Tag: WAP

Last updated by at .

AzureStack Admin Portal

Microsoft Azure Stack – Azure Extension in your Datacenter

A couple of weeks ago, I had the chance to attend the Microsoft Azure Certified for Hybrid Cloud Airlift in Bellevue WA, which is close to the Microsoft campus in Redmond. I had the chance to spend the week there and talk with the Microsoft PG about different Azure Stack scenarios. Most of the discussions and presentations are under NDA, but there are a few things I can share, since they are publicly announced. I prepared this blog post already a couple of months ago, when I was talking to a lot of different customers about Azure Stack, and since then Microsoft also shared some new information about the release of Azure Stack Technical Preview 3.

The Azure Stack Announcement

Azure vs Azure Stack

Microsoft announced Azure Stack at Microsoft Ignite in May 2015. Back at this time Microsoft did only mention about the vision of Azure Stack and that it will bring cloud consistency between the Microsoft Azure Public Cloud and your Private Cloud. But Microsoft did not really announce exactly what Azure Stack will be and how it will be implemented in your Datacenter.

During the Microsoft World Wide Partner Conference (WPC 2016), Microsoft announced more information about the availability of Azure Stack. For more information, you can read the Microsoft blog posts, but I tried to summarize the most important parts.

Building a true Hybrid Cloud and Consistency with Microsoft Azure

Azure Stack

This is probably the most important part about Azure Stack today. Microsoft Azure Stack will bring Azure consistency between the Microsoft Azure Public Cloud and your Private Cloud or your Hosters Service Provider Cloud using the Azure Resource Manager. So you will be able to not only operate an Azure-like environment, like you could with Windows Azure Pack and System Center, you now get real consistency between Azure and Azure Stack. You not only get the exact look and feel from the Microsoft Azure Public Cloud, you also can use the same Azure Resource Templates and deployment methods as you can in the Public Cloud. This allows customers to really operate in a Hybrid Cloud environment, between the Microsoft Public Cloud, their own Private Cloud and also local Service Provider Clouds.

Bring the agility and fast-paced innovation of cloud computing to your on-premises environment with Azure Stack. This extension of Azure allows you to modernize your applications across hybrid cloud environments, balancing flexibility and control. Plus, developers can build applications using a consistent set of Azure services and DevOps processes and tools, then collaborate with operations to deploy to the location that best meets your business, technical, and regulatory requirements. Pre-built solutions from the Azure Marketplace, including open source tools and technologies, allow developers to speed up new cloud application development.

The Integrated System Approach

Azure Stack Integrated System

(picture by Microsoft)

Microsoft announced that Azure Stack will be available as an appliance from different hardware vendors in Mid 2017. The confirmed hardware providers delivering Azure Stack Appliance at this point in time will be: Dell EMC, HPE and Lenovo and later in 2017 we will also see an appliance from Cisco, Huawei and Avanade.

The big difference here is that Microsoft delivers the Azure Stack platform first in an appliance way, which is really different from the way they delivered Windows Azure Pack. Windows Azure Pack was based on System Center and Windows Server and every customer could design his own environment based on their needs.

This was great, but also had some huge challenges for customers. Clouds needed different designs, this ended up in very complex design workshops where we basically discussed the customer solutions. The installation and configuration of a Windows Azure Pack platform was also very complex and a lot of work which needed a lot of resources, knowledge and of course a lot of project costs. Before customers could start saving money, they had to invest money to get things up and running. Of course, system integrators like itnetX and others, built automation to spin up clouds based on Windows Azure Pack, but still the investment needed to be done.

The use of an appliance approach not only helps to spin up clouds faster, but also build environments on tested hardware, firmware and drivers. Another point here which makes a great case for an appliance solution, are management and operations. Management and operation of a cloud-like environment is not easy, doesn’t matter what software you are using. Keeping the platform stable, maintained and operational will end up in a lot of work, especially if every cloud looks different. The last thing I want to mention here is upgrading, if you want real Azure consistency, you need to keep up with the ultra-fast pace of the Azure Public Cloud, which is basically impossible or extremely expensive. An integrated system scenario can really help you keep things up-to-date, since updates and upgrades can be pre-tested before they are released for you to deploy. This will help you save a huge amount of testing since every environment looks the same.

Operating Azure Stack

Azure Stack Administration and Operation

As already mentioned, Azure Stack will be delivered as an integrated system. OEMs, will help you to setup and install your Azure Stack appliance in your datacenter, but they will not fully manage the Azure Stack environment. You will need to have some Cloud Operator managing and operating your Azure Stack. With this all the host will be sealed and administrators do not have access to the hosts or Hyper-V Manager or Failover Cluster Manager to mange the systems. Instead, Administrators or Cloud Operators will manage the system for a management portal.

Azure Stack Platform

Since this is an integrated system, you don’t even need to care what it is running in the background. But still for a lot of us it is still very interesting to see how Azure Stack is built. In the back Azure Stack runs on “common” rack mount servers from HPE, Dell, Lenovo and Cisco, for HPE this is the DL380 Gen9. From the software stack it is running Windows Server 2016, and the Software Define Datacenter features such as Storage Spaces Direct, the new Windows Server 2016 Software-Defined Networking Stack an Hyper-V. In the release version of Azure Stack we will see a Hyper-Converged Storage Spaces Direct architecture starting from 4 nodes. On top of this Microsoft used code from Azure to bring the Azure Resource Manager, Azure Resource Providers and the Azure Portal to the Azure Stack.

Azure Stack POC – Microsoft Azure Stack Development Kit

Azure Stack Development Kit

Very early in the development process of Azure Stack, Microsoft releases Technical Previews to customers, so they could test Azure Stack on one node deployments. This is called the Azure Stack POC and you can download it today on a single physical server, and it was only designed for non-productive, non-HA environments. Microsoft officially announced that they will rename the Azure Stack POC to Azure Stack Development Kit after the General Availability of Azure Stack Mid 2017. This is really a great solution to quickly spin up a test environment of Azure Stack without having to invest in hardware.

Azure Marketplace Syndication

Azure Stack Marketplace Syndication

You will be able to create your own Marketplace items in Azure Stack, building your own templates and images and offer them to your customers. One of the greatest editions Microsoft made in the Azure Stack Technical Preview 3 is the Azure Marketplace Syndication. This allows you to get Marketplace items from Azure and offer them in your Azure Stack offering to your customers. With that you don’t need to build all Marketplace items by yourself.

Azure Stack Identity Management

Azure Stack has to be integrated into your datacenter. In terms of Identity, Microsoft allows you to use two ways to integrate. First, and from my site the preferred option, is Azure AD (AAD) which allows you to integrate with an existing Azure Active Directory. Azure AD can be synced and connected with your on-premise Active Directory and this will allow you to login to Azure as well as Azure Stack. The other option Microsoft is offering is using ADFS to bring identities to your Azure Stack.

The Azure Stack Business Cases

Since Azure Stack is consistent with Microsoft Azure, the question comes up, why are we not just using Azure. There are many good reasons to use Azure, but there are also some challenges with that. Azure Stack can make sense in a couple of scenarios.

  • Data Sovereignty – In some cases data cannot be stored outside of a specific country. With Azure Stack, customers have the option to deploy in even their own datacenter or on a service provider within the same country.
  • Latency – Even Microsoft offers a solution to reduce network latency to Azure, with using Azure Express Route, in some scenarios latency is still a big issue. With Azure Stack can customers place Azure very close to the location where resources are accessed from.
  • Disconnected Scenarios – In some scenarios you really want to benefit form the consistent deployment model, and for example use Azure Resource Manager (ARM), but not everywhere on earth do you have access to Azure or sometimes you have a very bad connection. Think about cruise ships or other scenarios where you need to run IT infrastructure but you are not able to connect to Azure.
  • Private Instance of Azure – For some companies shared infrastructures can be challenging, even security standards in Azure are extremely high, it is not always an option. With Azure Stack, companies can basically spin up their completely own instance of Azure.
  • Differentiation – Service Providers or even Enterprise companies cannot only use the Azure Marketplace, but they can also build their own solutions for the Azure Stack and make them available to their customers.

Pricing and Licensing

As mentioned Microsoft will offer Azure Stack from 5 different OEMs. HPE, Dell and Lenovo will deliver a solution at GA in mid-CY17, Cisco and Huawei will be available later. The hardware needs to be bought directly from the OEM or Partner. Some of the also offer a flexible investment model like the HPE Flexible Capacity. For the pricing model, Microsoft decided to deliver the licensing of Azure Stack on a pay-per-use base. This meets of course the cloud economics and there will be no upfront licensing costs for customers. Services will be typically metered on the same units as Azure, but prices will be lower, since customers operate their own hardware and facilities. For scenarios where customers are unable to have their metering information sent to Azure, Microsoft will also offer a fixed-price “capacity model” based on the number of cores in the system.

Azure Stack will be offered in two different models, Pay-as-you-use model and Capacity model. The pay-as-you-use model is licensed by Microsoft via the Enterprise Agreement (EA) or Cloud Service Provider (CSP) programs. The capacity model is available via EA only. It is purchased as an Azure Plan SKU via normal volume licensing channels. For typical use cases, Microsoft expects the pay-as-you-use model to be the “most economical” option.

The Azure Stack pricing models

Azure Stack will be offered in two different models, Pay-as-you-use model and Capacity model. The pay-as-you-use model is licensed by Microsoft via the Enterprise Agreement (EA) or Cloud Service Provider (CSP) programs. The capacity model is available via EA only. It is purchased as an Azure Plan SKU via normal volume licensing channels. For typical use cases, Microsoft expects the pay-as-you-use model to be the “most economical” option.

Azure Stack Pay-as-you-use model

For the pay-as-you-use model you will you can take advantage of the cloud economics and only pay for resources which are actually consumed, plus additional costs for the Azure Stack hardware and the operations.

Service prices:

  • Base virtual machine $0.008/vCPU/hour ($6/vCPU/month)
  • Windows Server virtual machine $0.046/vCPU/hour ($34/vCPU/month)
  • Azure Blob Storage $0.006/GB/month (no transaction fee)
  • Azure Table and Queue Storage $0.018/GB/month (no transaction fee)
  • Azure App Service (Web Apps, Mobile Apps, API Apps, Functions) $0.056/vCPU/hour ($42/vCPU/month)

Azure Stack Capacity model

For the capacity model, two packages are available which makes you license the physical cores of your Azure Stack system via an annual subscription. The packages are only available via Enterprise Agreement (EA).

  • App Service package ($400/core/year)
    Includes App Service, base virtual machines and Azure Storage
  • IaaS package ($144/core/year)
    Includes base virtual machines and Azure Storage

You will also need additional licenses if you deploy Windows Server and SQL Server virtual machines, like you would do if you are using your traditional Hyper-V servers.

What else will you need

  • Integrated System (hardware) – you will need to purchase the Azure Stack hardware from one of the OEM vendors
  • Support – you will need to purchase support from Microsoft for software support and a support package for the hardware from the hardware provider. If you already have Premier, Azure, or Partner support with Microsoft, your software support is included.
  • Service Providers – Service Provider can also license Azure Stack to others using the CSP (Cloud Solution Provider) channel.

Azure Stack Roadmap

At the Azure Stack GA release this summer, Microsoft will deliver hardware with provides from HPE, Dell and Lenovo. Later in 2017 Microsoft will also deliver Azure Stack with Cisco, Huawei and Avanade hardware. Azure Stack at GA will support 4-12 nodes, 1 single scale-unit and a single region.

Microsoft will also deliver some of the services at General Availability on Azure Stack, and will add more and more services over time. At GA we will see:

  • Virtual Machines
  • Storage (Blob, Table and Queue)
  • Networking (Virtual Networks, S2S VPN, …)
  • App Service (in Preview)
  • SQL (in Preview)
  • MySQL (in Preview)

After GA, Microsoft  will continuously deliver additional capabilities through frequent updates. The first round of updates after GA are focused on two areas: 1) enhanced application modernization scenarios and 2) enhanced system management and scale. These updates will continue to expand customer choice of IaaS and PaaS technologies when developing applications, as well as improve manageability and grow the footprint of Azure Stack to accommodate growing portfolios of applications. Please be reminded that this will not just be a product you purchase, think about it as a service which will add features and functionality over time.

The choice for your datacenter

Windows Azure Pack

Obviously, Microsoft is pushing Azure Stack since it will bring consistency to the Azure public cloud, which means your companies and people need to understand the advantages of using methods like DevOps and Infrastructure in code. This will help you to make the most out of Azure Stack and the Azure Resource Manager. If you already have Microsoft Azure know-how, this is great, because it will also apply to Azure Stack.

No worries, if you are not there yet, or for some reason this doesn’t make sense to you, Microsoft still has a great solution to build traditional Virtualization platforms together with automation using System Center, Windows Server and if needed Windows Azure Pack. Both solutions, System Center and Windows Azure Pack, will be supported in the future and will get updates.



Windows Azure Pack Version PowerShell

Verify installed Windows Azure Pack version

If you want to check which version of Windows Azure Pack is installed or if you want to find out which Update Rollup of Windows Azure Pack is installed you can simply do this using two ways which help you to find the installed Windows Azure Pack version.

You can check the version of the installed Windows Azure Pack components on each server, using the Control Panel – Programs and it shows you the installed components:

Windows Azure Pack Version

You can also use the following PowerShell command to check the installed Windows Azure Pack server

Windows Azure Pack Version PowerShell

You can now compare the version numbers in this list an you can see which Windows Azure Pack Update Rollup is installed. Every component on every sever has to be checked.

Windows Azure Pack (links to KB articles)Version numberBuild Date
Update Rollup 103.33.8196.1404/20/2016
Security Update Rollup 9.13.32.8196.123/2/2016
Update Rollup 8.13.29.8196.011/16/2015
Update Rollup 83.28.8196.4810/28/2015
Update Rollup 7.13.27.8196.38/25/2015
Update Rollup 73.25.8196.757/31/2015
Update Rollup 63.24.8196.354/28/2015
Update Rollup 53.22.8196.482/10/2015
Update Rollup 43.19.8196.2110/21/2014
Update Rollup 33.15.8196.487/22/2014
Update Rollup 23.14.8196.324/16/2014
Update Rollup 13.12.8198.01/20/2014
RTM release3.10.8198.99/16/2013

If you need more information please check the following Microsoft TechNet article: Install Windows Azure Pack updates and verify versions

Thanks to Fulvio Ferrarini (itnetX) which helped me with this blog post.



5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.

 

 



Azure Stack

Hardware requirements for Microsoft Azure Stack Technical Preview (POC)

Jeffery Snover (Microsoft Techical Fellow) just announced that they will release a PoC (Proof of Concept) of Microsoft Azure Stack Technical Preview soon, which you can run in your datacenter to test Microsoft Azure Stack. Microsoft also released the Hardware requirements for Microsoft Azure Stack Technical Preview (POC) deployment.

 

Azure Stack PoC Hardware

Storage:

Data disk drive configuration: All data drives must be of the same type (SAS or SATA) and capacity.  If SAS disk drives are used, the disk drives must be attached via a single path (no MPIO, multi-path support is provided)
HBA configuration options:
     1. (Preferred) Simple HBA
2. RAID HBA – Adapter must be configured in “pass through” mode
3. RAID HBA – Disks should be configured as Single-Disk, RAID-0
Supported bus and media type combinations

  •          SATA HDD
  •          SAS HDD
  •          RAID HDD
  •          RAID SSD (If the media type is unspecified/unknown*)
  •          SATA SSD + SATA HDD**
  •          SAS SSD + SAS HDD**

* RAID controllers without pass-through capability can’t recognize the media type. Such controllers will mark both HDD and SSD as Unspecified. In that case, the SSD will be used as persistent storage instead of caching devices. Therefore, you can deploy the Microsoft Azure Stack POC on those SSDs.

** For tiered storage, you must have at least 3 HDDs.

Example HBAs: LSI 9207-8i, LSI-9300-8i, or LSI-9265-8i in pass-through mode


System Center Logo

Summary: Update Rollup 8 for System Center 2012 R2 and Azure Pack now available

Yesterday Microsoft released Update Rollup 8 for System Center 2012 R2 and Windows Azure Pack. Again with the Update Rollups for Windows Azure Pack and System Center, Microsoft not only delivers bug fixes, they also release new features.

There are some really cool highlights in this Update Rollup:

  • Network Virtualization Improvements (Multiple External IP Addresses,…)
  • SCDPM bug fixes
  • Better Checkpoint Integration (Checkpoint Quotas,…)
  • Support for SQL Server 2014 SP1
  • Support of Tier Storage in VMM for Storage Spaces
  • Hyper-V ACL Support in VMM
  • New Network devices in SCOM

Here you can get a quick update on what’s new in Update Rollup 8:

  • Data Protection Manager (KB3086084)
    • The DPM Agent crashes intermittently during a backup.
    • If you are trying to recover data from an imported tape, DPM may crash with a “Connection to the DPM service has been lost” error.
    • If you try to back up a SharePoint site that uses SQL Always On as a content database, SQL logs are not truncated as expected.
    • You cannot verify tape library compatibility for tapes that use RSMCompatmode settings such as IBM 35xx, 2900, and so on.
    • If you have multiple SharePoint farms hosted on the same SQL cluster with different instances but the same database names, DPM cannot back up the correct SharePoint farm content.
    • If you run Update Rollup 7 for Data Protection Manager 2012 R2, and you have already configured online protection for one or more protection groups, trying to change the protection group populates the default DPM settings for the “Select long-term goals” wizard instead of the previous configured values.
    • When you try to protect a SQL failover cluster, the Data Protection Manager UI crashes for every backup or synchronization operation.
    • If you install Update Rollup 7 for Data Protection Manager 2012 R2, self-service recovery for SQL databases may not work.
  • Operations Manager (KB3096382)
    • Slow load of alert view when it is opened by an operator
      Sometimes when the operators change between alert views, the views take up to two minutes to load. After this update rollup is installed, the reported performance issue is eradicated. The Alert View Load for the Operator role is now almost same as that for the Admin role user.
    • SCOMpercentageCPUTimeCounter.vbs causes enterprise wide performance issue
      Health Service encountered slow performance every five to six (5-6) minutes in a cyclical manner. This update rollup resolves this issue.
    • System Center Operations Manager Event ID 33333 Message: The statement has been terminated.
      This change filters out “statement has been terminated” warnings that SQL Server throws. These warning messages cannot be acted on. Therefore, they are removed.
    • System Center 2012 R2 Operations Manager: Report event 21404 occurs with error ‘0x80070057’ after Update Rollup 3 or Update Rollup 4 is applied.
      In Update Rollup 3, a design change was made in the agent code that regressed and caused SCOM agent to report error ‘0x80070057’ and MonitoringHost.exe to stop responding/crash in some scenarios. This update rollup rolls back that UR3 change.
    • SDK service crashes because of Callback exceptions from event handlers being NULL
      In a connected management group environment in certain race condition scenarios, the SDK of the local management group crashes if there are issues during the connection to the different management groups. After this update rollup is installed, the SDK of the local management group should no longer crash.
    • Run As Account(s) Expiring Soon — Alert does not raise early enough
      The 14-day warning for the RunAs account expiration was not visible in the SCOM console. Customers received only an Error event in the console three days before the account expiration. After this update rollup is installed, customers will receive a warning in their SCOM console 14 days before the RunAs account expiration, and receive an Error event three (3) days before the RunAs account expiration.
    • Network Device Certification
      As part of Network device certification, we have certified the following additional devices in Operations Manager to make extended monitoring available for them:

      • Cisco ASA5515
      • Cisco ASA5525
      • Cisco ASA5545
      • Cisco IPS 4345
      • Cisco Nexus 3172PQ
      • Cisco ASA5515-IPS
      • Cisco ASA5545-IPS
      • F5 Networks BIG-IP 2000
      • Dell S4048
      • Dell S3048
      • Cisco ASA5515sc
      • Cisco ASA5545sc
    • French translation of APM abbreviation is misleading
      The French translation of “System Center Management APM service” is misleading. APM abbreviation is translated incorrectly in the French version of Microsoft System Center 2012 R2 Operations Manager. APM means “Application Performance Monitoring” but is translated as “Advanced Power Management.” This fix corrects the translation.
    • p_HealthServiceRouteForTaskByManagedEntityId does not account for deleted resource pool members in System Center 2012 R2 Operations Manager
      If customers use Resource Pools and take some servers out of the pool, discovery tasks start failing in some scenarios. After this update rollup is installed, these issues are resolved.
    • Exception in the ‘Managed Computer’ view when you select Properties of a managed server in Operations Manager Console
      In the Operations Manager Server “Managed Computer” view on the Administrator tab, clicking the “Properties” button of a management server causes an error. After this update rollup is installed, a dialog box that contains a “Heart Beat” tab is displayed.
    • Duplicate entries for devices when network discovery runs
      When customers run discovery tasks to discover network devices, duplicate network devices that have alternative MAC addresses are discovered in some scenarios. After this update rollup is installed, customers will not receive any duplicate devices discovered in their environments.
    • Preferred Partner Program in Administration Pane
      This update lets customers view certified System Center Operations Manager partner solutions directly from the console. Customers can obtain an overview of the partner solutions and visit the partner websites to download and install the solutions.
  • Orchestrator & SMA (KB3096381)
    • SQL Server 2014 Service Pack 1 (SP1) is now supported in Orchestrator 2012 R2.
    • After you export and then import a Runbook, the Password field of Run Program activity is corrupted.
    • SMA: SQL Server 2014 Service Pack 1 is now supported in Service Management Automation 2012 R2.
    • SMA: Service Management Automation 2012 R2 does not let you stop jobs that are in the queued state.
  • Service Provider Foundation (KB3096384)
    • Installing update rollups for Service Provider Foundation causes additional bindings to be created, and this makes a Service Provider Foundation website inaccessible.
    • Quotas for multiple NAT connections are not supported. For more information about this feature, see WAP Update Rollup 8 documentation.
  • Virtual Machine Manager (KB3096389)
    • Support for SQL Server 2014 SP1 as VMM database
      With Update Rollup 8 for SC VMM 2012 R2 you can now have Microsoft SQL Server 2014 SP1 as the VMM database. This support does not include deploying service templates by using the SQL profile type as SQL Server 2014 SP1. For the latest information about SQL Server requirements for System Center 2012 R2, see the reference here.
    • Support for VMWare vCenter 6.0 management scenarios
      With Update Rollup 7, we announced support for management scenarios for vCenter 5.5. Building on our roadmap for vCenter and VMM integration and supportability, we are now excited to announce support for VMWare vCenter 6.0 in Update Rollup 8. For a complete list of supported scenarios, click here.
    • Ability to set quotas for external IP addresses
      With Update Rollup 7, we announced support for multiple external IP addresses per virtual network, but the story was incomplete, as there was no option to set quotas on the number of NAT connections. With UR8, we are glad to announce end-to-end support for this functionality, as you can now set quotas on the number of external IP addresses allowed per user role. You can also manage this by using Windows Azure Pack (WAP).
    • Support for quotas for checkpoints
      Before UR8, when you create a checkpoint through WAP, VMM does not check whether creating the checkpoint will exceed the tenant storage quota limit. Before UR8, tenants can create the checkpoint even if the storage quota limit will be exceeded.
    • Ability to configure static network adapter MAC address during operating system deployment
      With Update Rollup 8, we now provide the functionality to configure static network adapter MAC addresses during operating system deployment. If you have ever done Bare Metal provisioning of hosts and ended up having multiple hosts with the same MAC addresses (because of dynamic IP address assignment for network adapters), this could be a real savior for you.
    • Ability to deploy extended Hyper-V Port ACLs
      With Update Rollup 8 for VMM, you can now:

      • Define ACLs and their rules
      • Attach the ACLs created to a VM network, VM subnets, or virtual network adapters
      • Attach the ACL to global settings that apply it to all virtual network adapters
      • View and update ACL rules configured on the virtual network adapter in VMM
      • Delete port ACLs and ACL rules
    • Support for storage space tiering in VMM
      With Update Rollup 8, VMM now provides you the functionality to create file shares with tiers (SSD/HDD).
    • Issue 1
      Creation of Generation 2 VMs fails with error 13206
    • Issue 2
      VMM does not let you set the owner of a hardware profile with an owner name that contains the “$” symbol.
    • Issue 3
      HA VMs with VLAN configured on the network sites of a logical network cannot be migrated from one host to another. Error 26857 is thrown when you try to migrate the VM.
    • Issue 4
      The changes that are made by a tenant administrator (with deploy permissions to a cloud) to the Memory and CPU settings of a VM in the cloud through VMM Console do not stick. To work around this issue, change these settings by using PowerShell.
    • Issue 5
      When a VM is deployed and put on an SMB3 file share that’s hosted on NetApp filer 8.2.3 or later, the VM deployment process leaves a stale session open per VM deployed to the share. When many VMs are deployed by using this process, VM deployment starts to fail as the max limit of the allowed SMB session on the NetApp filer is reached.
    • Issue 6
      VMM hangs because of SQL Server performance issues when you perform VMM day-to-day operations. This issue occurs because of stale entries in the tbl_PCMT_PerfHistory_Raw table. With UR8, new stale entries are not created in the tbl_PCMT_PerfHistory_Raw table. However, the entries that existed before installation of UR8 will continue to exist.
    • Issue 7
      In a deployment with virtualized Fiber Channel adapters, VMM does not update the SMI-S storage provider, and it throws an exception.
    • Issue 8
      For VMs with VHDs that are put on a Scale out File Server (SOFS) over SMB, the Disk Read Speed VM performance counter incorrectly displays zero in the VMM Admin Console. This prevents an enterprise from monitoring its top IOPS consumers.
    • Issue 9
      Dynamic Optimization fails, leaks a transaction, and prevents other jobs from executing. It is blocked on the SQL Server computer until SCVMM is recycled or the offending SPID in SQL is killed.
    • Issue 10
      V2V conversion fails when you try to migrate VMs from ESX host to Hyper-V host if the hard disk size of the VM on the ESX host is very large.
    • Issue 11
      Live migration of VMs in an HNV network takes longer than expected. You may also find pings to the migrating VM are lost. This is because during the live migration, the WNV Policy table is transferred (instead of only delta). Therefore, if the WNV Policy table is too long, the transfer is delayed and may cause VMs to lose connectivity on the new host.
    • Issue 12
      VMM obtains a wrong MAC address while generating the HNV policy in the deployments where F5 Load Balancers are used.
    • Issue 13
      For IBM SVC devices, enabling replication fails in VMM because there is a limitation in SVC in which the name of the consistency group should start with an alphabetical character (error code: 36900). This issue occurs because while enabling replication, VMM generates random strings for naming the “consistency groups” and “relationship” between the source and the target, and these contain alphanumeric characters. Therefore, the first character that’s generated by VMM may be a number, and this breaks the requirement by IBM SVC.
    • Issue 14
      In Update Rollup 6, we included a change that lets customers have a static MAC address even if the network adapter is not connected. This fix did not cover all scenarios correctly, and it triggers an exception when there’s a template with a connected network adapter, and then you later try to edit the static address in order to disconnect the network adapter.
    • Issue 15
      Post Update Rollup 6, as soon as a host goes into legacy mode, it does not come back to eventing for 20 days. Therefore, the VM properties are not refreshed, and no events are received from HyperV for 20 days.This issue occurs because of a change that’s included in UR6 that set the expiry as 20 days for both eventing mode and legacy mode. The legacy refresher, which should ideally run after 2 minutes, now runs after 20 days; and until then, eventing is disabled.Workaround:
      To work around this issue, manually run the legacy refresher by refreshing VM properties.
    • Issue 16
      Post-UR7, deleting a virtual network does not correctly clean up the cluster resources for the Network Virtualization Gateway. This causes the cluster role (cluster group) to go into a failed state when a failover of the HNV gateway cluster role occurs.
  • Windows Azure Pack (KB3096392)
    • Administrators cannot offer and tenants cannot use multiple external IP addresses through a Network Address Translation (NAT) connection.
      Even though Microsoft System Center Virtual Machine Manager (VMM) has functionality to allocate IP addresses for this purpose, the WAP administrator and tenant experiences do not provide such functionality. Administrators can now allocate a set of external IP addresses for tenants to use when you create NAT rules. The administrator can set up the IP address quota through the Administrator Portal virtual machine (VM) extension.
    • Tenants can create only one checkpoint per virtual machine.
      Administrators can create plans that include quotas that let tenants create multiple VM checkpoints.
    • An unexpected exception is generated by the PowerShell command “Get-MgmtSvcSqlDatabase.”
      The command Get-MgmtSvcSqlDatabase does not retrieve SQL database information. The following examples return exception “Object reference not set to an instance of an object”:

      • Get-MgmtSvcSqlDatabase -AdminUri $AdminUri -Token $Token -HostingServerId “someid” -DisableCertificateValidation
      • Get-MgmtSvcSqlDatabase -AdminUri $AdminUri -Token $Token -HostingServerId $hostserver.ServerId -Name “somename” -DisableCertificateValidation
      • Get-MgmtSvcSqlDatabase -AdminUri $AdminUri -Token $Token -HostingServerId ” someserverid” -Name “datatest” -DisableCertificateValidation
    • An unexpected exception is generated by the PowerShell command “Remove-MgmtSvcMySqlHostingServer.” 
      This command fails with the exception “Index (zero-based) must be greater than or equal to zero and less than the size of the argument list” when you run statements such as the following:

      • Remove-MgmtSvcMySqlHostingServer -AdminUri $AdminUri -Token $Token -HostingServerId $HostServer[0].ServerId -DisableCertificateValidation
      • Remove-MgmtSvcMySqlHostingServer -AdminUri $AdminUri -Token $Token -HostingServerId “someserverid” -DisableCertificateValidation
    • When you create a virtual machine through the Tenant Portal, the menu dropdown boxes are not sorted.
      When a tenant tries to create a VM and the list of items is larger than some items, it becomes very difficult to find the necessary machine image or template.
    • Attaching ISOs in a generation 2 (gen 2) VM fails after three or four attach or detach operations.
      The attach and detach operations on ISO disks and VM gen 2 allocate adapters never releases the adapters for reuse.After you apply this update, detaching the disk adapter enables the adapter to be reused again.

This Update Rollup is one of the bigger one Microsoft released in terms of Azure Pack IaaS Scenarios. This update brings several great improvements to the implementation of Checkpoints and Network Virtualization. Update Rollup 8 finally bringing end to end support for multiple external IP Addresses for the NVGRE Gateways inside WAP as well as VMM. Also better support for Checkpoints on Hyper-V in the WAP Portal as well as VMM.

As always, before you deploy an update rollup in production, make sure, you have tested it in your test or lab environment.



Microsoft TechNet Seminar

Speaking about What’s new in Windows Server 2016 at free Microsoft TechNet events

Microsoft today released some dates for the upcoming free TechNet events for IT-Pros in Switzerland. The events are focused on different Microsoft Technologies such as Windows 10, Microsoft Azure, System Center, Cloud OS, Windows Server, Office and many more. Together with Marcel Zehner (itnetX & Microsoft MVP) and Michael Rüefli (itnetX & Microsoft MVP) I will present about the new features in Windows Server 2016, Hyper-V, System Center 2016 and Operations Management Suite.

If you want to know about the latest an greatest check out the free events in Wallisellen at Microsoft Switzerland

16.09.2015 - Windows Server 2016, System Center 2016, Operations Management Suite - Was ist neu?

An der Microsoft Ignite 2015 in Chicago wurde die zweite Technical Preview von Windows Server 2016 und System Center 2016 veröffentlicht. Im Rahmen des Technet Seminars präsentieren wir einen ersten Überblick über die Erneuerungen im Betriebssystem sowie im Management Bereich. In diesem Seminar wird intensiv auf die Schwerpunkte Virtualisierung mit Hyper-V, Storage, Datacenter & Cloud Management eingegangen und Ihnen das Neuste auf Basis von Microsoft Technologie vorgestellt inklusive vieler Live-Demos. Nutzen Sie diese Gelegenheit! Besuchen Sie uns in Wallisellen und informieren sich über die künftigen Möglichkeiten von Windows Server und System Center. Der Anlass ist wie immer kostenlos.

25.11.2015 - Windows Server 2016, System Center 2016, Operations Management Suite - Was ist neu?

An der Microsoft Ignite 2015 in Chicago wurde die zweite Technical Preview von Windows Server 2016 und System Center 2016 veröffentlicht. Im Rahmen des Technet Seminars präsentieren wir einen ersten Überblick über die Erneuerungen im Betriebssystem sowie im Management Bereich. In diesem Seminar wird intensiv auf die Schwerpunkte Virtualisierung mit Hyper-V, Storage, Datacenter & Cloud Management eingegangen und Ihnen das Neuste auf Basis von Microsoft Technologie vorgestellt inklusive vieler Live-Demos. Nutzen Sie diese Gelegenheit! Besuchen Sie uns in Wallisellen und informieren sich über die künftigen Möglichkeiten von Windows Server und System Center. Der Anlass ist wie immer kostenlos.



System Center Universe Europe

Speaking at System Center Universe Europe 2015

I already had twice the honor to speak at System Center Universe Europe, the first time at SCU Europe 2013 in Bern and the second time at SCU Europe 2014 in Basel. As I mentioned in a blog post a couple of months ago, System Center Universe Europe 2015 is just around the corner and you still can get tickets!

At SCU Europe 2015 I have again the great honor to speak together with some other great community leaders about the Microsoft Cloud and Datacenter solutions.

My Sessions at SCU Europe 2015:

Nano Server the next generation of Cloud Server in your datacenter

In this session we will walk you through how Nano Server is changing the fundamental way we look at fabric Servers and workloads. Nano Server will change the way we build servers and solve fundamental challenges which we have encountered over the pact years embracing cloud fundamentals. Speaking together with Kristian Nese (Microsoft MVP)

What’s new in Windows Server 2016 for Hyper-V

With Windows Server 2016 Microsoft adds again exiting features to its Virtualization Platform. Learn in this session what Shielded VMs, Rolling Cluster Upgrades, Storage Spaces Direct, Hyper converged, PowerShell Direct, Windows Containers, and much more is and how you can profit from these new technologies. Speaking together with Carsten Rachfahl (Microsoft MVP)

Azure Site Recovery, 365 days later

Disaster Recovery, everyone talks about it – everyone claims they have it! But does it really work as expected?! Join us in the session about Azure Site Recovery, the business continuity service from Microsoft for all cloud platforms, on-premise – service providers – public cloud. You will learn how your company or customers can use ASR in their datacenter and which new scenarios have been added in the last 365 days, since we presented this topic at SCU 2014. Speaking together with Michel Lüscher (Microsoft)

There are a lot of other great sessions as well, so make sure you get your ticket!