Category: Hyper-V

It’s been a while since I’ve written any documents for my blog.  I was asked to do some stuff for the company web site so I’ve written a couple of documents.  The first is on the Microsoft Virtualisation Strategy.  I talk about how MS views virtualisation as being many things, e.g. Hyper-V/server virtualisation is just one aspect of the solution.  I also discuss what makes the MS approach different: management.

On a related note, there’s also a document on Cloud Computing and Software-as-a-Service.  Organisations are tired of becoming accidental IT firms, e.g. they buy a CRM solution and end up managing servers, racks, power, UPS, fire suppression, databases, networking, etc.  They just wanted a business solution.  SaaS gives them that solution.  It’s also good for the software developers/server providers because it simplifies product ownership and increases customer retention.  Cloud Computing is the delivery mechanism for SaaS.  And virtualisation is a core component of Cloud Computing because it breaks the link between services and hardware/geographic location.  Microsoft’s managed virtualisation gives us Managed Cloud Computing thanks to the all-seeing and all-knowing single pane of glass, Microsoft System Center.

I’ve wondered this myself.  Afterall, isn’t i just an empty file?  The Virtual PC guy explains how and why MS ensures that it really is an empty file.

Most administrators don’t know or care about the real cost of servers: power.  A single server’s cost is much more than what you pay to Dell or HP.  The power alone massively outweighs the purchase cost.  It’s said a typical server has the carbon footprint of a car.  It’s inevitable that we’re going to see carbon taxes hitting businesses now.  Cloud computing/Software-as-a-Service mightn’t be for everyone so they need a solution.  Cloud providers also need a solution to power issues because the biggest cost they have to pass on to customers is electricity.

I found this commentary by Chris Wolf talking about an experimental feature that was included in VMware VI3.5.  This feature called Distributed Power Management (DPM) is an interesting one – one which had me nearly swinging towards VMware instead of Hyper-V.  Virtual Center monitors the usage of host resources by VM’s and using DRA and memory over-subscription it will consolidate VM’s to fewer hosts.  This allows idle hosts to be powered down or suspended.  When resource consumption grows the required idle hosts are powered back up using WOL.  VM’s can be migrated using VMotion to ensure they get the CPU and RAM (probably IO as well) resources that they need.

The commentary talks about how people are wary of powering down/up production servers.  That’s fair enough.  In my opinion however, that’s the wrong way to look at this.  The production servers are the VM’s.  In this scenario the VM’s are never powered down.  They’re offline for a few milliseconds as the VMotion across the cluster, something that VMware customers are well used to now. 

The hosts are just physical resources.  The hardware is just an enabling layer like electricity or network when you’re dealing with virtualisation.  And just like those utilities there’s fault tolerance at this layer – or there should be.  In a network that could realistically use DPM to save power there will be significant numbers of hosts.  They should be dealing with at least N+1 the number of hosts that they require, maybe even N+2.  So what happens if there’s an occasional hardware failure?  If you run an enterprise network then the hardware should be monitored and any faults will be responded to immediately.

Microsoft are currently taking a different approach to the power issue when it comes to Windows Server 2008 R2 – and logically Hyper-V.  MS are using Core and CPU Parking.  The server monitors the demand on the CPU cores every X milliseconds.  When a core is idle it is suspended, thus reducing it’s power consumption.   The CPU core is the major draw on power in a server.  It’s also the generator of heat and cooling that heat is another major draw on power.  Suspending idle Cores reduces both of those power demands.  If a Core is required then it is snapped back online.  The trick is in defining appropriate idle windows – you don’t want to suspend at millisecond 1 and find you’re always bringing it back online at millisecond 2.  That’s wasteful.  When all cores in a CPU are idle then the CPU is parked, thus saving more power.

I was at a power meeting/interview session with MS at TechEd EMEA and I brought up the VMware DPM approach.  I don’t know if it’s something MS will look at or not.  I hope they do look at it for the next release after Windows Server 2008 R2.  Right now, I have to applaud VMware for trying to do something.  They do see the hardware as just an enabling layer, not the production servers.  I think that’s the right point of view to take.  When DPM does go live I can see it saving VMware customers a good bit of money.

This article explains how to balance I/O between VM’s on hosts that are saturated.  It’s a last resort action to resolve the issue.  Ideally you’ll be balancing your workload across a cluster, e.g. OpsMgr detects a peak load, your storage PRO tips detect the culprit and VMM 2008 balances the workload across the Hyper-V cluster.  However, that won’t work if you don’t have a cluster so using these registry edits might be necessary.

Jose Barreto has listed all of the publicly available updates for Hyper-V including the RTM.  You could selectively apply them if they are applicable to your servers.  For future builds, here’s what I’m going to do:

• I’ve got a WDS captured WIM image of my Hyper-V build.  This has everything done before enabling the Hyper-V role.  It includes the RTM release of Hyper-V.
• I’ll download the updates.
• I’ll slipstream the updates to my WIM build and to the WIM’s from the installation media that are on my WDS server.  That future proofs any new builds.

The result will be that any newly built Hyper-V hosts will have all of the updates in place.

I freed up a server after using VMM 2008 P2V so that gave me a machine to play with for a short while before it’s sent back into production.  I decided to installed Hyper-V Server 2008 to see if this free product would be something worth considering for us in limited production roles.

The install is easy and quick.  It’s just like installing a Core installation – heck, that’s what it is really.  When you log in you get two command prompts instead of one.  The second is a CMD based wizard.  That makes configuring the box a breeze.  I really hope the Core guys look at this, copy it and make it available to the standard Core installation as a free download (or in SP2).

We run HP machines so that requires installing the Proliant Support Pack for hardware management. Unfortunately, that’s where we hit the problems I had before with Core installation.  HP still haven’t caught up with Core.  We need a way to use their management tools from the command prompt – NO I DON’T WANT TO LEARN ANOTHER SCRIPTING LANGUAGE.

When I get a chance I want to try manage this box using System Center OpsMgr and VMM 2008 to see what happens.

I could see from my blog statistics that there was a lot of interest in managing workgroup hosts using VMM 2008.  The hosts that I manage are in our management network forest so that makes things pretty simple.  However, I just hit a scenario where I might prefer to run workgroup hosts or hosts in an un-trusted domain/forest.

It’s a solution that is possible.  A little judicious searching dug up pages on TechNet that gives the host requirements and the step-by-steps.  Here’s a summary:

• Identify the ports used by your installation of VMM 2008.  You’ll need to open these on the firewall (host outbound and/or network) and enter them on the manual agent installation.
• Get the IP address of the host.  You’ll either need to add this to the un-trusted network’s DNS or enter it in the manual installation.  You might consider using the local hosts file too (more work).
• Manually install the agent by running setup.exe.
• Choose a local agent installation.
• You can accept the default ports if that’s what you used when installing VMM 2008 or enter non-default ones if that’s what you used.
• On the security folder page, choose "This host is on a perimeter network", even if it isn’t.  This is for workgroup solutions too.
• Enter and confirm the encryption key.  You’ll want to record this for when you add the host to VMM.
• Enter the name/IP address of the VMM server.  If you use the name of the VMM server then ensure it can resolve correctly.  This requires either DNS or an updated local hosts file.
• Copy %SystemRoot%Program FilesMicrosoft System Center Virtual Machine Manager 2008SecurityFile.txt to a location accesible on the VMM server for when you add the host machine.  You’ll need it to add the host.

Now, add the "perimeter" host on the VMM server.  Use the recorded encryption key and the security file.  Fire up the add host wizard.  Enter the encryption key and the location of the security file as required.

I’d recommend having a separate group for these hosts but that all depends on your security and administration models.  You need to create these folders before starting the wizard.

Microsoft has released a second version of the Offline Virtual Machine Servicing Tool.  This tool allows you to apply security patches to virtual machines that are not running.  This new version adds support for:

• Hyper-V
• Virtual Machine Manager 2008
• Windows Server 2008
• ConfigMgr 2007 SP1
• ConfigMgr 2007 R2
• WSUS 3.0 SP1

This solution allows you to secure your templates in you libraries or powered off-virtual machines.  This mitigates the risks associated with:

• Deploying templates that are likely otherwise out of date and insecure.  It takes a lot of time to manually deploy a template machine, update it and convert it back to a template again.  This solution automates the process.
• Some machines that are virtualised don’t get powered up very often.  This means that they are a risk to power up on the network if they have missed security updates.  Offline servicing allows you to automatically resolve this issue.

This product works with VMM 2007 (for Virtual Server only) and VMM 2008.  You can download it from here.

EDIT:

I talked about using this to work with sysprepped images.  I’ve done some reading and this does not appear to be one of the scenarios where the offline servicing tool works.  How does it work?  It moves an offline machine from the library to a host.  The updates are applied and then the machine is shut down before being returned to the library.  It is clear that this is only to be used on VM’s that are rarely occasionally powered up and are kept in the library when not deployed.

This page has a collection of useful links for installing and managing Hyper-V.

I’ve used a "security server" running DL360’s with WSUS and AV in several jobs now.  They’re great candidates for virtualisation so the security server at work was my first target to convert to a virtual machine, thus freeing up some h/w for profit making.

The P2V process of VMM 2008 is pretty easy.  I found no fault with it.  However, I did have some problems that were non-VMM 2008 related.

The VM would hang on boot up.  I got it into safe mode and disabled the HP services.  They were trying to access hardware that didn’t exist.  Ideally you would uninstall this stuff before P2V but I needed to keep the physical machine online until the virtual was ready.

Once the VM was ready I installed the integration components in VMM 2008.  I fired up the VM and tried to log in … uh oh!  It needed to be reactivated.  Luckily I’d put the machine on a test network with Internet access so that was done.  Then I had a service failure pop-up.  The event log showed that was OK, the server was looking for the domain and not finding it … it’s still on the test network while the physical machine is still providing services.

Now the killer.  I got a pop up about WMIPRVSE failing.  That repeated 9 times when I closed it.  I also had dozens of WINMGMT errors in the application log.  To troubleshoot I made a checkpoint and started googling and trying things out.  In the end here’s what it came down to:

• Uninstall anything related to HP.
• Edit the registry and searched for anything to do with HPWBEM.  I deleted the relevant keys/values.  Some needed to be edited instead of deleted.  This took ages!
• Searched for HP services in CurrentControlSetServices.  They weren’t removed by uninstall’s.
• Rebooted
• Removed HP folders from Program Files.
• Uninstalled the OpsMgr agent (I wasn’t taking chances now – because I was still getting the error after reboots).
• Removed the ATI driver which I’d forgotten to remove.
• I reset the WMI repository.
• After a reboot the WMI errors disappeared.

As I said, the P2V worked perfectly.  Any problems were related to the HP software, e.g. not uninstalling correctly.  There seemed to be loads that needed to be done.  I’d tried lots of combinations in various attempts by restoring the checkpoint.  Looking back on it, I doubt the OpsMgr agent was a factor but I removed it anyway in case it was doing some heavy WMI stuff that was no longer applicable.

CAUTION: Edit the registry at your own risk.  I’m not recommending it.  It’s just what I did to solve my problem.  If you screw up your server then it’s your problem, not mine.