• Microsoft Azure
  • Virtual Machine Manager
PowerShell NetAdpater Advanced Property

Hyper-V Network Virtualization NVGRE: No connection between VMs on different Hyper-V Hosts

I have worked on some project with Hyper-V Network Virtualization and NVGRE, and today I have seen an issue with Encapsulated Task Offloading on some HP Broadcom Network adapters.

 

Issue

I have Hyper-V Hosts running with 10GbE Broadcom Network Adapters (HP Ethernet 10Gb 2-port 530FLR-SFP+ Adapter) with driver version 7.8.52.0 (released in 2014). I have created a new VM Network based on Hyper-V Network Virtualization using NVGRE. VM1 is running on Host1 and VM2 is running on Host2. You can ping VM2 from VM1 but there is no other connection possible like SMB, RDP, HTTP or DNS. If you are using a NVGRE Gateway you can no even resolve DNS inside those VMs. If VM1 and VM2 are running on the same Hyper-V host everything between those VMs works fine.

Advanced Driver Settings

If you are using Server Core, which you should by the way, you can use the following command to check for those settings:

PowerShell NetAdpater Advanced Property

 

Resolution

The Broadcom Network adapters have a feature called Encapsulated Task Offloading which is enabled by default. If you disable Encapsulated Task Offloading everything works fine. You can disable it by using the following PowerShell cmdlet.

After that connection inside the VMs started to work immediately, no reboot needed.



Windows Azure Pack Architecture

Some days ago I wrote about Windows Azure Pack which basically brings Windows Azure Services to your datacenter on top of Windows Server and System Center. I also showed a little overview how the overall architecture looks like, including the different resource providers such as VM Cloud or SQL Server.

Overall Architecture

Windows Azure Pack Archtiecture Overview

Components

If you a look on the Windows Azure Pack you have 7 different components, which need to be installed.

Service Management APIs

  • Windows Azure Pack Admin API – The Windows Azure Pack Admin API exposes functionality to complete administrative tasks from the management portal for administrators or through the use of Windows PowerShell cmdlets.
  • Windows Azure Pack Tenant API – Windows Azure Pack Tenant API enables users, or tenants, to manage and configure cloud services that are included in the plans that they subscribe to.
  • Windows Azure Pack Tenant Public API – Windows Azure Pack Tenant Public API enables end users to manage and configure cloud services that are included in the plans that they subscribe to. The Tenant Public API is designed to serve all the requirements of end users that subscribe to the various services that a hosting service provider provides.

Authentication sites

  • Admin Authentication Site - This is the authentication site where Administrators authenticate against. By default, Windows Azure Pack uses Windows authentication for the administration portal. You also have the option to use Windows Azure Active Directory Federation Services (AD FS) to authenticate users.
  • Tenant Authentication Site – This is the authentication site where Tenants (Customers) authenticate against. Windows Azure Pack uses an ASP.NET Membership provider to provide authentication for the management portal for tenants.

Service Management portals

  • Management portal for administrators - A portal for administrators to configure and manage resource clouds, user accounts, tenant plans, quotas, and pricing. In this portal, administrators create Web Site clouds, virtual machine private clouds, create plans, and manage user subscriptions.
  • Management portal for tenants - A customizable self-service portal to provision, monitor, and manage services. In this portal, users sign up for services and create services, virtual machines, and databases.

Source: TechNet

In addition to the Windows Azure Pack components you also have the Resource providers such as VM Cloud (IaaS), Websites, SQL and more, which integrate in WAP.

Design

You can install all of the Windows Azure Pack components on different servers and also make them highly available and scalable. First you have to understand that there are multiple types of components, you have the Tenant Portal, Tenant authentication site and the tenant public API which are public and should be accessible for the customers, Tenant API, Admin API, Admin Portal, Admin Authentication site as well as the SQL database behind are so called privileged services which should be protected.

Windows Azure Pack ditributed deployment architecture

 

Microsoft describes several different scenarios which you can mix. The minimal installation shows you two “servers” or tiers, one for the public facing services and one for the privileged services. To make them highly available you would have two servers for each tiers behind a load balancer.

Windows Azure Pack minimal deployment architecture

The make the deployment more scalable you can split up the different components on different tiers.

Windows Azure Pack scaled deployment architecture

Well and Microsoft also offers you an express installation which should only be used for lab or proof of concept installations. This installs all the needed components on to a single server.

Windows Azure Pack Express Deployment

At the end you and the customer have to decide how you deploy your environment based on scale, availability and security. You can get more information about the Windows Azure Pack Architecture on TechNet.



Savision Cloud Advisor VMM Tuning Tips

Cloud Advisor for System Center Virtual Machine Manager

As you may know I do a lot of work around Hyper-V, System Center and Windows Azure Pack. One of the most critical parts of the Microsoft Cloud is System Center Virtual Machine Manager. VMM is the component where mostly everything comes together in some way. From the Fabric resource such as Storage, Compute and Networking up to the Virtual Machines and Services running on top of the Fabric layer. Virtual Machine Manager basically allows you to pool resources and offer them to tenants which can than deploy services and virtual machines to the pools.

This means VMM manages not only your Virtual Machines, Virtual Machine Manager also manages your network environment, your storage and a lot more. So wouldn’t it be great to use the data Virtual Machine Manager collects to review your environment and get some tips you can optimize it? This is exactly what Savision did with their Virtual Machine Manager Add-in called Cloud Advisor which includes tuning and optimization recommendations.

Savision’s Cloud Advisor looks for problems like:

  • “Virtual Machine Appears to be Unused”
  • “Prediction: All Available Memory Will Be Consumed By…”
  • “Virtual Guest Services Are Not Installed”
  • “Starting Memory Is Too High”
  • “Low Disk Space On Cluster Shared Volume”
  • “Dynamic Memory is not enabled”
  • and a lot more…

Most of you will think okay, this sounds great but how much will this thing cost. Well that’s the great part, the Savision Cloud Advisor for System Center Virtual Machine Manager is absolutely free. So there is absolutely no reason why you shouldn’t deploy the Savision Cloud Advisor in your Virtual Machine Manager environment.

Simply go the Savision homepage, download the Cloud Advisor and import it to VMM.

Import Cloud Advisor Addin into VMM

After that you will have to connect to the VMM database and to let the Savision Cloud Advisor his job, showing you tips and recommendations for your environment.

Savision Cloud Advisor VMM Tuning Tips

By the way there are other cool VMM Add-in from Cisco for their UCS Bladecenter and 5Nine for the Virtual Firewall Appliance.



Microsoft Cloud OS

Free Microsoft Cloud OS webinar series in March and April

In March and April I will present together with Microsoft and itnetx in webinars about the Microsoft Cloud OS. The webinars will be free and will cover an overview about the Microsoft Cloud OS. The Microsoft Cloud OS is the story behind the latest releases of Windows Server 2012 R2, Hyper-V System Center, Windows Azure Pack and Windows Azure. The webinar series will be split in three different sessions and will cover how you can plan, build and operate a Microsoft Cloud and how you can bring the Private & Public Cloud together to make use of a Hybrid Cloud model.

Webinar 1 - Microsoft Cloud OS: Overview

10:00
Presenter: Markus Erlacher, Marcel Zehner
ANMELDUNG

Webinar 2 - Microsoft Cloud OS: Planning & Architecture

25.März 2014, 09:00-10:00
Presenter: Thomas Maurer
ANMELDUNG

Webinar 1 - Microsoft Cloud OS: Operation

02.April 2014, 09:00-10:00
Presenter: Thomas Maurer, Philipp Witschi
ANMELDUNG

All three webinars will be free and will held in German.



E2EVC Copenhagen

Speaking at E2EVC 2014 Brussels

 

Some weeks ago my two sessions at the Experts 2 Experts Virtualization Conference (E2EVC) in Brussels this year got approved. After my first E2EVC in Hamburg in 2012 and two other E2E Virtualization Conferences in Copenhagen and Rome last year, I am proud to get another opportunity to present.

E2EVC Virtualization Conference is a non-commercial, virtualization community event. The main goal of the E2EVC is to bring the best virtualization experts together to exchange knowledge and to establish new connections. E2EVC is a weekend crammed with presentations, Master Classes and discussions delivered by both virtualization vendors product teams and independent experts. This is not just a Microsoft only event, this event covers products from all the big vendors in the virtualization area such as Citrix, VMware and Microsoft.

The event will take place from May 30 to June 1, and my session topics are still in development but I am proud to announced that I am presenting again together with Michael Rüefli.



Hyper-V Gernal Access dinied error

Hyper-V over SMB: Set SMB Constrained Delegation via PowerShell

When you are having configured a Hyper-V over SMB configuration, which means the virtual machines are running on Hyper-V host and are stored on a SMB file share, and you try to manage the virtual machine remotely from Hyper-V Manager or Failover Cluster Manager, you will run into access denied errors. The same error can also happen if you try live migrate the virtual machine. This error is caused because you are using the credentials from the machine which Hyper-V or Failover Cluster Manager is running on to access the file share via the Hyper-V host. This “double-hop” scenario is not by default not allowed because of security reasons. You can find more about Kerberos Authentication on TechNet.

To avoid this error you have to configure the SMB Constrained Delegation in Active Directory to allow this scenario for specific “double-hops”. In Windows Server 2012 Microsoft made setting up Kerberos constrained delegation much easier by introducing resource-based Kerberos Constrained Delegation. This it wasn’t that easy to deploy and required some step. In Windows Server 2012 R2 Microsoft introduced new Windows PowerShell cmdlets to configure SMB Constrained Delegation directly from PowerShell. These cmdlets are offered by the Active Directory PowerShell module.

On your management box or where ever you want to configure SMB Constrained Delegation you have to install the Active Directory PowerShell module. (You don’t need the module on the Hyper-V host or SMB file servers)

Now you can use the following cmdlets.

  • Get-SmbDelegation –SmbServer FileServer
  • Enable-SmbDelegation –SmbServer FileServer –SmbClient HyperVHost
  • Disable-SmbDelegation –SmbServer FileServer [–SmbClient HyperVHost] [-Force]

For example if you are running a two node Hyper-V cluster and you use a Scale-Out File Server cluster (SOFS01) as virtual machine storage, the configuration could look like this.

Because these cmdlets only work with the new resource-based delegation, the Active Directory forest must be in “Windows Server 2012” functional level. A functional level of Windows Server 2012 R2 is not required.

And as I mentioned before you can also use System Center Virtual Machine Manager (VMM) to manage your storage, which uses a different approach and does not need the configuration of Kerberos Constrained Delegation.

 



Veeam Webinar

Veeam Hyper-V 2012 R2 Webinar recording available

Yesterday I had the chance to do a webinar on Windows Server 2012 R2 Hyper-V and Veeam Backup & Replication V7 R2 together with Moritz Höfer (System Engineer at Veeam). The webinar is in German and covers some of the new feature ins Hyper-V 2012 R2 and the Veeam Backup & Replication solution for Hyper-V with slides and live demos. You can watch the webinar for free on the Veeam website.

Veeam Webinar Hyper-V 2012 R2