Monthly archives: January, 2014

System Center Logo

Update Rollup 1 for System Center 2012 R2 available

Microsoft released Update Rollup 1 for System Center 2012 R2 with updates and fixes for Virtual Machine Manager, Data Protection Manager and Operations Manager.

Components that are fixed in this update rollup

  • Data Protection Manager (KB 2904687)
  • Operations Manager (KB 2904678)
  • Virtual Machine Manager (KB 2904712)

In Virtual Machine Manager Microsoft lists the following fixes:

System Center 2012 R2 Virtual Machine Manager cannot deploy a new or imported VMWare template.

  • A virtual machine with that uses VHDX cannot be refreshed correctly in System Center 2012 R2 Virtual Machine Manager, and you receive the following error message:
    Refresh job failed with error 2912: The requested operation cannot be performed on the virtual disk as it is currently used in shared mode (0xC05CFF0A)
  • Database operations sometimes fail with “FailedToAcquireLockException.”
  • A new virtual machine template from a template that specifies an operating system profile doesn’t use credentials from the operating system profile.
  • Virtual machines in VMWare that connect by the using Cisco N1000V dvSwitch are unavailable for management from Virtual Machine Manager.
  • System Center Virtual Machine Manager service crashes if you disable one of the teamed network adapters.
  • The Get-Scstoragearray -host command should return storage arrays that are visible to a host that is using zoning.
  • During the discovery of a network-attached storage (NAS) provider, the credentials that are used do not include a domain name.
  • Some localized strings are not displayed correctly in the UI.
  • A query to find the certificate should match both the subject name and the friendly name because FindBySubjectName is a wildcard search.
  • Template deployment fails, and you receive the following error message:
    Error (2904) VMM could not find the specified path on the <Server name> server. The system cannot find the path specified (0x80070003)
  • Virtual Hard Disk (VHD) cannot be mounted on a host because VHD conflicts with other disks because of a stale entry that was left in the dictionary of Virtual Machine Manager memory.
  • Differencing disk based deployment may fail because the parent disk is being refreshed as noncached.

 

Checkout the Blog from MVP Daniel Neumann for a German version.

 

 



Building Clouds

Windows Azure for your Datacenter

Some years back, when Microsoft launched Windows Azure and I was working for a Hosting company, I remember that we were thinking and talking about this and were hoping that Microsoft would make Windows Azure available for hosters. At the beginning of last year Microsoft made this step by releasing Windows Azure Services for Windows Server and together with Windows Server, Hyper-V and System Center you could build your own Windows Azure. With the R2 wave of System Center and Windows Server, Microsoft also renamed Windows Azure Services for Windows Server to Windows Azure Pack (wow what a great idea ;-)) and added some great new functionality to the product it self.

Windows Azure Pack Archtiecture Overview

Windows Azure Pack is a collection of Windows Azure technologies, available to Microsoft customers at no additional cost for installation into your data center. It runs on top of Windows Server 2012 R2 and System Center 2012 R2 and, through the use of the Windows Azure technologies, enables you to offer a rich, self-service, multi-tenant cloud, consistent with the public Windows Azure experience.

The Windows Azure Pack is basically a framework which offers you to build several offerings for customers.

  • VM Cloud – This is an infrastructure-as-a-service (IaaS) offering which allows customer to deploy and manage Windows and Linux Virtual Machines including VM Template, scaling and Virtual Networking options.
  • Web Sites – a service that helps provide a high-density, scalable shared web hosting platform for ASP.NET, PHP, and Node.js web applications. The Web Sites service includes a customizable web application gallery of open source web applications and integration with source control systems for custom-developed web sites and applications.
  • Service Bus – a service that provides reliable messaging services between distributed applications. The Service Bus service includes queued and topic-based publish/subscribe capabilities.
  • SQL and MySQL – services that provide database instances. These databases can be used in conjunction with the Web Sites service.
  • Automation and Extensibility – the capability to automate and integrate additional custom services into the services framework, including a runbook editor and execution environment.

Source: TechNet

On top of this Windows Azure Pack offers two management portals, one for tenants and one for administrators which are build on top of the Service Management API. The Service Management API is a RESTful API which allows you build some custom scenarios such as custom portals or billing integrations on top of the Azure Pack framework.

Windows Azure Pack IaaS

In the last months I had time to work within several different project with the integration of Windows Azure Pack, mainly with the VM Cloud and automation integration and also some work with the Service Management API and some customization together with Stefan Johner and Fulvio Ferrarini from itnetx. I will write some blog post about Windows Azure Pack, the stuff we have done and we are doing right now.

If you are looking for some good blogs around Windows Azure Pack you should definitely checkout the blogs from Marc van Eijk, Hans Vredevoort and Kristian Nese or the Windows Azure Pack Wiki on TechNet. And btw. Windows Azure Pack is not just made for hoster and service providers, it is also a great solution for enterprises, check out why by reading Michael Rueeflis blog.

 



Windows Server 2012 R2 Private CLoud Storage and Virtualization

Windows Server 2012 R2 Private Cloud Virtualization and Storage Poster and Mini-Posters

Yesterday Microsoft released the Windows Server 2012 R2 Private Cloud Virtualization and Storage Poster and Mini-Posters. This includes overviews over Hyper-V, Failover Clustering, Scale-Out File Server, Storage Spaces and much more. These posters provide a visual reference for understanding key private cloud storage and virtualization technologies in Windows Server 2012 R2. They focus on understanding storage architecture, virtual hard disks, cluster shared volumes, scale-out file servers, storage spaces, data deduplication, Hyper-V, Failover Clustering, and virtual hard disk sharing.

Bedsides the overview poster, Microsoft Includes the following Mini-Posters:

  • Virtual Hard Disk and Cluster Shared Volumes Mini Poster
  • Virtual Hard Disk Sharing Mini Poster
  • Understanding Storage Architecture Mini Poster
  • Storage Spaces and Deduplication Mini Poster
  • Scale-Out and SMB Mini Poster
  • Hyper-V and Failover Clustering Mini Poster

You can get the posters from the Microsoft download page.



vmem-page-banner-memory-platform

Violin Memory Scale-out Memory Platform with SMB 3.0 Integration

If you are looking at Storage vendors for Hyper-V you really need to have a look at a storage solutions with SMB 3.0 integration. Because the Hyper-V over SMB scenario will be the future. So until some weeks ago you had 3 options, you could choose EMC VNX, NetApp or a Windows Server Scale-Out File server with or without storage spaces. I haven’t had the chance to test the EMC solution but on paper it looks nice, NetApp solutions lacks a lot of integration such as active-active configurations as well as lacking support for SMB Multichannel or SMB Direct (RDMA). A lot of customers also are looking at the Storage Spaces solutions with Scale-Out file Server which basically supports all the features you need but not offers the benefits an appliance solution brings with support.

Some weeks ago Violin Memory announced a solutions called the Scale-out Memory Platform which is built on their 6000-series. Until today Violin Memory Flash Memory Arrays provide power for performance, high availability, and scalability in enterprise block storage environments. Now these powerful arrays provide a new class of file based solutions with Microsoft Server 2012 R2 directly installed on the array. Microsoft and Violin Memory worked closely to develop this class of solution by bringing the power of memory to Microsoft applications such as SQL Server and Microsoft Hyper-V.

This would offer an appliance solution of the Hyper-V over SMB 3.0 scenario. At the moment there are not a lot of information out there but I will expect more information shortly and if you need more information checkout the Violin Memory page.



Sort Network Adapter via PowerShell

Sort Windows Network Adapter by PCI Slot via PowerShell

If you work with Windows, Windows Server or Hyper-V you know that before Windows Server 2012 Windows named the network adapters randomly. This was a huge deal if you were trying to automate deployment of servers with multiple network adapters. And of course Hyper-V Servers normally have multiple network adapters. In Windows Server 2012 Microsoft had some different ways how this was fixed. First there is CDN (Consistent Device Naming) which allows hardware vendors to integrate the names so the OS can pick them up and the second one being the possibility of Hyper-V Converged Fabric which is basically making our lives easier by having less network adapters.

Well a lot of vendors have not integrated CDN or you have some old servers without CDN support. Back in May 2012 before the release of Windows Server 2012 I wrote a little Windows PowerShell script to sort network adapters in Windows Server 2008 R2 and Hyper-V Server 2008 R2 by using WMI (Configure Hyper-V Host Network Adapters Like A Boss). Now for a Cisco UCS project I rewrote some parts of the script to use Windows PowerShell in for Windows Server 2012, Windows Server 2012 R2 and Hyper-V.

First lets have a look how you can get the PCI slot information for network adapters, luckily there is now a PowerShell cmdlet for this.

 
Get-NetAdapterHardwareInfo

Now lets see how you can sort network adapters via Windows PowerShell.

 
Get-NetAdapterHardwareInfo | Sort-Object Bus,Function

This will get you a output like this:

Sort Network Adapter via PowerShell

Lets do a little loop to automatically name them:

$prefix = "NIC"
$netAdapters = Get-NetAdapterHardwareInfo | Sort-Object Bus,Function
$i = 0
 
foreach ($netAdapter in $netAdapters){
 
$interface = $netadapter | Get-NetAdapter
$old = $interface.Name
$newName = $prefix + $i
$interface | Rename-NetAdapter -NewName $newName
$i++
Write-Host "Rename" $old "to:" $newName
 
}

So this names all the network adapters to NIC1, NIC2, NIC3,…

So lets do a PowerShell function for this:

# ---------------------------------------------------------------------------------------------- #
# Powershell Sort-NetworkAdapter $Rev: 748 $
# (c) 2014 Thomas Maurer. All rights reserved.
# created by Thomas Maurer
# www.thomasmaurer.ch
# last Update by $Author: tmaurer $ on $Date: 2014-01-04 14:07:36 +0100 $
# ---------------------------------------------------------------------------------------------- #
 
function Sort-NetworkAdapter {
&lt;# .SYNOPSIS This sorts and renames network adpaters by PCI slot .DESCRIPTION This sorts and renames network adapters sorted by PCI slot .EXAMPLE Sort-NetworkAdapter -prefix vnic -StartingNumber 0 This renames als NICs to vnic0, vnic1, vnic2,... .EXAMPLE Sort-NetworkAdapter -prefix nic -StartingNumber 1 This renames als NICs to nic1, nic2, nic3,... .PARAMETER prefix The Prefix of the network adapter name .PARAMETER StartingNumber The Number of the first network adapter #&gt;
[CmdletBinding(SupportsShouldProcess=$True,ConfirmImpact='Low')]
param
(
[Parameter(Mandatory=$True,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='Which prefix you want to use?')]
[ValidateLength(1,20)]
[string]$prefix,
 
[Parameter(Mandatory=$False,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True,
HelpMessage='Which Starting Number you want to use?')]
[int]$startingNumber = 1
)
 
begin {
write-verbose "Get netadpaters and sort them"
$netAdapters = Get-NetAdapterHardwareInfo | Sort-Object Bus,Function
}
 
process {
 
write-verbose "Rename netadapters"
 
foreach ($netAdapter in $netAdapters){
 
$interface = $netadapter | Get-NetAdapter
$old = $interface.Name
$newName = $prefix + $startingNumber
#$interface | Rename-NetAdapter -NewName $newName
$startingNumber++
Write-Host "Rename" $old "to:" $newName
 
}
}
}

Now you can run this by using Sort-NetworkAdapter for exmaple:

Sort-NetworkAdapter -prefix NIC

or

Sort-NetworkAdapter -prefix NIC -StartingNumber 0

You can also get this script from the Microsoft Technet Gallery or Script Center.



Capacity Planner for Hyper-V Replica

Capacity Planner for Hyper-V Replica updated

Back in 2013 Microsoft released a tool called Capacity Planner for Hyper-V Replica. Hyper-V Replica Capacity Planner allowed IT Administrators to measure and plan their Replica integration based on the workload, storage, network, and server characteristics. Today Aashish Ramdas announced on the TechNet Virtualization blog that Microsoft has updated the Hyper-V Replica Capacity Planner. The new version now support Windows Server 2012 R2 Hyper-V, Windows Azure Hyper-V Recovery Manager and some other cool stuff based on the feedback of customers.

  • Support for Windows Server 2012 and Windows Server 2012 R2 in a single tool
  • Support for Extended Replication
  • Support for virtual disks placed on NTFS, CSVFS, and SMB shares
  • Monitoring of multiple standalone hosts simultaneously
  • Improved performance and scale – up to 100 VMs in parallel
  • Replica site input is optional – for those still in the planning stage of a DR strategy
  • Report improvements – e.g.: reporting the peak utilization of resources also
  • Improved guidance in documentation
  • Improved workflow and user experience

It’s great to see Microsoft improving free tools which help implement their solutions.



5Nine Hyper-V Security Console

5nine Cloud Security for Hyper-V 4.0

Security is a critical part in your datacenter and with a high virtualization rate it gets even more critical and complex to manage. Gartner estimates that in 2014 roughly 75% of all servers will be virtual with the number continuing to rise, year after year. If you are working in a highly virtualized environment you know how difficult it can be to protect your virtual machines and networks. It is even harder if you are a cloud service provider and you want to protect your customer, sometimes you don’t even have access into the virtual machines and you cannot really make sure the customer does everything right.

For some customers I was looking for a solution with centralized management and a solution which has no impact on the performance of the virtual machines. Through some contacts I had the chance to talk with 5Nine Software which offer some great solutions for Hyper-V management and Hyper-V Security. And in December 5Nine Software released its latest beta version of Cloud Security for Microsoft’s Virtualization solutions called 5Nine Cloud Security for Hyper-V. The new version includes some new features like real-time active anti-virus protection, VM Security groups, a new LWF R2 VM Switch extension, role based access and most importantly support for NVGRE or in otherswords Hyper-V Network Virtualization support which will make especially service providers very happy.

5Nine Hyper-V Security Agentless

Some key details about the 5nine Cloud Security for Hyper-V:

  • Multi-tenant security
  • Agentless, host-based solution for AV scans
  • Supporting Windows Server 2012 R2 Hyper-V
  • Granular control over each virtual machine using Hyper-V Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
      • MAC Address filtering
      • ARP Rules
      • SPI (stateful packet inspection)
      • Network traffic anomaly analysis
      • Inbound and outbound per VM bandwidth throttling
      • MAC broadcast filtering
      • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Detect and block malicious attacks
  • Supports any guest OS supported by Windows Hyper-V including Linux

Architecture

In my lab I had the chance to have a look at the latest beta and wow I was pretty impressed. Well the installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it.

Let’s see first about the architecture of the environment which is pretty easy. Basically you have 3 components:

  • The Management Service – This would be your 5Nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.

Some impressions

If we have a look at one of my Hyper-V Hosts after the installation you can see some new things on the server. Basically 5Nine Cloud Security adds some services to the Hyper-V hosts (not to the virtual machines) for management and malware protection.

5Nine Hyper-V Security Services

And if we have a look at the Hyper-V Virtual Switch, we can see a new extension added to it.

5Nine Hyper-V Virtual Switch Extension

 

The management console is where the magic happens and you configure your environment. the console in my opinion is pretty simple and you can easy find all the options you need.

5Nine Hyper-V Security Console

Besides the Virtual Firewall you can also configure Antivirus Protection, Firewall logging and a lot more.

5Nine Hyper-V Security Antivirus Settings

But wouldn’t it be great to just manage this from your favorite Datacenter Management tool, called System Center Virtual Machine Manager? Well in version 3 5Nine had created a plugin for Virtual Machine Manager which allows you so set all the settings directly from the VMM console.

5Nine Hyper-V Security System Center VMM Plugin

As I already mentioned I am pretty impressed and I think this is exactly what a lot of customers and service providers are looking for. It provides a simple, centralized and easy to manage Hyper-V Security solution and integrates perfectly in your datacenter.