix has a Control Panel solution which integrates to SCVMM to deliver IaaS, Paas & SaaS called Cloudportal Services Manager (which does not use the Service Provieder Foundation API)
ExtendASP which also is a control panel solution for hosters have full support for Windows Server 2012, so it allows for hosters to easy deploy solutions for their customers.
VMware already has their IaaS solution in place with vCloud director so its going to be interesting to see how they compete in functionality and features.

Links:
(VMware comparison set of Hyper-V VS VMware) http://www.vmware.com/files/pdf/getthefacts/vmw-vSphere-5-vs-Hyper-V-3-Beta.pdf
(Microsoft comparison set of Hyper-V VS VMware)http://download.microsoft.com/download/5/A/0/5A0AAE2E-EB20-4E20-829D-131A768717D2/Competitive%20Advantages%20of%20Windows%20Server%202012%20RC%20Hyper-V%20over%20VMware%20vSphere%205%200%20V1%200.pdf
Vmware vSphere 5.1 http://www.vmware.com/pdf/vsphere5/r51/vsphere-51-configuration-maximums.pdf
What’s new in vSphere 5.1 Networking http://blogs.vmware.com/vsphere/2012/09/whats-new-in-vsphere-5-1-networking.html
What’s new in vsPhere 5.1 Storage http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Storage-Technical-Whitepaper.pdf
http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Performance-Technical-Whitepaper.pdf

Now this post is still in the making since there are still a lot of new facts and updates that appear each week.

Windows Server 2012 Hyper-V and Vsphere 5.1

A lot of fuzz is going on regarding virtualization these days, and the primary topic is Hyper-V vs VMware vSphere.
And of course there going to be some arguments regarding which one is better, and which of them has the more features and who is the most enterprise ready so on and so forth.
Just last week VMware released version 5.1 of vSphere which included some new functionality and improvements in  scalability, and Windows Server 2012 was released the 4th of September. So therefore like many before me I’m going to compare the two of them. I have read many blogs lately where people claim that one of the products are better then the other, and a lot of them compare features in the wrong way (For instance if Product 1 has feature 1 and Product 2 has feature 2 even thou they do the same the use different names and therefore aren’t compared). I’m not here to write down a conclusion of which one is better, I’m just going to lay down the facts so you can decide what you think is the better option.  And I’m not going to debate vCenter and System Center comparison, because that is another different story Smile

Windows and virtualization:
Microsoft first came out with its hyper-v virtualization platform in 2008 (With Windows Server 2008) Before that Microsoft has a product which was named Virtual Server, many people claim that Microsoft is pretty fresh in the server virtualization marked but actually Microsoft has been in the marked since 2004 (When the first release of Virtual Server was released) But was again later superseded by Hyper-V. Now the latest version of Hyper is called V 3.0 comes with Windows Server 2012.
You also have the free version of Hyper-V which is called Hyper-V server 2012. http://www.microsoft.com/en-us/server-cloud/hyper-v-server/ (This product only contains the hypervisor, Windows Server driver model, virtualization capabilities, and supporting components such as failover clustering but does not contain the rest of the features and roles in Windows Server. Therefore you get a small footprint on the host. But other then that the versions of Server 2012 that contains Hyper-V is Windows Server 2012 Standard and Windows Server 2012 Datacenter.
The difference licensing between the two is the following.

Standard edition = allows you to run 2 virtual machines $882 for a 2 physical CPU server
Datacenter edition = allows you to run unlimited virtual machines $4,809 for a 2 physical CPU server

Some examples;
1 server: 2 CPU and 4 virtual machines = You could either have 2 standard edition licenses or 1 datacenter edition license
1 server: 6 CPU and 8 virtual machines= You could either have 4 standard edition licensers or 3 datacenter edition licenses.
And in both scenarios you wouldn’t need a license for the VM because the license is for physical hosts!

In Windows Server 2012 Hyper-V 3.0 Windows has the following workloads and the following features.

Host max
Logical processors on hardware 320
Physical memory  4 TB
Virtual processors per host 2,048

Virtual machine max
Virtual processors per virtual machine 64
Memory per virtual machine  1 TB
Active virtual machines per server 1,024

Cluster max
Nodes 32
Virtual machines 4,000

Network
Quality of Service (QoS)
SR-IOV
Network Virtualization (Using GRE or IP rewrite) Link to the IEEE draft =
http://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-00
PVLAN support
Dynamic Virtual Machine Queue (D-VMQ) (allows the host’s network adapter to pass DMA packets directly into individual virtual machine memory stacks)
Receive Side Scaling (RSS spreads monitoring interrupts over multiple processors, so a single processor isn’t required to handle all I/O interrupts,)
Receive Segment Coalescing (RSC improves the scalability of the servers by reducing the overhead for processing a large amount of network I/O traffic.)
DHCP Guard (DHCP guard drops server messages from unauthorized virtual machines that are acting as DHCP servers.)
Router Guard (Router guard drops router advertisement and redirection messages from unauthorized virtual machines that are acting as routers.)
Port mirroring (not promiscuous mode, does a forward of all the packet to a VM to another destination)
Virtual Port ACLs
Trunk mode using 802.1q
IPsec Task offload
Integrated Network Adapter Teaming
Hyper-V Extensible Switch
Data Center Bridging (DCB)
Resource metering (Measure usage of CPU, Memory, Network and disk for a virtual machine)
NIC Teaming (Allows for LACP in the native OS, before this needed to be done by a third party product like Broadcom)

Management
PowerShell
SCVMM 2012 SP1 (You can use CTP release for Windows Server 2012 but official support comes with Service Pack 1 which is in Beta now)
Server Manager
Cluster Manager
Hyper-V Manager
Cluster Aware updating
IPAM

Storage
New Virtual Disk format (VHDX supports up to 64 TB Virtual Disks)
Offloaded Data Transfer – ODX (Is a feature of a SAN, allows the file transfer/copying between hosts on the SAN to be done by the SAN instead of the regular network transfer)
Live merging of VHDs and Snapshots
RDMA (IS a direct memory access from the memory of one computer into another without involving either’s OS.
SMB 3.0 (Allows to use regular network fileservers instead of expensive SAN solution)
Native 4 KB sector disks support (But for compability sake it allows for an 512-byte emulation called 512e )
Data De-duplication
Virtual Fibre Channel inside the Virtual Machines
VM boot from SAN
Storage Spaces (Software like RAID solution)
New File system ReFS (Luckily most of the system filters which a written for NTFS will work for ReFS, and it has improvements to resilience, reliability)
Bitlocker on CSV (Allows you to encrypt an CSV volume)
SMI-S (Is a storage standard by the SNIA which allows for management functions via HTTP)
Encrypt VHD files with Bitlocker Network Boot(Gives you an ability to encrypt an VHD file, so if it reboot it will contact a wds server and get the decryption keys and continue to boot)

Migration
Improved Live Migration
Unlimited Simultaneous live migrations
Live Storage Migration
Shared-Nothing Live Migration
Hyper-V Replica
Failover Prioritization

VMware and virtualization:
VMware started its life with VMware workstation which was released in 1999 (Yes its really that old!) And has since then been living on virtualization technology, the first release of vSphere came in 2001. They have also created an VDI product called VMware View, and in 2010 they acquired the open-source groupware solution Zimbra from Yahoo.  So they are expanding their horizon when relating to software products but their primary focus has always been virtualization. Now last week (
VMware released their newest version of vSphere, version 5.1 http://www.vmware.com/files/pdf/products/vsphere/vmware-what-is-new-vsphere51.pdf and VMware has also just recently killed of the vRAM memory tax, in order to compete with Windows.

VMware pricing and editions:

VMware vSphere 5.1 is licensed on a per- physical processor basis

Standard edition = $1144 (Is a bit more stripped version of the hypervisor)
Enterprise edition = $3308 (Is also a bit stripped version of the full version)
Enterprise plus edition = $4024 (Contains all of the features and has the full workload)
NOTE:These prices are fetched from VMware’s site which is usually listed as EURO not US$

Some examples;
1 Server = 1 CPU 4 Virtual Machines (IF you want all the features you need 1 Enterprise plus licenses)
1 Server = 2 CPU 4 Virtual Machines (IF you want all the features you need 2 Enterprise plus licenses)
So in both cases you would need a WS2012 Datacenter License in addition to the Vmware license (IF you wish to use Windows Server 2012 VM’s on that host)

VMware and vSphere 5.1 has the following workloads and the following features.(Enterprice plus edition)

Host max
Logical processors on hardware 256
Physical memory  2TB
Virtual CPU per host 2,048


Virtual machine max

Virtual processors per virtual machine 64
Memory per virtual machine  1 TB
Active virtual machines per server 1,024

Network
Netflow 10 (IPFIX)
Port Mirroring (RSPAN and ERSPAN)
LLDP
QOS (Network I/O)
SRV-IO
VXLAN
PVLAN
DCB (Data Center Bridging) refers to a set of enhancements to Ethernet local area networks for use in data center environments.
Receive Side Scaling (RSS spreads monitoring interrupts over multiple processors, so a single processor isn’t required to handle all I/O interrupts,)
TCP Segment Offload
Distributed Virtual Switch
LACP (Link Aggregation Control Protocol)

Management
vSphere webclient
Powershell via PowerCLI
vCenter
vCloud
SCVMM (Eventually will come with support, with SP1 you have support for up to vSphere 5.0)

Storage
vMotion enchancements ( similar to shared-nothing live migration)
Boot from Software FCoE
16Gb HBA Support
iSCSI jumbo frames
SSD Monitoring
VMFS-5 enchancements

So there is  a lot happening in both camps nowadays.
For higher workloads Windows seems to be the good option ,and you don’t think that anyone is actually going to max out those numbers? I’ve actually spoken to a service provider in the US which was a bit annoyed with the max VM per cluster since each server can hold 1,024 virtual machines and in a cluster with 32 nodes you can “only” have 4,000 virtual machines.  But another question, how is the performance ? There is no use having a 150HK engine if another car with 110HK can go right past you.
VMware actually has a performance document stating that each VM was performing about 18,9% on VMware 5. (This document is 2008R2 Hyper-v vs. VMware) http://www.vmware.com/files/pdf/products/vsphere/VMware-vSphere-vs-Hyper-V.pdf
Again this is for the old version, it is going to be interesting too see how the performance is going to impact with WS2012.

Microsoft is working hard these days with SP1 for System Center, since for enterprise deployment you are going to need SCVMM (Since full support for Server 2012 comes with SP1). VMware already has the management solution for its new hypervisor available so Microsoft better hurry up Smile
And Microsoft is also working with Service Provider foundation. For hosters that wish to deliver IaaS this is going to be big news! V1 of this is going to be avaliable with SP1 for System Center, if you don’t want to use this
Citrix has a Control Panel solution which integrates to SCVMM to deliver IaaS, Paas & SaaS called Cloudportal Services Manager (which does not use the Service Provieder Foundation API)
ExtendASP which also is a control panel solution for hosters have full support for Windows Server 2012, so it allows for hosters to easy deploy solutions for their customers.
VMware already has their IaaS solution in place with vCloud director so its going to be interesting to see how they compete in functionality and features.

Links:
(VMware comparison set of Hyper-V VS VMware) http://www.vmware.com/files/pdf/getthefacts/vmw-vSphere-5-vs-Hyper-V-3-Beta.pdf
(Microsoft comparison set of Hyper-V VS VMware)http://download.microsoft.com/download/5/A/0/5A0AAE2E-EB20-4E20-829D-131A768717D2/Competitive%20Advantages%20of%20Windows%20Server%202012%20RC%20Hyper-V%20over%20VMware%20vSphere%205%200%20V1%200.pdf
Vmware vSphere 5.1 http://www.vmware.com/pdf/vsphere5/r51/vsphere-51-configuration-maximums.pdf 
What’s new in vSphere 5.1 Networking http://blogs.vmware.com/vsphere/2012/09/whats-new-in-vsphere-5-1-networking.html
What’s new in vsPhere 5.1 Storage http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Storage-Technical-Whitepaper.pdf
http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Performance-Technical-Whitepaper.pdf

Administer Other Windows Server from Server Manager 2012

Now the new Server Manager is a lifesaver, it allows to manage multiple servers from one console. By default it is only supported for Windows Server 2012 but by downloading Windows Management Framework 3.0 and .Net 4 you can manage older versions as well. (2008, 2008R2)

You can download the needed files from here –>

http://www.microsoft.com/en-us/download/details.aspx?id=29939
http://www.microsoft.com/nb-no/download/details.aspx?id=17718

(If you try to manage an older version you can get this error)

1

And you need to install these on the servers you need to manage.
After these are installed you need to run some commands.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Configure-SMRemoting.ps1 -force -enable

2

After that is done, you can now manage your other servers.

3

You can see that now the AD server (DC) is added and AD role is added on the side as well Smile

New certifications from Microsoft

Microsoft has updated their certification site with a WHOLE load of new certifications for the release of windows server 2012.
If you now go to the MCSE site on Microsoft’s site you can now see new exams for Windows Server 2012 & Windows 8
http://www.microsoft.com/learning/en/us/certification/mcse.aspx

New exams that I can see so far is.

70-410  Installing and Configuring Windows Server 2012 (September 04, 2012(In development)
http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-410

70-411  Administering Windows Server 2012 (September 04, 2012(In development)
http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-411

70-412 Configuring Advanced Windows Server 2012 Services September 04, 2012(In development)
http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-412

If you take these 3 exams you will then get the MCSA Windows Server 2012.
Of course if you have the MSCA Server 2008 you can upgrade your title with the upgrade exam

70-417 Upgrade your skills to MSCA Windows Server 2012
(No info available yet)

When you have the MCSA Windows Server 2012, you can then upgrade this title with the MCSE Server Infrastructure.
Which consists of

70-413 Designing and Implementing a Server infrastructure
(No info available yet)

70-414 Implementing an advanced Server infrastructure
(No info available yet)

So in total to get the MCSE Server Infrastructure (If you don’t have any other certs from before)
You need to take 5 exams.

Of course there is also an MCSE Desktop Infrastructure track.

Which consists of the

70-415 Implementing a desktop infrastructure
(No info available yet)

70-416 Implementing desktop application environments
(No info available yet)

+ If you have the MSCA Windows Server 2012 You will get the title “MCSE Desktop Infrastructure”
Of course you can upgrade this as well if you have the Enterprise Desktop Administrator title.

With the release of Windows server 2012 and with System center 2012 just released, Microsoft again comes with a load of new certifications.
For those that are eager to take new certifications, well Microsoft just announced 8 certifications for Windows server 2012 and Windows 8. Like I didn’t have enough on my schedule to take more certs Winking smile

Følg

Få nye innlegg levert til din innboks.

Bli med 38 andre følgere