Last updated by at .

  • Microsoft Azure
  • Virtual Machine Manager

Tag: Windows Server 2012

CLIXML Export Import

Save PowerShell Object to file for Remote Troubleshooting

This is not something new to the most of you PowerShell guys out there, but still there are a lot of IT Pros which do not know about this. Sometimes we have to do some remote troubleshooting without having access to the system itself. The thing you can do is to let the customer send you some screenshots but that doesn’t really show everything and maybe you have to contact the customer like 100 times to get the right information. A better solution is to let the customer to run a PowerShell command or script and send you the output. But even a text file or screenshot of the PowerShell output is not the best solution. If you get a lot of text in a TXT file it is hard to sort it and maybe there are some information missing because the txt output does not include all information of the PowerShell object.

I have started to use a simple method to export PowerShell objects to a XML file and import the object on another system. This can be done by the PowerShell cmdlets Export-Clixml and Import-Clixml.

What I do is, I tell the customer to run the following command to generate a XML with the PowerShell objects about his disks for example.

After I got this XML file, I can import it here on my local system and can work with it as I would be in front of the customer system.

CLIXML Export Import

As I said, this is nothing new but this can save you and your customer some time. Of course this works with other objects not just disks ;-) For example you can get Cluster Configurations, Hyper-V Virtual Switch Configurations and much more.

 

 



Windows Server 2012 Logo

Configure CSV Cache in Windows Server 2012 R2

In Windows Server 2012 Microsoft introduced CSV Cache for Windows Server 2012 Hyper-V and Scale-Out File Server Clusters. The CSV Block Cache is basically a RAM cache which allows you to cache read IOPS in the Memory of the Hyper-V or the Scale-Out File Server Cluster nodes. In Windows Server 2012 you had to set the CSV Block Cache and enable it on every CSV volume. In Windows Server 2012 R2 CSV Block cache is by default enabled for every CSV volume but the size of the CSV Cache is set to zero, which means the only thing you have to do is to set the size of the cache.

Microsoft recommends using 512MB as cache on a Hyper-V host. On a Scale-Out File Server node, things are a little bit different. In Windows Server 2012 Microsoft allowed you to use a cache size up to 20% of the server, in Windows Server 2012 R2 Microsoft changed this, so you can now finally use up to 80% of the RAM of a Scale-Out File Server Node.

Back in the days of Windows Server 2012 I made a little benchmark of CSV Cache on my Hyper-V hosts.



Sort Network Adapter via PowerShell

Sort Windows Network Adapter by PCI Slot via PowerShell

If you work with Windows, Windows Server or Hyper-V you know that before Windows Server 2012 Windows named the network adapters randomly. This was a huge deal if you were trying to automate deployment of servers with multiple network adapters. And of course Hyper-V Servers normally have multiple network adapters. In Windows Server 2012 Microsoft had some different ways how this was fixed. First there is CDN (Consistent Device Naming) which allows hardware vendors to integrate the names so the OS can pick them up and the second one being the possibility of Hyper-V Converged Fabric which is basically making our lives easier by having less network adapters.

Well a lot of vendors have not integrated CDN or you have some old servers without CDN support. Back in May 2012 before the release of Windows Server 2012 I wrote a little Windows PowerShell script to sort network adapters in Windows Server 2008 R2 and Hyper-V Server 2008 R2 by using WMI (Configure Hyper-V Host Network Adapters Like A Boss). Now for a Cisco UCS project I rewrote some parts of the script to use Windows PowerShell in for Windows Server 2012, Windows Server 2012 R2 and Hyper-V.

First lets have a look how you can get the PCI slot information for network adapters, luckily there is now a PowerShell cmdlet for this.

Now lets see how you can sort network adapters via Windows PowerShell.

This will get you a output like this:

Sort Network Adapter via PowerShell

Lets do a little loop to automatically name them:

So this names all the network adapters to NIC1, NIC2, NIC3,…

So lets do a PowerShell function for this:

Now you can run this by using Sort-NetworkAdapter for exmaple:

or

You can also get this script from the Microsoft Technet Gallery or Script Center.



Capacity Planner for Hyper-V Replica

Capacity Planner for Hyper-V Replica updated

Back in 2013 Microsoft released a tool called Capacity Planner for Hyper-V Replica. Hyper-V Replica Capacity Planner allowed IT Administrators to measure and plan their Replica integration based on the workload, storage, network, and server characteristics. Today Aashish Ramdas announced on the TechNet Virtualization blog that Microsoft has updated the Hyper-V Replica Capacity Planner. The new version now support Windows Server 2012 R2 Hyper-V, Windows Azure Hyper-V Recovery Manager and some other cool stuff based on the feedback of customers.

  • Support for Windows Server 2012 and Windows Server 2012 R2 in a single tool
  • Support for Extended Replication
  • Support for virtual disks placed on NTFS, CSVFS, and SMB shares
  • Monitoring of multiple standalone hosts simultaneously
  • Improved performance and scale – up to 100 VMs in parallel
  • Replica site input is optional – for those still in the planning stage of a DR strategy
  • Report improvements – e.g.: reporting the peak utilization of resources also
  • Improved guidance in documentation
  • Improved workflow and user experience

It’s great to see Microsoft improving free tools which help implement their solutions.



5Nine Hyper-V Security Console

5nine Cloud Security for Hyper-V 4.0

Security is a critical part in your datacenter and with a high virtualization rate it gets even more critical and complex to manage. Gartner estimates that in 2014 roughly 75% of all servers will be virtual with the number continuing to rise, year after year. If you are working in a highly virtualized environment you know how difficult it can be to protect your virtual machines and networks. It is even harder if you are a cloud service provider and you want to protect your customer, sometimes you don’t even have access into the virtual machines and you cannot really make sure the customer does everything right.

For some customers I was looking for a solution with centralized management and a solution which has no impact on the performance of the virtual machines. Through some contacts I had the chance to talk with 5Nine Software which offer some great solutions for Hyper-V management and Hyper-V Security. And in December 5Nine Software released its latest beta version of Cloud Security for Microsoft’s Virtualization solutions called 5Nine Cloud Security for Hyper-V. The new version includes some new features like real-time active anti-virus protection, VM Security groups, a new LWF R2 VM Switch extension, role based access and most importantly support for NVGRE or in otherswords Hyper-V Network Virtualization support which will make especially service providers very happy.

5Nine Hyper-V Security Agentless

Some key details about the 5nine Cloud Security for Hyper-V:

  • Multi-tenant security
  • Agentless, host-based solution for AV scans
  • Supporting Windows Server 2012 R2 Hyper-V
  • Granular control over each virtual machine using Hyper-V Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
      • MAC Address filtering
      • ARP Rules
      • SPI (stateful packet inspection)
      • Network traffic anomaly analysis
      • Inbound and outbound per VM bandwidth throttling
      • MAC broadcast filtering
      • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Detect and block malicious attacks
  • Supports any guest OS supported by Windows Hyper-V including Linux

Architecture

In my lab I had the chance to have a look at the latest beta and wow I was pretty impressed. Well the installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it.

Let’s see first about the architecture of the environment which is pretty easy. Basically you have 3 components:

  • The Management Service – This would be your 5Nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.

Some impressions

If we have a look at one of my Hyper-V Hosts after the installation you can see some new things on the server. Basically 5Nine Cloud Security adds some services to the Hyper-V hosts (not to the virtual machines) for management and malware protection.

5Nine Hyper-V Security Services

And if we have a look at the Hyper-V Virtual Switch, we can see a new extension added to it.

5Nine Hyper-V Virtual Switch Extension

 

The management console is where the magic happens and you configure your environment. the console in my opinion is pretty simple and you can easy find all the options you need.

5Nine Hyper-V Security Console

Besides the Virtual Firewall you can also configure Antivirus Protection, Firewall logging and a lot more.

5Nine Hyper-V Security Antivirus Settings

But wouldn’t it be great to just manage this from your favorite Datacenter Management tool, called System Center Virtual Machine Manager? Well in version 3 5Nine had created a plugin for Virtual Machine Manager which allows you so set all the settings directly from the VMM console.

5Nine Hyper-V Security System Center VMM Plugin

As I already mentioned I am pretty impressed and I think this is exactly what a lot of customers and service providers are looking for. It provides a simple, centralized and easy to manage Hyper-V Security solution and integrates perfectly in your datacenter.

 

 



Windows Azure Hyper-V Recovery Manager (HRM) Overview

Hyper-V Recovery Manager (HRM) FAQ

With the evolution of cloud computing, datacenter are getting more important, and having multiple datacenter for a site failover is more and more a must have solution. With Windows Server 2012 Hyper-V Microsoft introduced a new feature called Hyper-V Replica, which allows you to do an asynchronous replication on a virtual machine level. If you are working in a lager environment you may not want to failover single machines with the Hyper-V Manager, you need a tool which orchestrates the Failover from one site to another site. There are several different options you could do this, like a PowerShell script, System Center Orchestrator or the new automation engine called Service Management Automation (SMA). All of these solutions can work with Hyper-V Replica but they all have some up and downsides.

Windows Azure Hyper-V Recovery Manager (HRM) Overview

Microsoft developed a solution for this problem called Hyper-V Recover Manager which is basically a hosted orchestration engine in Windows Azure. You can simply connected your System Center Virtual Machine Manager servers to this service by installing an agent on the VMM servers. After that you can login to the Windows Azure Portal and configure the orchestration and recovery plans for your VMM Clouds. An important thing here, Windows Azure is only the orchestration engine, no data or VMs are replicated to Windows Azure. VMs will be replicated just between your sites.

Windows Azure Portal Hyper-V Recovery Manager

Still here are some things unclear about Hyper-V Recovery Manager, so here is a little FAQ, which should answer some of the questions:

Q: Can I fully automate my datacenter failover?
A: Yes, you can Failover your Virtual Machines extend the solution with Scripts.

Q: Can I Failover my Domain Controllers and SQL Servers first before failing over my application servers.
A: Yes, you can create your own order in which the failover should happen, by creating recovery plans.

Q: My secondary site has not the same network or subnet available, can I still use it?
A: Yes, Hyper-V Replica and Hyper-V Recovery Manager can change IP addresses of VMs during a failover. In a HRM scenario VMM IP Pools are used to automatically change IP addresses.

Q: Can I test my Recovery Plan?
A: Yes, as in Hyper-V Replica, you can also do a Test Failover.

Q: I have different Storage vendors, can I still use Hyper-V Recovery Manager
A: Yes, there is no dependency to the Storage

Q: I am using Storage Spaces and a Scale-Out Fileserver, does this work with HRM?
A: Yes, you can configure SMB shares for VM locations.

Q: Can’t have my Application data go to cloud
A: Application data never goes to Azure – it transmits encrypted over your own network link between two DCs.

Q: Both of my sites are managed with the same Virtual Machine Manager, does it still work?
A: Yes, it works with both single VMM and HA VMM environments.

Q: My Hosts and Applications don’t have internet connectivity
A: No, Windows Azure connectivity needed by Hyper-V Hosts and Applications. Only connectivity is from VMM Server to Azure Service which can be done by a proxy server.

Q: Do I need to install another agent on every Hyper-V host or Guest VM?
A: No, Disaster Recovery Provider is only needed on VMM Machine.

Q: My N Tier App is using SQL AlwaysON can I get single click App failover?
A: Yes, Hyper-V Recovery Manager failover plans can be customized with scripts, so you can also Failover SQL or other applications using PowerShell.

Q: In addition to Primary DC my ISP is also impacted, can I still failover?
A: Yes, During failover no dependency on Primary Site or Connectivity to Primary Site is needed.

Q: Service Providers want to use HRM but see Azure as competition with their own offering.
A: There is no need to share customer information with Windows Azure, Hoster’s customers never go to HRM Portal.

Q: Does Hyper-V Recovery Manager offer System Center Operations Manager (SCOM) integration?
A: Yes, ongoing replication health monitoring in SCOM

Q: I already have done some System Center Orchestrator Runbooks for failing over Applications, can I still use them?
A: Yes, You can trigger Orchestrator RunBooks from Hyper-V Recovery Manager via scripts.

Q: Does System Center Virtual Machine Manager have Hyper-V Replica support.
A: Yes, Hyper-V Replica has a rich integration with VMM which lights up when you register to Hyper-V Recovery Manager service. Following are key Hyper-V replica integration points with VMM

  • Ability to enable protection during Create VM Wizard
  • Ability to setup default protection for VMs through integration with VM Template
  • Ability to enable protection for already created VMs
  • VM Placement algorithm takes protection information (Cloud, Network) to select appropriate cloud and Host
  • Ability to view replication health from VMM console
  • Specific Icon and actions for Replica VMs
  • Connecting replica VMs to networks and assign IP addresses at scale using VMM networking (VM Networks)

Thanks to Vishal Mehrotra (Microsoft Principal Group Program Manager WSSC)

Feel free to add additional questions to the comment section.



Windows Server 2012 Logo

Recommend Hotfixes and Updates for Hyper-V and Failover Clusters

I the last couple of releases I always posted the pages where you could get the list of Recommended Hotfixes and Updates for Windows Server 2012 Failover Clusters and List of Hyper-V and Failover Cluster Hotfixes for Windows Server 2012. I want to upgrade the post with the links for Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2. So you can find all updates from a single site.

Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2

Feel free to share this page and I always recommend to get the latest hotfixes when you are deploying a new Hyper-V or Scale-Out File Server environment. And definitely check also Aidan Finns blog from time to time where he does some deeper look at the Knowledge Base articles for Hyper-V.