Tag: Windows Server 2012

Last updated by at .

centos hyper-v

Best Practices for running Linux on Hyper-V

Sometimes I just need my blog as a reminder or a database to find something in a few months so this is exactly one of this blog posts. Microsoft has a TechNet article where they describe the best practices for Linux VMs running on Hyper-V 2012 or Hyper-V 2012 R2. The article is a list of recommendations for running Linux virtual machine on Hyper-V.

Right now they have 4 recommendations on the list (Source Microsoft TechNet):

  • Use static MAC addresses with failover clustering.
  • Use Hyper-V-specific network adapters, not the legacy network adapter.
  • Use I/O scheduler NOOP for better disk I/O performance.
  • Add “numa=off” if the Linux virtual machine has more than 7 virtual processors or more than 30 GB RAM.

 



SCVMM Bare-Metal Fails

Add drivers to SCVMM Bare-Metal WinPE Image

A long time ago I wrote a blog post on how you can use System Center Virtual Machine Manager Bare-Metal Deployment to deploy new Hyper-V hosts. Normally this works fine but if you have newer hardware, your Windows Server Image does may not include the network adapter drivers. Now this isn’t a huge problem since you can mount and insert the drivers in the VHD or VHDX file for the Windows Server Hyper-V image. But if you forget to update the WinPE file from Virtual Machine Manager your deployment will fails, since the WinPE image has not network drivers included it won’t able to connect to the VMM Library or any other server.

You will end up in the following error and your deployment will timeout on the following screen:

“Synchronizing Time with Server”

SCVMM Bare-Metal Fails

If you check the IP configuration with ipconfig you will see that there are no network adapters available. This means you have to update your SCVMM WinPE image.

First of all you have to copy the SCVMM WinPE image. You can find this wim file on your WDS (Windows Deployment) PXE Server in the following location E:\RemoteInstall\DCMgr\Boot\WIndows\Images (Probably your setup has another drive letter.

WDS SCVMM Boot WIM

I copied this file to the C:\temp folder on my System Center Virtual Machine Manager server. I also copied the extracted drivers to the C:\Drivers folder.

After you have done this, you can use Greg Casanza’s (Microsoft) SCVMM Windows PE driver injection script, which will add the drivers to the WinPE Image (Boot.wim) and will publish this new boot.wim to all your WDS servers. I also rewrote the script I got from using drivers in the VMM Library to use drivers from a folder.

Update SCVMM WinPE

This will add the drivers to the Boot.wim file and publish it to the WDS servers.

Update WDS Server

After this is done the Boot.wim will work with your new drivers.

 

 

 

 

 



CLIXML Export Import

Save PowerShell Object to file for Remote Troubleshooting

This is not something new to the most of you PowerShell guys out there, but still there are a lot of IT Pros which do not know about this. Sometimes we have to do some remote troubleshooting without having access to the system itself. The thing you can do is to let the customer send you some screenshots but that doesn’t really show everything and maybe you have to contact the customer like 100 times to get the right information. A better solution is to let the customer to run a PowerShell command or script and send you the output. But even a text file or screenshot of the PowerShell output is not the best solution. If you get a lot of text in a TXT file it is hard to sort it and maybe there are some information missing because the txt output does not include all information of the PowerShell object.

I have started to use a simple method to export PowerShell objects to a XML file and import the object on another system. This can be done by the PowerShell cmdlets Export-Clixml and Import-Clixml.

What I do is, I tell the customer to run the following command to generate a XML with the PowerShell objects about his disks for example.

After I got this XML file, I can import it here on my local system and can work with it as I would be in front of the customer system.

CLIXML Export Import

As I said, this is nothing new but this can save you and your customer some time. Of course this works with other objects not just disks ;-) For example you can get Cluster Configurations, Hyper-V Virtual Switch Configurations and much more.

 

 



Windows Server 2012 Logo

Configure CSV Cache in Windows Server 2012 R2

In Windows Server 2012 Microsoft introduced CSV Cache for Windows Server 2012 Hyper-V and Scale-Out File Server Clusters. The CSV Block Cache is basically a RAM cache which allows you to cache read IOPS in the Memory of the Hyper-V or the Scale-Out File Server Cluster nodes. In Windows Server 2012 you had to set the CSV Block Cache and enable it on every CSV volume. In Windows Server 2012 R2 CSV Block cache is by default enabled for every CSV volume but the size of the CSV Cache is set to zero, which means the only thing you have to do is to set the size of the cache.

Microsoft recommends using 512MB as cache on a Hyper-V host. On a Scale-Out File Server node, things are a little bit different. In Windows Server 2012 Microsoft allowed you to use a cache size up to 20% of the server, in Windows Server 2012 R2 Microsoft changed this, so you can now finally use up to 80% of the RAM of a Scale-Out File Server Node.

Back in the days of Windows Server 2012 I made a little benchmark of CSV Cache on my Hyper-V hosts.



Sort Network Adapter via PowerShell

Sort Windows Network Adapter by PCI Slot via PowerShell

If you work with Windows, Windows Server or Hyper-V you know that before Windows Server 2012 Windows named the network adapters randomly. This was a huge deal if you were trying to automate deployment of servers with multiple network adapters. And of course Hyper-V Servers normally have multiple network adapters. In Windows Server 2012 Microsoft had some different ways how this was fixed. First there is CDN (Consistent Device Naming) which allows hardware vendors to integrate the names so the OS can pick them up and the second one being the possibility of Hyper-V Converged Fabric which is basically making our lives easier by having less network adapters.

Well a lot of vendors have not integrated CDN or you have some old servers without CDN support. Back in May 2012 before the release of Windows Server 2012 I wrote a little Windows PowerShell script to sort network adapters in Windows Server 2008 R2 and Hyper-V Server 2008 R2 by using WMI (Configure Hyper-V Host Network Adapters Like A Boss). Now for a Cisco UCS project I rewrote some parts of the script to use Windows PowerShell in for Windows Server 2012, Windows Server 2012 R2 and Hyper-V.

First lets have a look how you can get the PCI slot information for network adapters, luckily there is now a PowerShell cmdlet for this.

Now lets see how you can sort network adapters via Windows PowerShell.

This will get you a output like this:

Sort Network Adapter via PowerShell

Lets do a little loop to automatically name them:

So this names all the network adapters to NIC1, NIC2, NIC3,…

So lets do a PowerShell function for this:

Now you can run this by using Sort-NetworkAdapter for exmaple:

or

You can also get this script from the Microsoft Technet Gallery or Script Center.



Capacity Planner for Hyper-V Replica

Capacity Planner for Hyper-V Replica updated

Back in 2013 Microsoft released a tool called Capacity Planner for Hyper-V Replica. Hyper-V Replica Capacity Planner allowed IT Administrators to measure and plan their Replica integration based on the workload, storage, network, and server characteristics. Today Aashish Ramdas announced on the TechNet Virtualization blog that Microsoft has updated the Hyper-V Replica Capacity Planner. The new version now support Windows Server 2012 R2 Hyper-V, Windows Azure Hyper-V Recovery Manager and some other cool stuff based on the feedback of customers.

  • Support for Windows Server 2012 and Windows Server 2012 R2 in a single tool
  • Support for Extended Replication
  • Support for virtual disks placed on NTFS, CSVFS, and SMB shares
  • Monitoring of multiple standalone hosts simultaneously
  • Improved performance and scale – up to 100 VMs in parallel
  • Replica site input is optional – for those still in the planning stage of a DR strategy
  • Report improvements – e.g.: reporting the peak utilization of resources also
  • Improved guidance in documentation
  • Improved workflow and user experience

It’s great to see Microsoft improving free tools which help implement their solutions.



5Nine Hyper-V Security Console

5nine Cloud Security for Hyper-V 4.0

Security is a critical part in your datacenter and with a high virtualization rate it gets even more critical and complex to manage. Gartner estimates that in 2014 roughly 75% of all servers will be virtual with the number continuing to rise, year after year. If you are working in a highly virtualized environment you know how difficult it can be to protect your virtual machines and networks. It is even harder if you are a cloud service provider and you want to protect your customer, sometimes you don’t even have access into the virtual machines and you cannot really make sure the customer does everything right.

For some customers I was looking for a solution with centralized management and a solution which has no impact on the performance of the virtual machines. Through some contacts I had the chance to talk with 5Nine Software which offer some great solutions for Hyper-V management and Hyper-V Security. And in December 5Nine Software released its latest beta version of Cloud Security for Microsoft’s Virtualization solutions called 5Nine Cloud Security for Hyper-V. The new version includes some new features like real-time active anti-virus protection, VM Security groups, a new LWF R2 VM Switch extension, role based access and most importantly support for NVGRE or in otherswords Hyper-V Network Virtualization support which will make especially service providers very happy.

5Nine Hyper-V Security Agentless

Some key details about the 5nine Cloud Security for Hyper-V:

  • Multi-tenant security
  • Agentless, host-based solution for AV scans
  • Supporting Windows Server 2012 R2 Hyper-V
  • Granular control over each virtual machine using Hyper-V Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
      • MAC Address filtering
      • ARP Rules
      • SPI (stateful packet inspection)
      • Network traffic anomaly analysis
      • Inbound and outbound per VM bandwidth throttling
      • MAC broadcast filtering
      • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Detect and block malicious attacks
  • Supports any guest OS supported by Windows Hyper-V including Linux

Architecture

In my lab I had the chance to have a look at the latest beta and wow I was pretty impressed. Well the installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it.

Let’s see first about the architecture of the environment which is pretty easy. Basically you have 3 components:

  • The Management Service – This would be your 5Nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.

Some impressions

If we have a look at one of my Hyper-V Hosts after the installation you can see some new things on the server. Basically 5Nine Cloud Security adds some services to the Hyper-V hosts (not to the virtual machines) for management and malware protection.

5Nine Hyper-V Security Services

And if we have a look at the Hyper-V Virtual Switch, we can see a new extension added to it.

5Nine Hyper-V Virtual Switch Extension

 

The management console is where the magic happens and you configure your environment. the console in my opinion is pretty simple and you can easy find all the options you need.

5Nine Hyper-V Security Console

Besides the Virtual Firewall you can also configure Antivirus Protection, Firewall logging and a lot more.

5Nine Hyper-V Security Antivirus Settings

But wouldn’t it be great to just manage this from your favorite Datacenter Management tool, called System Center Virtual Machine Manager? Well in version 3 5Nine had created a plugin for Virtual Machine Manager which allows you so set all the settings directly from the VMM console.

5Nine Hyper-V Security System Center VMM Plugin

As I already mentioned I am pretty impressed and I think this is exactly what a lot of customers and service providers are looking for. It provides a simple, centralized and easy to manage Hyper-V Security solution and integrates perfectly in your datacenter.