A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on …
I just stumbled upon a very high level document on Windows Server 2008 R2 Hyper-V, featuring Live Migration. It’ll be useful to newbies to Hyper-V and those wanting to learn a bit about Live Migration. However, if you’re a tech and need to present to your boss, this might not be a bad start.
This rollup package for VMM was released by Microsoft last night. It is made available via Windows Update. It contains a number of fixes:
Issue 1
Consider the following scenario:
In this scenario, the user cannot connect to the virtual machine by using the Self-Service Portal.
Issue 2
Consider the following scenario:
In this scenario, the virtual machine does not migrate to another node that is in the cluster by using Quick Migration or Live Migration after Quick Storage Migration is used.
Issue 3
VMware virtual machines are not listed in the Virtual Machine Manager console if there are duplicate custom named tags in VMware Virtual Center.
Issue 4
Consider the following scenario:
In this scenario, the user is not added or removed from the Self-Service User role because the create virtual machine job is running.
This rollup also includes the resolutions that are documented in the following article for a Virtual Machine Manager 2008 R2 hotfix rollup package KB976244.
Thanks to fellow MVP Артём Александрович Проничкин for the heads up.
Microsoft released the RC (pre-RTM) of System Center Data Protection Manager (DPM) 2010, Microsoft’s backup solution. As I mentioned last week, DPM 2010 includes lots of new features to simplify backups using Microsoft’s solution. That would be the one criticism of the MS solution; 3rd party solutions seem to make it easier for the admin.
The thing that Hyper-V administrators will be eager to get their hands on when it RTM’s is the ability to backup VM’s at the host level when the VM’s are stored on a Cluster Shared Volume (CSV).
There is a MS webcast video on DPM 2010 here. You can download the release candidate from Connect.
By the way, when I posted about the security fix for Hyper-V last night, I should have mentioned that it was the first such on for the hypervisor itself in the 18 or so months since it RTM’d in Windows Server 2008. Not bad!
There’s some debate about how important it is. Basically, if someone can log into a VM running on a host and has admin rights in that VM, then they can run a DOS attack on the hypervisor on that host. Most scenarios will probably be safe enough.
I would guess that most companies that deployed virtualisation are running it for internal server virtualisation purposes. The people who log into those machines are trusted administrators and extremely unlikely to go postal.
Funny phrase that. I once worked with a guy who was the son of post employees and he didn’t know what it meant. He got highly offended!
Virtualised “terminal services”, or to put it correctly using the current phrase, Remote Desktop Services Session Hosts *gasps for air*, will likely only have users logging in with limited rights so they will be safe.
Some VDI implementations will have users logging in with administrative rights. That means that they are vulnerable. And those operating cloud services (server hosting) based on Hyper-V are vulnerable. Those operating private clouds with large numbers of unknown administrators also face a risk. It’s inevitable that someone will write an attack script/program for this.
I fall into one of those vulnerable scenarios so our normal patching process was put to one side today. The update was approved in WSUS for all groups, not just our testing group. Using Operations Manager and VMM we put clustered hosts into maintenance mode. This allows VMM to use Live Migration to move VM’s from the host that will be worked on to another host. If you don’t have VMM then you need to Live Migrate each of the VM’s, one by one. OpsMgr maintenance mode prevents false alarms. This is done in turn with all hosts in the cluster. No customers have down time and the security fix gets deployed. Nice and tidy.
Darren Doyle, who is from the same small home town as me, is now on Microsoft’s “Software for Students” blog. Last year he worked in Microsoft’s DPE team as a college intern. We met up and figured out that we were from the same area. Well done @darrendoyle.
One of the patches released by Microsoft is a critical security fix for Hyper-V. It affects all installation types on both Windows Server 2008 and Windows Server 2008 R2.
“This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users”.
Basically, if a person has rights to log into a VM hosted on a vulnerable server, then they could cause a Denial-of-Service (DOS) attack.
The update is supplied via Windows Update. Check your updates either on the host, Configuration Manager, WSUS or whatever your update service is.
I’ll be pushing it out first thing tomorrow morning. Live Migration with VMM 2008 R2 maintenance mode makes it really easy to update clustered hosts. Standalone hosts will have some downtime for their VM’s. Most VM’s will be set up to go into a saved state when the host shuts down. That limits interruption to them in a way.
I’m looking at maybe doing some VMware labs with VMM at home in the future. My worry was hardware. We know we can run Hyper-V on just about any machine (the h/w requirements are pretty basic). It runs nicely on my Dell Latitude E6500. But ESXi and ESX have a pretty limited HCL and my old white boxes probably don’t fall into it. I don’t want to waste money on PC’s.
So I did a little searching and it seems like there is a solution. You can run ESX and ESXi in VMware Workstation. You can get a trial of Workstation for any temporary lab work and run VMware in there. Add another VM and you can run the VMware management.
All you need do now is point your lab VMM server at them and take control.
I’d normally post this one in the evening after work but it is a limited time offer. I just got an email and the contents were:
“Partition Manager 10 for Virtual Machines is out.
Now all IT administrators have a great chance to have Partition Manager 10 for Virtual Machines for FREE – currently we’re announcing this giveaway for up to 5000 copies.
It is a special version of our Linux/DOS bootable environment that contains fully functional Paragon Partition Manager 10 Professional. It is optimized to work with virtual disks of any virtualization software vendor √ backup/restore virtualized systems, re-partition and clone virtual disks, fix boot problems, optimize performance of NTFS and FAT file systems, etc.
The software and user manual can be downloaded from here.
Please, note that it requires registration”.
It is for non-commercial use only.
Jeff Wettlaufer recorded a cool (and short) video where he demonstrates how Intel vPro can make a helpdesk administrator’s job a lot easier and more efficient when combined with System Center Configuration Manager. It includes demonstrations of power control over the LAN and wifi, and remote BIOS access.
It was announced that Europe’s first industry organisation in the Software-as-a-Service and Cloud space has started up. Eurocloud’s goals are:
An organisation is needed to standardise the industry and to clearly communicate local and European Union requirements. Right now, most non-insider people haven’t a clue.