Last updated by at .

  • Hyper-V 2016
    What's new in Hyper-V 2016
  • Microsoft Azure
    Microsoft Azure

Tag: Virtual Machine Manager

5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.

 

 



Webinar PowerShell Scripting and Automation for Hyper-V

Recording: Scripting & Automation in Hyper-V without SCVMM now available

Last week I had the chance to do a Webinar together with Altaro about Scripting & Automation in Hyper-V without SCVMM. Now you can watch the recording from this online webinar.

System Center Virtual Machine Manager (SCVMM) provides some great automation benefits for those organizations that can afford the hefty price tag. However, if SCVMM isn’t a cost effective solution for your business, what are you to do? While VMM certainly makes automation much easier, you can achieve a good level of automation with PowerShell and the applicable PowerShell modules for Hyper-V, clustering, storage, and more.

Are you looking to get grips with automation and scripting?

Join Thomas Maurer, Microsoft Datacenter and Cloud Management MVP, who will use this webinar to show you how to achieve automation in your Hyper-V environments, even if you don’t have SCVMM.

Remember, any task you have to do more than once, should be automated. Bring some sanity to your virtual environment by adding some scripting and automation know-how to your toolbox.

 



Webinar PowerShell Scripting and Automation for Hyper-V

Webinar: Scripting & Automation in Hyper-V without SCVMM

There are some great Webinars coming up and I am proud to speak in one of them with Andrew Syrewicze (Altaro Software and Microsoft MVP) about PowerShell Scripting and Automation in Hyper-V.

System Center Virtual Machine Manager (SCVMM) provides some great automation benefits for those organizations that can afford the hefty price tag. However, if SCVMM isn’t a cost effective solution for your business, what are you to do? While VMM certainly makes automation much easier, you can achieve a good level of automation with PowerShell and the applicable PowerShell modules for Hyper-V, clustering, storage, and more.

Are you looking to get grips with automation and scripting?

Join Thomas Maurer, Microsoft Datacenter and Cloud Management MVP, who will use this webinar to show you how to achieve automation in your Hyper-V environments, even if you don’t have SCVMM.

Remember, any task you have to do more than once, should be automated. Bring some sanity to your virtual environment by adding some scripting and automation know-how to your toolbox.

We’re live on Thursday, 10th December 2015 at 10am EST / 4PM CET (30-45mins + live Q&A!)

Register for the webinar here

Free Webinar about Scripting & Automation in Hyper-V without SCVMM

 



System Center Logo

Summary: Update Rollup 7 for System Center 2012 R2 and Azure Pack now available

Last week Microsoft released Update Rollup 7 (UR7) for System Center 2012 R2 and Windows Azure Pack. And as always, Update Rollup 7 does not only include a bunch of fixes, it also includes some new features. This time especially Windows Azure Pack and System Center Virtual Machine Manager got some nice updates. Components that are fixed and updated in this update rollup

  • Data Protection Manager (3065246)
    • Support for Windows 10 Client operating system
    • Ability to use an alternative DPM server to recover from Azure Backup Vault
    • Improvements for backup on Hyper-V Replica VMs
    • Other improvements and fixes…
  • Orchestrator & SMA (3069115)
    • Orchestrator: some small fixes
    • SMA
      • SMA runbook execution fails if a PowerShell execution policy is set to Unrestricted through a Group Policy Object.
      • Fixed an error when you try to save or import a runbook in SMA
  • Operations Manager (will be released later)
    • The rollup is delayed by few weeks, as engineering team is working on recently reported issues.
  • Service Manager (3063263)
  • Service Provider Foundation (3069355)
    • This update includes general API changes to improve product quality.
  • Virtual Machine Manager (3066340)
    • Support for Windows 10 Client Operating System
    • Support for new Linux Operating Systems (Debian 8)
    • Support for VMWare vCenter 5.5 management scenarios (more infos VMWare vCenter 5.5 management scenarios)
    • Support for Multiple External IP Addresses per Virtual Network
    • Option to Reassociate Orphaned virtual machines to their Service or VM role
    • Support for VMM DHCP Extension PXE/TFP Forwarding
    • Some scale improvements if you have more than 50 Hyper-V Hosts
    • Some Hyper-V Network Virtualization (HNV) fixes and improvements
    • Other fixes…
  • Windows Azure Pack (3069121)
    • Tenants cannot delete the checkpoints of their virtual machines
    • Support for VM names of up to 15 characters
    • Displaying VHD items during virtual machine creation when there are no hardware profiles in the plan
    • Incompatible VHDs are offered to the tenant when attaching a VHD to a virtual machine
    • Support for tenant plan viewing and self-subscription permission based on security groups
    • Support for Shielded Virtual Machine Management when it’s run on Windows Server 2016 Preview
    • Virtual Machine performance data displayed in the tenant portal
    • Other fixes and improvements…
  • Windows Azure Pack Web Sites (3069358)
    • Adds support for IPv6 to IP SSL functionality
    • Changes Web Deploy publishing from publish.domain.com to site.scm.domain.com.
    • Other fixes and improvements…

One of the new features I want to highlight is the possibility to add multiple public (external) IP addresses to  Virtual Network (Using Hyper-V Network Virtualization HVN). This means a tenant can assign multiple public IP addresses on his NAT gateway and do port forwarding, for example if he runs multiple webservers in that VM Network. This is a feature a lot of customers especially service provider have missed for a long time.

Another improvement we can see is the support for the next release of Windows Server and also support for Windows 10.

 



Scale Windows Server Storage Spaces

System Center Operations Manager Management Pack for Windows Server Storage Spaces

Microsoft just released the System Center Operations Manager Management Pack for Windows Server Storage Spaces 2012 R2 to the public. This allows you to monitor your Storage Spaces deployments with Operations Manager.

You can download the Management Pack for Storage Spaces from the Microsoft Download Site.

Monitoring Scenarios

This Management Pack contains rules to monitor physical disk and enclosure state in storage spaces.
Health is calculated by the storage service and is passed to Virtual Machine Manager (VMM) using the Storage Management API (SM-API), and is in turn passed to Operations Manager (OM) through the OM connector for VMM.

Supported Configurations

This management pack requires System Center Operations Manager 2012 SP1 or later. A dedicated Operations Manager management group is not required.

The following table details the supported configurations for the Management Pack for Storage Spaces:

Configuration Support
Virtual Machine Manager 2012 R2 with Update Rollup 4 or later installed
Windows Server File Servers 2012 R2 with KB 3000850 (November 2014 update rollup) or later
Clustered servers Yes

Management Pack Scope

This management pack supports up to:

  • 16 Storage Nodes
  • 12 Storage Pools
  • 120 File Shares

Prerequisites

The following requirements must be met to run this management pack:

  • Operations Manager Connector for Virtual Machine Manager installed and configured.
    https://technet.microsoft.com/en-us/library/hh427287.aspx
  • Configuring this connection will install the required VMM Management Packs.
  • Storage Spaces managed by Virtual Machine Manager
  • KB2913766 “Hotfix improves storage enclosure management for Storage Spaces” must be installed on the VMM server and file server nodes


NIC Teaming

Overview on Windows Server and Hyper-V 2012 R2 NIC Teaming and SMB Multichannel

I know this is nothing new but since I had to mention the Whitepaper on NIC Teaming and the use of SMB Multichannel as well as the configuration with System Center Virtual Machine Manager in a couple of meetings I want to make sure you have an overview on my blog.

NIC Teaming

Windows Server NIC Teaming was introduced in Windows Server 2012 (Codename Windows Server 8). NIC teaming, also known as Load Balancing/Failover (LBFO), allows multiple network adapters to be placed into a team for the purposes of bandwidth aggregation, and/or traffic failover to maintain connectivity in the event of a network component failure.

NIC Teaming Recommendation

For design the default and recommended configuration is using NIC Teaming with Switch Independent and Dynamic and in some scenarios where you have the write switches you can use LACP and Dynamic.

Download Windows Server 2012 R2 NIC Teaming (LBFO) Deployment and Management Whitepaper

This guide describes how to deploy and manage NIC Teaming with Windows Server 2012 R2.

You can find the Whitepaper on Windows Server 2012 R2 NIC Teaming (LBFO) Deployment and Management in the Microsoft Download Center.

SMB Multichannel

Hyper-V over SMB Multichannel

If you use Hyper-V over SMB you can use SMB Multichannel as a even better mode to distribute SMB 3.0 traffic across different network adapters or you could use a mix of both, NIC Teaming and SMB Multichannel. Check out my blog post about Hyper-V over SMB: SMB Multichannel, SMB Direct (RDMA) and Scale-Out File Server and Storage Spaces.

Configuration with System Center Virtual Machine Manager

Logical Switch

Some months back I also wrote some blog post about configuration of Hyper-V Converged Networking and System Center Virtual Machine Manager. This guide will help you to understand how you deploy NIC Teaming with System Center Virtual Machine Manager using the Logical Switch on Hyper-V hosts.



System Center Logo

System Center 2012 R2 and Azure Pack get supports for SQL Server 2014 in Update Rollup 5

Microsoft just released System Center 2012 R2 Update Rollup 5, which includes a lot of new features and fixes. The update also brings support for SQL Server 2014 as a database server for most of the System Center 2012 R2 components. There will be support for the rest of the System Center components in the Update Rollup 6.

Supports SQL 2014 now:

Operations Manager
System Center Orchestrator
Service Management Automation
Service Provider Foundation
Virtual Machine Manager
Windows Azure Pack

Will support SQL 2014 in UR6:

Service Reporting
Service Manager
Data Protection Manager

For information check out the Microsoft System Center Team Blog.