Tag: Virtual Machine Manager

Savision Cloud Advisor VMM Tuning Tips

Cloud Advisor for System Center Virtual Machine Manager

As you may know I do a lot of work around Hyper-V, System Center and Windows Azure Pack. One of the most critical parts of the Microsoft Cloud is System Center Virtual Machine Manager. VMM is the component where mostly everything comes together in some way. From the Fabric resource such as Storage, Compute and Networking up to the Virtual Machines and Services running on top of the Fabric layer. Virtual Machine Manager basically allows you to pool resources and offer them to tenants which can than deploy services and virtual machines to the pools.

This means VMM manages not only your Virtual Machines, Virtual Machine Manager also manages your network environment, your storage and a lot more. So wouldn’t it be great to use the data Virtual Machine Manager collects to review your environment and get some tips you can optimize it? This is exactly what Savision did with their Virtual Machine Manager Add-in called Cloud Advisor which includes tuning and optimization recommendations.

Savision’s Cloud Advisor looks for problems like:

  • “Virtual Machine Appears to be Unused”
  • “Prediction: All Available Memory Will Be Consumed By…”
  • “Virtual Guest Services Are Not Installed”
  • “Starting Memory Is Too High”
  • “Low Disk Space On Cluster Shared Volume”
  • “Dynamic Memory is not enabled”
  • and a lot more…

Most of you will think okay, this sounds great but how much will this thing cost. Well that’s the great part, the Savision Cloud Advisor for System Center Virtual Machine Manager is absolutely free. So there is absolutely no reason why you shouldn’t deploy the Savision Cloud Advisor in your Virtual Machine Manager environment.

Simply go the Savision homepage, download the Cloud Advisor and import it to VMM.

Import Cloud Advisor Addin into VMM

After that you will have to connect to the VMM database and to let the Savision Cloud Advisor his job, showing you tips and recommendations for your environment.

Savision Cloud Advisor VMM Tuning Tips

By the way there are other cool VMM Add-in from Cisco for their UCS Bladecenter and 5Nine for the Virtual Firewall Appliance.



Hyper-V Gernal Access dinied error

Hyper-V over SMB: Set SMB Constrained Delegation via PowerShell

When you are having configured a Hyper-V over SMB configuration, which means the virtual machines are running on Hyper-V host and are stored on a SMB file share, and you try to manage the virtual machine remotely from Hyper-V Manager or Failover Cluster Manager, you will run into access denied errors. The same error can also happen if you try live migrate the virtual machine. This error is caused because you are using the credentials from the machine which Hyper-V or Failover Cluster Manager is running on to access the file share via the Hyper-V host. This “double-hop” scenario is not by default not allowed because of security reasons. You can find more about Kerberos Authentication on TechNet.

To avoid this error you have to configure the SMB Constrained Delegation in Active Directory to allow this scenario for specific “double-hops”. In Windows Server 2012 Microsoft made setting up Kerberos constrained delegation much easier by introducing resource-based Kerberos Constrained Delegation. This it wasn’t that easy to deploy and required some step. In Windows Server 2012 R2 Microsoft introduced new Windows PowerShell cmdlets to configure SMB Constrained Delegation directly from PowerShell. These cmdlets are offered by the Active Directory PowerShell module.

On your management box or where ever you want to configure SMB Constrained Delegation you have to install the Active Directory PowerShell module. (You don’t need the module on the Hyper-V host or SMB file servers)

 
Install-WindowsFeature RSAT-AD-PowerShell

Now you can use the following cmdlets.

  • Get-SmbDelegation –SmbServer FileServer
  • Enable-SmbDelegation –SmbServer FileServer –SmbClient HyperVHost
  • Disable-SmbDelegation –SmbServer FileServer [–SmbClient HyperVHost] [-Force]

For example if you are running a two node Hyper-V cluster and you use a Scale-Out File Server cluster (SOFS01) as virtual machine storage, the configuration could look like this.

 
Enable-SmbDelegation –SmbServer SOFS01 –SmbClient HyperV01
 
Enable-SmbDelegation –SmbServer SOFS01 –SmbClient HyperV02

Because these cmdlets only work with the new resource-based delegation, the Active Directory forest must be in “Windows Server 2012” functional level. A functional level of Windows Server 2012 R2 is not required.

And as I mentioned before you can also use System Center Virtual Machine Manager (VMM) to manage your storage, which uses a different approach and does not need the configuration of Kerberos Constrained Delegation.

 



System Center Logo

Update Rollup 1 for System Center 2012 R2 available

Microsoft released Update Rollup 1 for System Center 2012 R2 with updates and fixes for Virtual Machine Manager, Data Protection Manager and Operations Manager.

Components that are fixed in this update rollup

  • Data Protection Manager (KB 2904687)
  • Operations Manager (KB 2904678)
  • Virtual Machine Manager (KB 2904712)

In Virtual Machine Manager Microsoft lists the following fixes:

System Center 2012 R2 Virtual Machine Manager cannot deploy a new or imported VMWare template.

  • A virtual machine with that uses VHDX cannot be refreshed correctly in System Center 2012 R2 Virtual Machine Manager, and you receive the following error message:
    Refresh job failed with error 2912: The requested operation cannot be performed on the virtual disk as it is currently used in shared mode (0xC05CFF0A)
  • Database operations sometimes fail with “FailedToAcquireLockException.”
  • A new virtual machine template from a template that specifies an operating system profile doesn’t use credentials from the operating system profile.
  • Virtual machines in VMWare that connect by the using Cisco N1000V dvSwitch are unavailable for management from Virtual Machine Manager.
  • System Center Virtual Machine Manager service crashes if you disable one of the teamed network adapters.
  • The Get-Scstoragearray -host command should return storage arrays that are visible to a host that is using zoning.
  • During the discovery of a network-attached storage (NAS) provider, the credentials that are used do not include a domain name.
  • Some localized strings are not displayed correctly in the UI.
  • A query to find the certificate should match both the subject name and the friendly name because FindBySubjectName is a wildcard search.
  • Template deployment fails, and you receive the following error message:
    Error (2904) VMM could not find the specified path on the <Server name> server. The system cannot find the path specified (0x80070003)
  • Virtual Hard Disk (VHD) cannot be mounted on a host because VHD conflicts with other disks because of a stale entry that was left in the dictionary of Virtual Machine Manager memory.
  • Differencing disk based deployment may fail because the parent disk is being refreshed as noncached.

 

Checkout the Blog from MVP Daniel Neumann for a German version.

 

 



Building Clouds

Windows Azure for your Datacenter

Some years back, when Microsoft launched Windows Azure and I was working for a Hosting company, I remember that we were thinking and talking about this and were hoping that Microsoft would make Windows Azure available for hosters. At the beginning of last year Microsoft made this step by releasing Windows Azure Services for Windows Server and together with Windows Server, Hyper-V and System Center you could build your own Windows Azure. With the R2 wave of System Center and Windows Server, Microsoft also renamed Windows Azure Services for Windows Server to Windows Azure Pack (wow what a great idea ;-)) and added some great new functionality to the product it self.

Windows Azure Pack Archtiecture Overview

Windows Azure Pack is a collection of Windows Azure technologies, available to Microsoft customers at no additional cost for installation into your data center. It runs on top of Windows Server 2012 R2 and System Center 2012 R2 and, through the use of the Windows Azure technologies, enables you to offer a rich, self-service, multi-tenant cloud, consistent with the public Windows Azure experience.

The Windows Azure Pack is basically a framework which offers you to build several offerings for customers.

  • VM Cloud – This is an infrastructure-as-a-service (IaaS) offering which allows customer to deploy and manage Windows and Linux Virtual Machines including VM Template, scaling and Virtual Networking options.
  • Web Sites – a service that helps provide a high-density, scalable shared web hosting platform for ASP.NET, PHP, and Node.js web applications. The Web Sites service includes a customizable web application gallery of open source web applications and integration with source control systems for custom-developed web sites and applications.
  • Service Bus – a service that provides reliable messaging services between distributed applications. The Service Bus service includes queued and topic-based publish/subscribe capabilities.
  • SQL and MySQL – services that provide database instances. These databases can be used in conjunction with the Web Sites service.
  • Automation and Extensibility – the capability to automate and integrate additional custom services into the services framework, including a runbook editor and execution environment.

Source: TechNet

On top of this Windows Azure Pack offers two management portals, one for tenants and one for administrators which are build on top of the Service Management API. The Service Management API is a RESTful API which allows you build some custom scenarios such as custom portals or billing integrations on top of the Azure Pack framework.

Windows Azure Pack IaaS

In the last months I had time to work within several different project with the integration of Windows Azure Pack, mainly with the VM Cloud and automation integration and also some work with the Service Management API and some customization together with Stefan Johner and Fulvio Ferrarini from itnetx. I will write some blog post about Windows Azure Pack, the stuff we have done and we are doing right now.

If you are looking for some good blogs around Windows Azure Pack you should definitely checkout the blogs from Marc van Eijk, Hans Vredevoort and Kristian Nese or the Windows Azure Pack Wiki on TechNet. And btw. Windows Azure Pack is not just made for hoster and service providers, it is also a great solution for enterprises, check out why by reading Michael Rueeflis blog.

 



5Nine Hyper-V Security Console

5nine Cloud Security for Hyper-V 4.0

Security is a critical part in your datacenter and with a high virtualization rate it gets even more critical and complex to manage. Gartner estimates that in 2014 roughly 75% of all servers will be virtual with the number continuing to rise, year after year. If you are working in a highly virtualized environment you know how difficult it can be to protect your virtual machines and networks. It is even harder if you are a cloud service provider and you want to protect your customer, sometimes you don’t even have access into the virtual machines and you cannot really make sure the customer does everything right.

For some customers I was looking for a solution with centralized management and a solution which has no impact on the performance of the virtual machines. Through some contacts I had the chance to talk with 5Nine Software which offer some great solutions for Hyper-V management and Hyper-V Security. And in December 5Nine Software released its latest beta version of Cloud Security for Microsoft’s Virtualization solutions called 5Nine Cloud Security for Hyper-V. The new version includes some new features like real-time active anti-virus protection, VM Security groups, a new LWF R2 VM Switch extension, role based access and most importantly support for NVGRE or in otherswords Hyper-V Network Virtualization support which will make especially service providers very happy.

5Nine Hyper-V Security Agentless

Some key details about the 5nine Cloud Security for Hyper-V:

  • Multi-tenant security
  • Agentless, host-based solution for AV scans
  • Supporting Windows Server 2012 R2 Hyper-V
  • Granular control over each virtual machine using Hyper-V Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
      • MAC Address filtering
      • ARP Rules
      • SPI (stateful packet inspection)
      • Network traffic anomaly analysis
      • Inbound and outbound per VM bandwidth throttling
      • MAC broadcast filtering
      • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Detect and block malicious attacks
  • Supports any guest OS supported by Windows Hyper-V including Linux

Architecture

In my lab I had the chance to have a look at the latest beta and wow I was pretty impressed. Well the installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it.

Let’s see first about the architecture of the environment which is pretty easy. Basically you have 3 components:

  • The Management Service – This would be your 5Nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.

Some impressions

If we have a look at one of my Hyper-V Hosts after the installation you can see some new things on the server. Basically 5Nine Cloud Security adds some services to the Hyper-V hosts (not to the virtual machines) for management and malware protection.

5Nine Hyper-V Security Services

And if we have a look at the Hyper-V Virtual Switch, we can see a new extension added to it.

5Nine Hyper-V Virtual Switch Extension

 

The management console is where the magic happens and you configure your environment. the console in my opinion is pretty simple and you can easy find all the options you need.

5Nine Hyper-V Security Console

Besides the Virtual Firewall you can also configure Antivirus Protection, Firewall logging and a lot more.

5Nine Hyper-V Security Antivirus Settings

But wouldn’t it be great to just manage this from your favorite Datacenter Management tool, called System Center Virtual Machine Manager? Well in version 3 5Nine had created a plugin for Virtual Machine Manager which allows you so set all the settings directly from the VMM console.

5Nine Hyper-V Security System Center VMM Plugin

As I already mentioned I am pretty impressed and I think this is exactly what a lot of customers and service providers are looking for. It provides a simple, centralized and easy to manage Hyper-V Security solution and integrates perfectly in your datacenter.

 

 



System Center Logo

Known Issues for Virtual Machine Manager in System Center 2012 R2

On TechNet, Microsoft provides a list of Know Issues with Virtual Machine Manager in Release Notes for Virtual Machine Manager in System Center 2012 R2. If you have trouble or bugs in System Center 2012 R2 Virtual Machine Manager you should definitely check out that page. Here is a short list from 20.01.2014:

  • File servers under management will go into an unknown state after upgrade
  • VMs with shared VHDXs are displayed as “Incomplete VM Configuration”
  • File Server VM migration fails from an MSU host, resulting in Incomplete state
  • A VM on a VMware ESX host cannot be assigned to a cloud while it is running
  • Windows Server Gateway: all gateway virtual machines on a given host cluster must use same back-end network
  • Cannot manage Spaces storage for Scale-out file servers on Windows Server 2012
  • Operations Manager Health Service Might Restart Creating Inaccurate Chargeback Metrics
  • Cannot enter or change application and SQL Server settings directly in VM templates
  • Cannot manage Spaces storage for Scale-out file servers on Windows Server 2012
  • Disk classifications not displayed correctly after a new LUN has been registered
  • VMM no longer supports VDS Hardware ProvidersVMM cannot manage General Use file servers on Windows Server 2012 R2
  • VMM does not manage Storage Tiering in Windows Server 2012 R2
  • VMM does not manage Write-back cache in Windows Server 2012 R2
  • File Server Tasks Not Supported on Untrusted Nodes
  • Incorrect Server Error Code Returned for Invalid Library Paths
  • Windows Azure Hyper-V Recovery Manager Does Not Accept Replication Frequency Changes
  • VMM does Not Provide Centralized Management of WWN Pools
  • Windows Server Operating System MP Disabled by Default
  • Service deployment fails and the guest agent on virtual machines does not work as expected
  • Management of VMs deployed directly on NPIV-exposed LUNs is not supported
  • Windows PowerShell help might not open as expected on computers running
  • Deploying virtual machines to hosts on perimeter networks might fail
  • Registering a storage file share on a library server might cause an error
  • Failing over and migrating a replicated virtual machine on a cluster node might result in an unstable configuration
  • Modifying Tenant Administrator permissions affects permissions for self-service user roles
  • Member-level permissions for network quotas are not applied for the Tenant Administrator role
  • Canceling and restarting when creating a new virtual machine might fail
  • BlogEngine service deployment fails

Check out the TechNet article for workaround or answers.



Add Windows-based File Server

Manage SOFS Cluster and File Shares from Virtual Machine Manager

In the past months I did several blog posts about Hyper-V over SMB and Storage Spaces. In small environment management of such a Scale-Out File Server Cluster can be a simple thing because you don’t have a lot of changes, you setup the thing once and this will work for some time. In larger enterprise fabric and storage management is a huge topic, now with Hyper-V over SMB you don’t have to do any zoning or configure iSCSI initiators but you still have to set the right permission on the file share. This is where System Center Virtual Machine Manager comes into play.

Virtual Machine Manager also you to not only manage your iSCSI or fiber channel storage appliances via SMI-S, you can also manage your Scale-Out File Server.

First you have to add the Scale-Out File Server to the SCVMM fabric management. You can simple add a resource and Add a Storage Device. This will open a wizard where you can not only select SAN or NAS storage, but you can also select Widows-based file server.

Add Windows-based File Server

Enter the FQDN of your Fileserver Cluster

Enter Fileserver FQDN

This will scan your File Server Cluster and will show you already existing file shares. You can now match Storage Classifications with the existing file shares.

File Server Fileshares and Classification

After you have connected your Scale-Out File Server you can now create new File Shares and Storage Spaces directly from the Virtual Machine Manager Console.

Create File Shares

After you have created the file share you now have to add the permission for the Hyper-V host to the File Share. Virtual Machine Manager does automatically take care of that if you add the File Share to the Hyper-V Host or if you have a Hyper-V Cluster to the Cluster Object.

Add File Share to Hyper-V host

Now you can start using the file shares for placing Virtual Machines on it. The File Shares classifications will also be available in the VM Clouds.

Cloud Storage Resouces

As you can see, System Center Virtual Machine Manager can make your life a lot easier and helps you manage your whole datacenter fabric, from Compute, network up to storage. In 2013 I did several presentations on Fabric Management with System Center Virtual Machine Manager and two of them are online. You should check out the following posts:

Fabric Management with System Center Virtual Machine Manager (German)

Fabric Management with System Center Virtual Machine Manager at the TechDays Basel (German)



Microsoft TechNet Conference 2013 am 12. & 13. November 2013 in Berlin

TechNet Conference 2013 – Fabric Management with Virtual Machine Manager Session Online

From 11. to 12. November the first Microsoft Germany TechNet Conference 2013 took place in Berlin, Germany. I had the chance to present a session about Virtualization Fabric Management with System Center 2012 R2 Virtual Machine Manager and Hyper-V. There were also some other great session from other Microsoft MVPs like Carsten Rachfahl, Aidan Finn, Maarten Goet, Daniel Neumann, Damian Flynn, Benedict Berger and many more. At this time thanks to Microsoft Germany for this great event and the opportunity to talk at this event.

Last week Microsoft published the sessions (German) online:

TechNet Conference 2013: Virtualisierungsinfrastruktur verwalten – Fabric Management mit Virtual Machine Manager 2012 R2

TechNet Conference Session

have fun and a good start into the week.



Hyper-V 2012 R2 Poster

TechNet Switzerland Event: From VMware to Hyper-V

On Tuesday, December 03 I will present together with Markus Erlacher, former Microsoft Switzerland TSP and now Managing Director at itnetx gmbh, on a free Microsoft Switzerland TechNet event. The topic this time will be why and how you migrate from VMware to a Microsoft Hyper-V and System Center environment. The event will cover an overview about Windows Server 2012 R2 Hyper-V and System Center 2012 R2 and all the Virtualization features you need in your environment. At the afternoon session we will also cover how you can migrate from VMware to Hyper-V so you can quickly enjoy the new Private Cloud solutions from Microsoft.

The event is free and in will be in the Microsoft Conference Center in Wallisellen Zürich. To join that event register on the Microsoft Event Website. The event will be in German and will no be streamed to the web.

Agenda

Tuesday, December 03

08:30 – Coffee
09:00 – Session 1 – Hyper-V Overview (Virtual Machines, Hyper-V Manager, Virtual Switch, VHDX format)
10:30 – Coffee Break
10:45 – Session 2 – Hyper-V Advanced Features (Hyper-V Networking and Storage, Hyper-V over SMB, Network Virtualization)
12:00 – Lunch
13:00 – Session 3 – Management (VM and Fabric Management with System Center Virtual Machine Manager, PowerShell and more…)
14:30 – Coffee Break
14:45 – Session 4 – VMware Migration (Migration from VMware to Hyper-V, Tools, Best practices, automation, real world example)
16:15 – End

More Information and registration

More information and registration on the Microsoft Event Website.



TechDays Basel 2013

TechDays 2013 – Fabric Management with Virtual Machine Manager Session Online

One day after I was presenting at the TechNet Conference in Berlin Germany I was also talking at the TechDays 2013 in Basel Switzerland. Microsoft has now published my session online on Channel9:

The Session is in German and shows how you can use System Center 2012 R2 – Virtual Machine Manager as your Datacenter Management Tool, to manage your Fabric like Storage, Network and Compute, how you can Pool Resources, create Tenants, Service Templates and about the Self-Service Portals like App Controller and Windows Azure Pack.