vTPM in Windows Server 2016 Hyper-V

It`s good to see that there are great security enhancements in the upcoming version of Hyper-V. Containers bring great isoloation for our applications in terms of performance and security.

One another great enhancement is vTPM on Hyper-V. When you enable Hyper-V on Windows Server 2016 or Windows 10, you will see a new security device under Device Manager.

vTPM

 

As you may know, Microsoft is using TPM to provide hardware level security for your operating system. TPM is just a chip generally on your motherboard and includes encryption keys in order to create crytographic keys. That allows Bitlocker to use TPM and help to protect Windows OS even it`s stolen or lost..

With the upcoming feature vTPM, now we have same level of security in Virtual Machines. Our VMs can leverage TPM and can be protected by Bitlocker. That means, you don`t need to worry about if someone just gets your VHD and import it into another Hyper-V server. It won`t work..

What about Live migration? According the announcement Live migration will work as usual and traffic will be encrypted.

Read More

I have a dream..Consolidated Multi-Hypervisor Management Solution

Martin-Luther-King-I-have-a-dream_0

 

 

I have a dream that one day we will be able to manage cross virtualization platforms/cloud types/datacenters through a single pane of glass.

 

I recently blogged about System Center 2012 R2 Virtual Machine Manager UR6 details. One of the features shipped with UR6 was the ability to manage Microsoft Azure VMs from same VMM console. That`s really great if we are talking about a real hybrid cloud solution. I will not start to compare hypervisors or cloud vendors here. I believe diversity makes us better, stronger. No matter which Hypervisor or Cloud solution you have, upper management requires an ROI and you need to leverage your investment. I do not have luxury to tell you “Hyper-V is better, at least we have same feature set with VMware, let`s drop all your infrastructure and build from scratch with Hyper-V” ….No way..

But even you have some investment on VMWare, you may have some workloads on Microsoft Azure as well. Virtual Machines, Azure Site Recovery, Azure Backup or on-premise Hyper-V VMs for test&development purposes.

People are usually maintaining their current investment in its main hypervisor platform and then starting to onboard additional hypervisors for different purposes (cost, DR flexibility, Public cloud integration etc)

See also below blog post from Chris Wolf:

http://blogs.gartner.com/chris-wolf/2012/12/11/heterogeneous-virtualization-trends-at-gartner-data-center/

In this poll, %29 indicated that they are planning to have multi-Hypervisor for production server applications that require DR.

Poll also shows that primary driver for choosing single Hypervisor is DR simplicity. I strongly agree with that. Today we are just talking about management side of having multi-hypervisors. But another challenge is to store applications across different Hypervisors that requires Disaster Recovery.

At MSIgnite2015, VMM team announced additional features come with UR6. For me, one of the most exciting was initial management of VMWare 5.5. Below some management operations that you can achieve with UR6:

  • Add VCenter and ESX Hosts
  • Create VMWare VM Template with basic networking
  • Create VMs from templates
  • Perform VM lifecycle operations on VM
  • Start, stop, shutdown, repair, refresh, checkpoint
  • Connect to VM using console
  • Delete VMs
  • Create Resource Pool and bring under management.

I know these are really initial capabilities when you compare with VMware. There are still vast majority of features need to be added.

But if you see the big picture and read following blogs, you also may dream about to have a unified single management solution across different clouds, datacenters, hypervisors.

Hitachi LPAR – Intel Nested Virtualization Support:

http://blogs.hds.com/hu/2014/09/hitachi-lpars-provide-safe-multi-tenant-cloud-with-intel-e5v3.html

Hyper-V Nested Virtualization Support Announced:

http://www.hyper-v.nu/archives/hvredevoort/2015/05/nested-hypervisor-in-windows-server-vnext/

VMM UR6 Azure VM Management:

http://anilerduran.com/one-more-step-to-hybrid-cloud-scvmm-2012r2-ur6/

Who knows, If you are good enough you can see “The Smurfs” as well.

Read More

The Power of Automation

 

IT automation has always been one of the most important goal of IT managers to make their organization run efficiently. Automation simply ensures that all resources will be allocated according to business needs dynamically.

Hu wrote a post on HDS community where he talked about typical break down of IT budgets.

https://community.hds.com/community/innovation-center/hus-place/blog/2015/04/23/software-defined-infrastructure-enables-greater-innovation-in-it

 

ITSpending

I also found another diagram on Gartner`s IT metrics report that shows us organizations are spending %66 of their time and budget to just “run the business”

Gartner IT Metric Report

These two diagrams simply show us that in order to grow and transform our business we should focus on innovation and reduce time/money spending on operating. That’s obviously not an easy task to achieve and can only be possible if your infrastructure is flexible and adaptable for these changes.

Couple of years ago, it was a straightforward task for IT administrators to manage/operate less data, servers, and applications. But now, every single minute hundreds of terabytes of data are flowing from “things” to our systems. Since IoT concept will be an enabler to different domains including logistic, transportation, automotive, healthcare and smart cities, in the near future every single “thing” will be sensor attached and connected to the internet/cloud. Analysts expect that 50 to 100 billion devices will be connected to the Internet by 2020.

IT administrators should handle not only this huge amount of data but also underlying components such as storage, network, servers, applications, hypervisors so on.

Unfortunately without having a true software-defined infrastructure approach, managing, maintaining or innovating could be impossible.

As my colleagues Paul Meehan and Paula Phipps mention, to design a software-defined infrastructure approach, we can use three A`s

Automation: 29% of IT time is spent on tedious tasks. 39% of IT outages are due to human error. Hitachi midrange VSP family eliminates tedious manual tasks, reduces errors and lets administrators focus on revenue-generating activities.

Access: Access more data and solve real-world problems

Abstraction: Provide more services faster with more flexibility to support a diverse set of applications.

Couple of years ago I was involved in a project. Customer was working for government and had very sensitive public IIS web sites. Development team was developing updates every two weeks and sending MSI update package to Operations team. This team was responsible to achieve following actions:

  • RDP to different DMZ servers. All servers were belong to different forests therefore they need to use different credential for each server.
  • Copy MSI package to servers, unzip it (No check if MSI damaged/working or not)
  • Call network team and ask them to disable pool member on Load Balancer
  • For each web site, stop IIS service, change webconfig file, install MSI (no check if its installed or not, no check on event viewer or log files)
  • Start IIS service
  • Call network team to revert back configuration
  • Connect another IIS web site….

Operation team was spending around one or two days to update all web servers in production.

But I think time was not the main problem. The main problem was human errors. According the researches, most of the storage, server or service outages are caused by human errors. For the above scenario, if operation guy changes wrong line in webconfig or network guy removes wrong pool member, production environment will have service outage.

However, as using a correct automation method, organizations can easily reduce these statistics and save more money/time.   Remember the first “A” – Automation.

Microsoft is investing in automating, enabling the use of different automation solutions such as PowerShell, System Center Orchestrator and Service Management Automation. These automation solutions can be used to automate not only Microsoft workloads but also cross-platform Linux workloads, Network and Storage solutions.

I believe PowerShell is one of the most important initiatives by Microsoft in recent years. It`s a scripting language with an easy syntax and developed for System administrators. Almost all of the new Microsoft products, on-premise or Azure based, have native Windows PowerShell support.

Orchestrator is the new version of Opalis, acquired by Microsoft in 2009. It`s a process automation solution and comes with System Center suite. If you are using Virtual Machine Manager or Operations Manager you already have an IT Process Automation solution as well. Simple dashboard, drag&drop workflow design. You can also use .NET Script activity to run PowerShell scripts in workflows.

And Service Management Automation built-on PowerShell workflows. It`s a web based process automation tool designed to work with Windows Azure Pack, local version of Microsoft Azure in your datacenter. It allows you to build SMA workflows to create, monitor, deploy and manage resources in your private cloud environment.

When it comes to Software-Defined Infrastructure and Automation, Hitachi offers a wide range of solutions.  The Hitachi midrange VSP family provides the foundation for software-defined infrastructures by making automation and abstraction easy with an integrated portfolio of infrastructure automation and virtualization software.

If you are using Hitachi`s converged solution, you already know that how it simplifies management of private cloud and data center environments. You can also combine Microsoft System Center / Windows Azure Pack suite with UCP and it enables an end-to-end Private Cloud platform with self-service / orchestration / automation capabilities.

http://www.hds.com/solutions/virtualization/microsoft-hyper-v/hitachi-ucp-for-microsoft/

This solution automates the management of servers, networking components and storage using UCP Director, System Center and Microsoft adaptors.

Hitachi integrates with Microsoft applications to create a unified automation/management solution for Microsoft environments.

These are the available adaptors provided by Hitachi:

  • Hitachi Infrastructure Adapter for Microsoft System Center Operations Manager
  • Hitachi Adapter for Microsoft System Center Virtual Machine Manager
  • Hitachi Storage Adapter for Microsoft System Center Orchestrator
  • Hitachi Storage Adapter for Microsoft® SQL Server Remote BLOB Storage
  • Hitachi Storage Adapter for Microsoft Windows PowerShell
  • Hitachi Storage Adapter for Microsoft Volume ShadowCopy Service

Especially adapters for PowerShell and Orchestrator enables you to automate and orchestrate processes using together Hitachi and Microsoft solutions.

Hitachi Storage Adapter for Microsoft Windows PowerShell allows Hitachi storage administrators to use PowerShell cmdlets on Hitachi storage systems. Using cmdlets, administrators can create scripts to automate complex tasks.

Hitachi Storage Adapter for Microsoft Windows PowerShell

Using Hitachi Storage Adapter for Microsoft System Center Orchestrator you can easily extend the capabilities of System Center Orchestrator.

Hitachi Storage Adapter for Microsoft System Center Orchestrator

This plug-in provides:

  • Storage management and Hitachi NAS (HNSA) support
  • Virtualized storage management
  • Hitachi Content Platform (HCP) management

Each activity uses built-in PowerShell processes to run on remote server and allows you to create workflows/Runbooks to automate complex tasks in your datacenter.

It`s really good to see how two different vendor come together and built a complete management and automation solution. One more time hats-off to Hitachi engineers. They created really valuable plugins and integrations with Microsoft/System Center suite. These adaptors combines the power of Hitachi performance, reliability and agility with the productivity of Microsoft solutions.

Read More

Linux Integration Services Version 4.0 for Hyper-V

Microsoft continues to invest in cross-platform. A new version of LIS (Linux Integration Services) has been published and brings following features:

http://www.microsoft.com/en-us/download/details.aspx?id=46842&WT.mc_id=rss_alldownloads_all

  • Driver support: Linux Integration Services supports the network controller and the IDE and SCSI storage controllers that were developed specifically for Hyper-V.
  • Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.
  • Time Keeping: The clock inside the virtual machine will remain accurate by synchronizing to the clock on the virtualization server via Timesync service, and with the help of the pluggable time source device.
  • Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager by using the “Shut down” command.
  • Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use multiple virtual processors per virtual machine. The actual number of virtual processors that can be allocated to a virtual machine is only limited by the underlying hypervisor.
  • Heartbeat: This feature allows the virtualization server to detect whether the virtual machine is running and responsive.
  • KVP (Key Value Pair) Exchange: Information about the running Linux virtual machine can be obtained by using the Key Value Pair exchange functionality on the Windows Server 2008 virtualization server.
  • Integrated Mouse Support: Linux Integration Services provides full mouse support for Linux guest virtual machines.
  • Live Migration: Linux virtual machines can undergo live migration for load balancing purposes.
  • Jumbo Frames: Linux virtual machines can be configured to use Ethernet frames with more than 1500 bytes of payload.
  • VLAN tagging and trunking: Administrators can attach single or multiple VLAN ids to synthetic network adapters.
  • Static IP Injection: Allows migration of Linux virtual machines with static IP addresses.
  • Linux VHDX resize: Allows dynamic resizing of VHDX storage attached to a Linux virtual machine.
  • Synthetic Fibre Channel Support: Linux virtual machines can natively access high performance SAN networks.
  • Live Linux virtual machine backup support: Facilitates zero downtime backup of running Linux virtual machines.
  • Dynamic memory ballooning support: Improves Linux virtual machine density for a given Hyper-V host.
  • Synthetic video device support: Provides improved graphics performance for Linux virtual machines.
  • PAE kernel support: Provides drivers that are compatible with PAE enabled Linux virtual machines.

All these features will be available if using supported Linux/FreeBSD VMs. For a list see:

http://technet.microsoft.com/library/dn531030.aspx

 

Read More

One more step to Hybrid Cloud – SCVMM 2012R2 UR6

Microsoft team just announced Update Rollup 6 for System Center 2012 R2 Virtual Machine Manager. This time Microsoft has incorporated requests from customer feedbacks and brought two great features. Gen 2 Support for VMM Service Templates and ability to manage Microsoft Azure VMSs directly from VMM console.

Let`s talk about why these 2 updates are so important.

Generation 2 VMs were announced as a new type of virtual machines in Windows Server 2012 R2. Using Gen2 VMS, you have great benefits such as booting from SCSI attached storage, eliminating legacy networking, larger volume sizes, secure boot features so on. Gen 2 VMs also use UEFI firmware. As you may notice many of these advantages are patently exciting.

However, after you dig far into Generation 2 VMs, you will notice that there is lack of compatibility issue with VMM service templates.  Therefore if you want to deploy “IT services” using VMM Service template which is suggested method, you will get an error regarding compatibility.

This is why, UR6 VMM Service Template support for Gen 2 VMs is important.

Secondly, I like the idea of Microsoft`s Hybrid Cloud approach. Enterprises are looking ways to get full potential of all different cloud types they require to be competitive in market. Microsoft plays a significant role when it comes to a consistent platform for different customers and different needs. Microsoft is single cloud player that offers same consistent platform for customers, consumers and service providers.

Microsoft also invested the idea of Hybrid Cloud in past years. As a virtualization manager, you may have investments in your local datacenter and you may be using  a virtualization fabric management solution like Virtual Machine Manager to manage Hyper-V or different hypervisors. You may also have some workloads on public cloud as well (Azure). Before UR6, to manage local VMs and fabric you had to use Virtual Machine Manager console. To manage your Azure virtual machines, options were browser, PowerShell, Rest Api etc

VMM UR6 brings a new capability into VMM to manage all Virtual Machines from your local datacenter or Azure Infrastructure Services. In one single cloud management portal, you will have a great control of your infrastructure services from Private or Public cloud services.

If you want to know more about these features, checkout below video, Matt McSpirit and Jonobie Ford are discussing some of what`s coming up with UR6.

Read More

SCOM 2012 Agent Troubleshooting Adımları

SCOM 2012 agent kurulumu sırasında alınan sık hatalardan birisi de admin$ paylaşımına erişilememesidir. Bu sebeple Management Server ilgili istemciye ulaşıp ajan kurulum paketlerini kopyalayamaz. Paralelde Wİndows Remote Registry’e ulaşımda da problem olacağı için Health Service kurulumunda sıkıntı olacaktır.

Bunun için gerekli ilk kontrollerden birisi Management Server ve istemci bilgisayar arasında aşağıdaki portların açık olması gerekiyor.

  • RPC endpoint mapper Port number: 135 Protocol: TCP/UDP
  • *RPC/DCOM High ports (2000/2003 OS) Ports 1024-5000 Protocol: TCP/UDP
  • *RPC/DCOM High ports (2008 OS) Ports 49152-65535 Protocol: TCP/UDP
  • NetBIOS name service Port number: 137 Protocol: TCP/UDP
  • NetBIOS session service Port number: 139 Protocol: TCP/UDP
  • SMB over IP Port number: 445 Protocol: TCP
  • MOM Channel Port number: 5723 Protocol: TCP/UDP

Aynı zamanda hedef bilgisayardaki aşağıdaki servislerin çalışıyor durumda olması gerekiyor:

  • Netlogon
  • Remote Registry
  • Windows Installer
  • Automatic Updates

Read More