Sysprep & Hyper-V

You can automate the deployment of Hyper-V host servers using Sysprep.  W2008 would disable the autostart of the hypervisor in any machine deployed from a sysprepped template.  Ben Armstrong has confirmed that this is different with Windows Server 2008 R2; the hypervisor will automatically start.

You could use soemthing like WDS to deploy a new host.  I’d prefer MDT or ConfigMgr OSD because they use task sequences.  That will allow you to automate a bunch of operations using command line, batch scripts, or PowerShell scripts.

I did actually use WDS to build my original W2008 cluster back in 2008.  I didn’t have ConfigMgr and I wasn’t comfortable yet with MDT.  I prepped the initial build, figured out the kinks, and modified the images.  I repeated for the pilot.  The production deployment was completed in 1 hour (bare metal to functioning Hyper-V cluster) from a meeting room in a hotel room via VPN and HP ILO.

Heck, if you use one of the tasq sequence deployment solutions for normal server deployment then you only need to create a new task sequence to run against an existing Windows image (most probably Datacenter edition) and use the Server Manager powershell modules to enable the Failover Clustering feature and the Hyper-V role, reboot, install DPM/OpsMgr agents, etc.

So, if you deploy Hyper-V hosts freqeuently or you are planning a huge farm deployment, take a look at Sysprep, WDS, MDT and ConfigMgr OSD to automate the process.  A little work up front can save you a lot of time later on and give you a consistent result.

Notes for sysprepping a configured Hyper-V host:

  • External networks in the image will be converted into internal networks.
  • Passthrough disks will need to be reconfigured in the Hyper-V Manager.
  • The Dynamic MAC address pool on the host will be recreated so that it is unique.

Passed the 70-401 Exam

I passed the 70-401 (System Center Configuration Manager 2007, Configuring) exam this morning.  I found most of the questions to be pretty simple.  My advice: know the logs on the client, know the site roles (points), pay attention to software update deployment, and you are storted.  Also pay attention to the various pieces of work you do to prep an evironment for installing ConfigMgr.  I was surprised to see how the OS deployment questions seemed to only look at PXE and DHCP.  There were a couple of questions that I marked for review.  It was merely a matter of working out which answers were clearly wrong, leaving the right answers for you to tick.

That’s 3 exams in just over a week.  I’ll probably have a lash at 70-659 next, before focusing on upgrading my MCSE to an MCITP.

MDT 2010 Update 1 Released

This came in the mail overnight:

Deploy Windows 7 and Office 2010 quickly and reliably—while boosting user satisfaction

Microsoft® Deployment Toolkit (MDT) 2010 Update 1 is now available! Download MDT 2010 Update 1 at: http://go.microsoft.com/fwlink/?LinkId=159061

As you prepare to deploy Windows® 7, Office 2010, and Windows Server® 2008 R2, get a jump start with MDT 2010 Update 1. Use this Solution Accelerator to achieve efficient, cost-effective deployment of Windows 7, Office 2010, and Windows Server 2008 R2.

This latest release offers something for everyone. Benefits include:

For System Center Configuration Manager 2007 customers:

New “User Driven Installation” deployment method. An easy-to-use UDI Wizard allows users to initiate and customize operating system and application deployments to their PCs that are tailored to their individual needs.

Support for Configuration Manager R3 “Prestaged Media.” For those deploying Windows 7 and Office 2010 along with new PCs, a custom operating system image can easily be preloaded and then customized once deployed.

For Lite Touch Installation:

Support for Office 2010. Easily configure Office 2010 installation and deployment settings through the Deployment Workbench and integration with the Office Customization Tool.

Improved driver import process. All drivers are inspected during the import process to accurately determine what platforms they really support, avoiding common inaccuracies that can cause deployment issues.

For all existing customers:

A smooth and simple upgrade process. Installing MDT 2010 Update 1 will preserve your existing MDT configuration, with simple wizards to upgrade existing deployment shares and Configuration Manager installations.

Many small enhancements and bug fixes. Made in direct response to feedback received from customers and partners all around the world, MDT 2010 Update 1 is an indispensible upgrade for those currently using MDT (as well as a great starting point for those just starting).

Continued support for older products. MDT 2010 Update 1 still supports deployment of Windows XP, Windows Server 2003, Windows Vista®, Windows Server 2008, and Office 2007, for those customers who need to be able to support these products during the deployment of Windows 7 and Office 2010.

Next steps:

Download Microsoft Deployment Toolkit 2010: http://go.microsoft.com/fwlink/?LinkId=159061.

Learn more by visiting the MDT site on Microsoft TechNet: www.microsoft.com/mdt.

Get the latest news by visiting the Microsoft Deployment Toolkit Team blog: http://blogs.technet.com/msdeployment/default.aspx.

Provide us with feedback at satfdbk@microsoft.com.

If you have used a Solution Accelerator within your organization, please share your experience with us by completing this short survey: http://go.microsoft.com/fwlink/?LinkID=132579.

Sincerely,

Microsoft Deployment Toolkit Team”

Configuration Manager v.Next Beta

Call it what you want, ConfigMgr v.Next, Configuration Manager 2011, but the beta has just been launched.  It brings a bunch of new stuff in what is not just a refresh:

User centric application management  – Empowering Administrators to define intent, and end users flexible access to the right application at the right time

  • Allow the administrator to think users first
  • Application management model to capture admin intent
  • End user self-service software portal

Infrastructure simplification – Simplify management infrastructure, processes and administrative overhead

  • Unified management across PCs and devices
  • New role based administration and end-user experiences
  • Automated content distribution and troubleshooting
  • Redesigned core infrastructure and improved scalability

Simplify Client Management – Daily tasks, model based configuration management and improvements over existing capabilities

  • Automated compliance remediation
  • Client health and auto remediation
  • Remote control enhancements
  • Offline servicing of OS images

I’ve already blogged about what I’ve seen so far.  This is a very exciting new release.  The last version seems to focus a lot on OS deployment.  This release is emphasising getting the right software to the end user, and allowing the end user to pull that software down on demand.  The demos are impressive.  Go check out the beta now.

Microsoft Ireland – Best of #MMS2010

I arrived in about an hour late for this event because I had to present at a cloud computing breakfast event in the city.  Writing until midnight, doing work until 1am and getting up at 05:30 has left me a bit numb so my notes today could be a mess.

The ash cloud has caused last minute havoc with the speakers but the MS Ireland guys have done a good job adjusting to it.

System Center v.Next

I arrived in time for Jeff Wettlaufer’s session.

The VMM v.Next console is open with an overview of a “datacenter", giving a glimpse of what is going on.  We see the library and shares which is much better laid out.  It includes Server App-V packages, templates, virtual hard disks, MSDeploy packages (IIS applications), SQL DAC packages, PowerShell, ISO and answer files.

VMM v.Next

The VMM model is shown next.  We can create a template for a service.  This includes virtual templates for virtual machines: database, application, web, etc.  The web VM is shown.  We can see the MS deploy package from the library is contained within the template for this VM.  The web tier in the model can be scaled out automatically using a control for the model.  The initial instance count, maximum and minimum instance counts can be set.  The binding to network cards can be sent too.

An instance of this model is deployed: lots of VM’s are included in the model.  One deployment = lots of new VM’s.  We now see the software update mechanism.  The compliant and non compliant running VHD’s are identified.  Normally we’d do maintenance windows, patching and reboots.  With this approach we can remediate the running VM’s VHD’s.  Because there are virtualised services, they can be migrated onto up-to-date VHD’s and the old VHD’s are remediated. The service stays running and there are no reboots or maintenance windows.

This makes private cloud computing even better.  We already can have very high uptimes with current technology.  The only blips are usually in upgrades.  This eliminates that.  The model approach also optimises the

Operations Manager 2007 R2 Azure Management Pack

You can use an onsite installation of OpsMgr to manage Azure hosted applications.  This is apparently out at the end of 2010.  We get a demo starting with a model, including web/database services, synthetic transactions and the Azure management pack containing Azure objects (a web front end that fronts the on-premises databases).  We see the usual alert and troubleshooting stuff from OpsMgr.  Now we see that tasks for Azure are integrated.  This includes the addition of a new web role instance on Azure.  In theory this could be automated as a response to underperforming services (use synthetic transactions) but it would need to be tested and monitored to avoid crazy responses that would cost a fortune.

Almost everything in the System Center world has a new release or refresh in 2011.  It will be a BIG year.  I suspect MMS 2011 will be nuts.

It looks like I missed 4 of the demos :-(  That’s work for ya!

Configuration Manager v.Next– Jeff Wettlaufer

Woohoo!  I didn’t miss it.

The focus on this release is user centric client management.  The typical user profile has changed.  Kids are entering the workplace who are IT savvy.  The current generation knows what they want (a lot of the time).  MS wants to empower them.  Users should self-provision, connect from anywhere, access devices and services from anywhere. 

There should be a unified systems management solution.  Do you want point solutions for software, auditing, patching, anti-malware, etc.

Control is always important.  Whether it is compliance for licensing, auditing, policy enforcement, etc.  Business assets must be available, reliable and secure.  Automation must be employed and expanded upon to remove the human element – more efficient, allow better use of time to focus on projects, less mistake prone.

ConfigMgr 2007 does a lot of this.  However, it didn’t do the last step: remediating non-compliance with policy (software, security, etc).

Notes: 75% of American and 80% of Japanese workers will be mobile in 2011.  The IT Pro needs to change: be more generalized and have a variety of skills capable of changing quickly.  IT in the business has “comsumerized”: they are dictating what they want or need rather than IT doing that.  I think many admins in small/medium organizations or those dealing with executives will say that there has always been some aspect to that.  The new profile of user will cause this to grow.

System Center ConfigMgr is moving towards answering these questions.  The end user will be empowered to be able to self-provision.  Right now, the 2007 release translates a user to a device, and s/w distribution is a glorified script.  It is also very fire and forget, e.g. an uninstalled application won’t be automatically reinstalled so there isn’t a policy approach.

The v.Next method changes this.  It will understand the difference between different types of device the user may have.  It is more flexible.  It is a policy management solution, e.g. an uninstalled application will be automatically reinstalled because it is policy defined/remediated.

Software distribution in v.Next: relationships will be maintained between the user and devices.  User assigned software will be installed only if the user is the primary user of the device – save on licensing and bandwidth.  S/W can be pre-deployed to the primary devices via WOL, off-peak hours, etc.

Application management is changing too.  Administrators will manage applications, not scripts.  The deployments are state based, i.e. ConfigMgr knows if the application is present or not and can re-install it.  Requirements for an application can be assessed at installation time to see if the application should even be installed at all.  Dependencies with other applications can be assessed automatically too.  All of this will simplify the application management process (collections) and troubleshooting of failed installations.

For the end user, there is a web based application catalog.  A user can easily find and install application.  A workflow for installation/license approval can back this up.  S/W will install immediately after selection/approval – this uses Silverlight to trigger the agent.  A user can define what their business hours are in the client to control installations or pre-deployments.  They can also manage things like automated reboots – no one likes a mandated reboot (after 5 minutes) while doing something important, e.g. a live meeting, demo, presentation, etc.  This is coming in beta2: there will be a pre-flight check feature where you can see what will happen with an application if you were to target it at a collection.  You then can do some pre-emptive work to avoid any failures.  I LIKE that!

We now see a demo of a software package/deployment.  An installer package for Adobe Reader is imported.  This isn’t alien from what we know now.  There is a tagging mechanisms for searches.  We can define the intent: install for user or install for system.  You can add deployment types for an existing application.  We see how an App-V manifest is added to the existing application which was previously contained _just_ an MSI package.  Now you can do an install or an App-V deployment (stream and/or complete deployment) with the one application in ConfigMgr.  So we now have 2 deployment types (packages) in a single application.  This makes management much easier. 

We see that the deployment of the application can be assigned to a user and will only be installed to their primary device.  System requirements for the application can be included in the package.

A deployment (used to be called an advertisement) is started and targeted at a collection.  The distribution points are selected.  Now you can specify an intent, e.g. make the application available to the user or push it.  The usual stuff like scheduling, OpsMgr integration are all present.

SQL is being leveraged more and more.  A lot of the file system and copy operations are going away and being replaces with SQL object replication.  It also sounds like the ConfigMgr server components might be 64-bit only.

The MMC GUI is being dropped.  The new UI is more intuitive, better laid out and faster.  It will filter content based on role/permissions  in ConfigMgr.  This will make usage of the console easier.  Wunderbars finally make an appearance in ConfigMgr to allow different views to be presented: Administration, Software Library, Assets and Compliance, and Monitoring.

Role Based Administration: The MMC did cause havoc with this.  A security role can be configured.  This moves in the same direction as VMM and OpsMgr.  13 roles are built into the beta1 build.  You can bound the rights and access in ConfigMgr, e.g. application administrator, asset analyst, mobile device analyst, read only roles, etc.  We are warned that this might change before RTM.  Custom roles can be created.  When a role logs into the console they will see only what is relevant (permitted).  Current ConfigMgr sites did this by tweaking files on site servers which is totally not supported and caused lots of PSS tickets.

Primary sites are needed only for scale out.  The current architecture can be very complex in a large network.  Content distribution can be done with secondary sites, DP’s (throttling/scheduling), BranchCache and Branch Distribution Points.  Client agents settings are configurable in a collection rather than in a primary site.

Note: we see zero hands go up when we are asked if anyone is using BranchCache.  That’s not surprising because of the licensing requirements, the limit of not having upload efficiencies (compared to network appliance solutions) and limited number of supported solutions.

Jeff says that client traffic to cross-wan ConfigMgr servers dropped by 92% when BranchCache was employed – the distribution point can be BITS (HTTPS) enabled.

Distribution point management has been simplified with groups.  Content can be added based on group membershpip.  Content can be staged to DP’s, as well as scheduled and throttled.

SQL investments mean that the inbox is gone in v.Next.  Support issue #1 was the inbox.  There are SQL methods for inter-site communications.  SQL Reporting Services is going to be used.  SQL skills will be required.  MS needs to invest in training people on this.

ConfigMgr client health features have been expanded.  There is configurable monitoring/remediation for client prerequisites, client reinstallation, windows services dependencies, WMI, etc.  There are in-console alerts when certain numbers of unhealthy clients are detected – configurable threshold.

There is a common administration experience for mobile device management – CAB files can be added to ConfigMgr applications (not just App-V and MSI/installer).  Cross-platform device support (Nokia Symbian) is being added.  User centric application and configuration management will be in it.  You can monitor and remediate out of date devices.

Software Updates introduces a group which contains collections.  You can target updates to a group.  This in turn targets the contained collections.  Auto-deployment rules are being introduced.  Some want to do patch tuesday updates automatically.  You DEFINITELY need to auto-approve anti-virus/malware updates (Microsoft Forefront updates flow through Windows Updates).  Auto-approved updates will automatically flow out to managed clients.  This has a new interface but it’s a similar idea to what you get with WSUS. 

Operating System Deployment is a BIG feature for MS in this product.  We now get offline servicing of images.  It supports component based servicing and uses the approved updates.  This means that newly deployed PC’s will be up to date when it comes to updates.  There is now a hierarchy-wide boot media (we don’t need one per site and saving time to create and manage it).  Unattended boot media mode with not need to press <Next>.  We can use PXE hooks to automatically select a task sequence so we don’t need to select one from a list.  USMT 4.0 will have UI integration and support hard-link, offline and shadow copy features.  In 2007 SP2, these features are supported but hidden behind the GUI.

Remote Control is back.  Someone wants it.  I don’t see why – the feature is built into Windows and can be controlled by GPO.

Settings Management (aka Desired Configuration Management) is where you can define a policy for settings and identify non-compliance.  V.Next introduces automated remediation of this via the GUI.  This is an option so it is not required: monitor versus enforce.  Audit tracking (who changed what) is added.

Readiness Tips: Get to 64-bit OS’s ASAP.  Start using BranchCache.  Plan on flattening the hierarchy.  Use W2008 64-bit or later.  Start learning SQL replication.  Use AD sites for site boundaries and UNC paths for content.

A VHD with a 500 day time bombed VHD will be made available by MS in a few weeks.  Some hand-on labs will be made available soon after in TechNet Online. 

Can you see why I reckon ConfigMgr is the biggest and most complex of the MS products?

Operations Manager

Irish OpsMgr MVP Paul Keely did this session.  I missed the first half hour because I was talking to Jeff Wettlaufer and Ryan O’Hara from Redmond.  When I came back I saw that Paul was talking about the updates that have been made available for OpsMgr 2007 R2.  The demo being shown was the SLA Dashboard for OpsMgr.

Management pack authoring: “you need to have a PhD to author a management pack”.  This is still so true.

Using a Viso/OpsMgr connector you can load a distributed application into Visio.  You can then export this into SharePoint where the DA can be viewed on a site.

KB979490 Cumulative Update 2 includes support for SLES 11 32-bit and 64-bit and zones for all versions of Solaris.

V.Next: MS have licensed “EMC Smarts” for network monitoring.  An agent can figure out what switch it is on and then figure out the network. This means OpsMgr can figure out the entire network infrastructure and detect when a component fails. 

Management packs are changing.  A new delay and correlation process will alert you about the root cause of an issue rather than alert you about every component that has failed because of the root cause.  This makes for a better informed and clearer issue notification.

Opalis

This is a recent System Center acquisition for automated work flows.  The speaker was to fly in this morning but the ash cloud caused airports to close.  MS Ireland have attempted to set up a Live Meeting where the speaker can present to us from the UK.

The speaker is Greg Charman and is present in a tiny window in the top left of the projector screen.

We have a number of IT silos: SQL, virtualisation, servers, etc.  Applications or processes tend to cross those silos, e.g. SQL is used by System Center.  Server management relies on virtualization.  Server management and virtualization both use System Center.

Opalis provides automation, orchestration and integration between System Center.  Currently (because it was recently acquired) it also plugs into 3rd party products. Maybe it will and maybe it won’t continue to support 3rd party products in future releases.

Opalis provides runbook/process automation.  You remove human action from the process to improve the speed and reliability.  It also allows processes to cross the IT silos.

In the architecture, there is an Integrated Data Bus.  Anything that can connect to this can interact with other services (in theory).  Lots of things are shown: Microsoft, BMC, HP, CA, IBM, EMC, and Custom Applications. 

A typical process today: OpsMgr raises an alert.  Manually investigate if it is valid.  Update a service desk ticket.  Figure out what broke and test solutions.  Maybe include a 3rd party service provider.  All of these tasks take time and the issue goes on and on.

Opalis: sees the alert and verifies the fault.  It updates the issue.  It does some diagnostics.  It passes the results back to the service desk.  It might fix the problem and close the ticket.  At the least it could provide lots of information for a manual remediation.

Opalis is used for:

  • Incident management: orchestrate the troubleshooting.  Maybe identify the cause and remediate the issue.
  • Virtual machine life cycle management: Automate provisioning and resource allocation.  Extend virtual machine management to the cloud.  Control VM sprawl.
  • Change and control management: This integrates ConfigMgr and VMM.

The integration for some products will be released later in 2010.  The VMM and ConfigMgr integrations are in the roadmap, along with a bunch of other MS ones.

System Center Essentials 2010

This is presented by Wilbour Craddock.  As most companies in Ireland are small/medium, SCE 2010 should be a natural fit for a lot of them.  Remember that it is a little crippled compared to the full individual products.  It can manage up to 50 servers (physical or virtual) and up to 500 clients.

  • Monitor server infrastructure using the OpsMgr components.
  • Manage virtual machine using the VMM 2008 R2 components.  This include P2V and PRO tips.
  • Manage s/w and updates using the ConfigMgr components.

The “SCE 2010 Plus” SKU adds DPM 2010 to the solution so you can backup your systems.

Inventorying: Runs every 22 hours and includes 60+ h/w and s/w attributes.  Visibility is through reports.  180 reports available.  New in 2010: Virtualization candidates.

Monitoring includes network management with SNMP v1 and SNMP v2.  It uses the same management packs as OpsMgr.  Third party and custom ones can be added.  The product will let you know when there is a new MP in the MS catalog.

Only the evaluation is available as an RTM right now.  The full RTM and pricing for it will be available in June.

Patching is done with WSUS and this is integrated with the solution.  Auto-approval deadlines are available.  It can synch with the Windows catalogue multiple times in a day.  There is a simple view for needed updates.

SCE can deploy software but it cannot deploy operating systems.  You can use the free WDS or MDT to do this.  Note that a new version of MDT seems to be on the way.  The software deployment process is much simpler than what you get with ConfigMgr, thanks to the reduced size of the network that it supports.  It assumes a much simpler network.

At first glimpse of the feature list, it appears to include most of the VMM features, but it not not be as good as VMM 2008 R2.  It cannot manage a VMware infrastructure but it can do V2V.  Host configuration might be better than VMM.  P2V is different than in VMM.  The Hyper-V console is still going to be regularly used, e.g. you can’t manage Hyper-V networking in SCE 2010.  Enabling a physical machine to run Hyper-V is as simple as clicking “Designate as a host”.  PowerShell scripts are not revealed in the GUI like in VMM but you can still use PowerShell scripts.

Software deployment now include filtering, e.g. CPU type X and Operating System Y.  You can modify the properties of existing packages.

The setup is simple: 10 screens.  Configuration is driven by a wizard.

Requirements: W2k* or W2K8 R2 64-bit only.  2.8GHz, 4GB RAM, 150GB disk recommended.  It can manage XP, W2003, and later.

The server with DPM will be around €800.  Each managed device (desktop or server) will require a management license.  You can purchase management licenses to include DPM support or not.  This means you can backup your servers, maybe a few PC’s and choose to use the cheaper management licenses for the rest of the PC’s.

Intune

Will talks about this.  Dublin/Ireland will be included in phase II of the beta.  It provides malware protection and asset assessment from the cloud.  It will be used in the smaller organizations that are too small for SCE 2010. 

That was the end of the event.  It was an enjoyable day and a good taster of what happened at MMS.

Reminder: Best of #MMS2010 on Monday 17th by MS Ireland

Remember that Microsoft Ireland is hosting a “best of MMS 2010” event next week on Monday the 17th.  Speakers from Ireland, Redmond and from MS UK will be presenting on some of the content from the show.  I’m most looking forward to the ConfigMgr, Service Manager and Opalis presentations.  MS UK is also running something similar so check out your local feeds.

Technorati Tags: ,

Webcast: Understanding The Virtual Machine Servicing Tool

This is a webcast for the System Center Influencers.  I’ll do my best to blog as it goes along.  It follows the recent beta release of VMST 3.0.  This is the release I’ve been waiting for.  Prior to this, it really only handled VM’s stored in an offline state in the library.  But now there is patching for:

  • Offline virtual machines in a SCVMM library
  • Stopped and saved state virtual machines on a host
  • Virtual machine templates
  • Offline virtual hard disks in a SCVMM library by injecting update packages (DISM)
  • Automated patching of Windows Server 2008 R2 failover cluster hosts running Hyper-V (using Live Migration for zero VM downtime)

Now that’s what I’m talking about!!! We’re very slowly moving towards some of the cool patching functionality for templates that is in VMM v.Next.  That last one is a biggie!

The Challenges:

  • Dormant VM’s miss patch Tuesday.
  • When they wake up they are non-compliant and vulnerable to network threats.
  • Patching without VMST is a manual process which is a waste of effort.

OVMST 2.1

  • Works with stored VM’s in the VMM library
  • Patches via WSUS & ConfigMgr with VMM
  • Move VM to maintenance host, start VM, patch it, shutdown, move to library.
  • Uses VMM PowerShell cmdlets.
  • Supports Hyper-V and Virtual Server 2005 R2 SP1

VSMT 3.0 Beta

Note that it is no longer called the “Offline …” tool.  See the previous features for the reason why.

The offline VM process works as usual, by moving it onto a maintenance host, starting, patching, shutting down and restoring it to the library.

Demo of Configuration and Offline Servicing

We see a VMM library with offline VM’s and template VHD’s.  There are 2 hosts.  Some VM’s are stopped, some are in saved state.  One host is labelled as being a maintenance host.  The VMST GUI is the usual System Center MMC “wunderbar” GUI.  The VMM server is selected, along with ConfigMgr and/or WSUS.  The maintenance host is selected in the wizard.  Credentials for servicing offline VHD’s is entered.  Timeouts for copies and updates are also entered (be careful with service pack updates which can be VERY time consuming – lesson learned from SMS updating process back in 2005). 

You can create groups for VHD’s, from VM’s in the library, from VM’s in template groups, and from VM’s in host groups.  You now create a servicing job for selected VM’s from the group(s).  You can also specify if the VM should use its own configured virtual network or from a selected VLAN (maintenance network).  A schedule is entered for the job, e.g. now, later or on a recurring basis.  You can track the job process in VMST or in VMM.

Servicing Shutdown VM’s on a Host

The VM is moved from the production host to a maintenance host.  Here it is started and patched.  The VM is shutdown and returned to the original host.  The configuration is pretty similar, just using a “stopped VM group” instead.  You can include VM’s with a saved state – these VM’s will lose their saved state.  This is because the VM is powered (woken) up and powered down.

Patching Virtual Machine Templates

These are files stored in the VMM library along with metadata in the VMM SQL database.  Patching these requires using a different method.  VMST creates a “gold VM” from the template and maintains a mapping to it.  The gold VM is started on the maintenance host.  The gold VM is updated.  The gold VM is cloned (not moved or new template).  The cloned VM is sysprepped and replaced the template VHD.  The gold VM is left in place for the next patching.

In the demo, you can select a pre-existing VM from the template that you are going to maintain.  This means you need to deploy 1 VM from each 1 template you keep in the library.  You can choose to backup the template in the library (1 version only per template), just in case the patching breaks the template.

Patching Offline (not template) VHD’s

The VHD can be mounted using Diskpart on a maintenance host (not necc. Hyper-V: W7 or W2008 R2) and DISM is used to inject the update packages into the VHD.

Patching W2008 R2 Clustered Hyper-V Hosts

Must be W2008 R2 hosts and must be clustered.  It puts a host into VMM maintenance mode –> Live Migrates the VM’s to another host.  It patches the host and removes VMM maintenance mode.  The process repeats through the cluster nodes.

There is no integration with OpsMgr so you’ll need to configure a scheduled maintenance mode (by yourself) there for all of your hosts in the cluster to prevent all sorts of nasty alerts.

Summary

This was a good presentation – very demo focused which I like.  The product is now at a point where I think all VMM users should implement it.

Configuration Manager 2007 R3 Beta Released

In case you missed it in one of my MMS posts, the beta for ConfigMgr 2007 R3 is now public and is available on Connect.  I received the following in an email earlier today:

“Yesterday at the Microsoft Management Summit, Brad Anderson announced during his keynote the release of ConfigMgr07 R3 Beta. Power management is at the core of the R3 release, it addresses the need that many organizations have to monitor and reduce the power consumption of their computers. ConfigMgr07 R3 Power Management leverages the power management features built into Windows to apply relevant and consistent settings to computers in the organization. There are three major components to power management in ConfigMgr07 R3:

  1. Monitoring and Planning: Power Management collects information about computer usage and power settings for computers in the origination. Reports are provided to allow the administrator to analyze this data and determine optimal power management settings for computers.
  2. Enforcement: Power management allows the administrator to create power plans which can be applied to collections of computers. These power plans configure Windows power management settings on computers, and different power plans can be configured for peak and non-peak working hours.
  3. Compliance: After applying power plans to computers in the organization, the administrator can run reports to validate that power settings were correctly applied and to calculate power and carbon footprint savings across collections of computers.

In addition to power management, ConfigMgr07 R3 will provide customers with enhanced scale and performance support (scale to 300K managed clients per hierarchy, delta AD discovery, dynamic collection updates), as well as enablement of further capabilities for operating system deployment. A full list of the R3 features can be found on Microsoft Connect at the “What’s new in R3” post”.

Technorati Tags: ,

MMS 2010 Keynote: User-Centric Client Management

I’m blogging live once again using the live webcast from the Microsoft Management Summit 2010.  Today’s featured speaker is Brad Anderson.

Anderson says that Windows Update updated 90million Windows 7 computers in March 2010.  This session will focus on management of the PC.  The role of the desktop administrator will change, involving cloud (that’s #1) and security.

Configuration Manager 2007 R3

As promised by Jeff Wettlaufer in a TechNet Edge video, Configuration Manager 2007 R3 is now in public beta (after a lengthy TAP).  Jeff comes on stage to show power management of R3.  This is all about learning about power usage, policy creation/enforcement, and reporting.

We see power consumption reporting being enabled on a collection.  A series of reports are viewed, e.g. the cost (local cost defined by you) of the power based on KwH.  That might be useful for servers.  Power management settings are also configured in the collection.  All the familiar ones are available from Windows 7.  You can define peak and non-peak as well as on battery and plugged in.  You can also define a wake-policy to tell a machine to power up, get some policy/updates and go back to sleep.  Now you run reports to see how you improved your power consumption, e.g. environmental impact.  You can quantify the savings from pre- and post-policy.  A report shows the types of activity that keep computers awake in relation to computers/monitors being active/asleep.  Handy for tuning policy or trying to figure out why something never powers down.

The CEO of 1E is featured in a video.  He couldnt’ travel because of the travel chaos.  MS missed a UC demo opportunity here.  1E is one of the biggest players in extending ConfigMgr functionality.  They’ve built upon the power management of ConfigMgr with a product called Night Watchman.  Claims it saves Dell $26/PC/year in power costs.

XenApp Management with ConfigMgr

A distribution type for XenApp can be created in ConfigMgr Software Distribution.  New package and programs are created in there.  A advertisement is set up to install the package onto the XenApp servers.  Users get drained from the servers, the apps get installed and then users can log in.

Dynamic Memory and RemoteFX

Windows Server 2008 R2 Service Pack 1 is now talked about and how the new Hyper-V features positively impact VDI – more machines per host and better graphics.

Michael Kleef comes out to demo.  This is the first time non-NDA people get a demo as far as I know.  You can see a VM being started up with 1GB RAM and it will be able to grow to 3GB RAM.  Additional memory will be allocated as required and released back to the host when not required.  The current usage is shown in the Hyper-V console.  VMM will get an update to enable this management.

RemoteFX is aimed at VDI. The host has a high end graphics card.  This will be shared by Hyper-V VM’s on the host for graphics processing for the VDI machines.  A demo of 720P video is shown running on a remote VM.  Aero features like peek and flip are there.  The GPU does the work, not the CPU.  This is shown in Performance Monitor.

ConfigMgr Advanced Hardware Power Management

ConfigMgr can audit machines that aren’t even powered up, e.g. Dell 11G servers.  You get an audit of the racked, networked machines that are still powered off.  When ready, ConfigMgr can power them up and deploy an OS.

ConfigMgr To Consolidate Security – Forefront

ConfigMgr allows you to eliminate a separate security infrastructure by integrating with ForeFront End Point Protection.  You don’t need new servers and you get an integrated console.  Updating, policy analysis, reporting were already there since the 2007 R1 release.

Demo: Forefront appears in ConfigMgr as a set of packages by default.  The install program has logic to be able to remove other AV solutions – just like Trend Micro has/had (it’s been a while).  A set of collections based on different states are created – allowing context sensitive advertisements.  A new Forefront node is created for policy creation.  Here you can configure scan preferences, exclusions, how to get updates (default is ConfigMgr), scheduled scans, etc.  You can then assign the policy to a collection.  Reports are available to show status breakdowns, infections, etc.

This is a tidy solution.  I still see lots of people not adopting it which is unfortunate.

System Center Configuration Manager in the Cloud

He said “cloud”!  You know the drinking game rules: 1 shot – now!  OK – put the bottle down.  You’d already have alcohol poisoning if we played the MMS 2010 cloud drinking game.

Here’ comes Windows Intune.  See my previous launch post.  An admission that this is not nearly (not even way) as powerful as ConfigMgr.  However, it will be updated quite frequently.  It’s not a rival to ConfigMgr but it will be an alternative entry point to centralised management.

We get a very quick Windows Intune demo where we see update management.  We see something ConfigMgr doesn’t have – update automatic approval policies like WSUS has.

Service Manager

We hear how a corporation used the beta to create a CMDB (ITIL/MOF configuration manager database) that integrated many System Center databases into one.  That was done in 2 hours: a singe data warehouse for all configuration data.  Nice!

On top of Service Manager 2010 MS has built in some auditing functionality.  SMSD customers have access to Service Manager now.

NOW Service Manager gets the welcome it should have.  Nicely done by the speaker :-)  The team deserves a lot of credit – they wrote a product, got bad feedback, scrapped it and started all over.  Not many will do that.

We get a demo on how Service Manager is used to assist with PCI compliance – stuff to do with credit card payments processing certification.  A library of 350 (!) compliance documents is built into the package.  You can pull from this.  The demo pulls documents to do with American Express.  Objectives are presented that IT will understand.  Now you work on them, update your progress and track your progress.  Some of this could be duplicated in other projects but Service Manager knows this and strips out redundant new steps.  There is integration into OpsMgr, ConfigMgr and AD.  Demonstration of compliance can be done using this too, making auditing much easier.

User Focused

This is something I firmly believe in: we need to put some power back in the users hands, e.g. self service provisioning.  Whether it be OS deployment, virtual machine deployment, software deployment, etc.

ConfigMgr v.Next is demonstrated now.  It has some cool user focused stuff. 

Desired Configuration Management (DCM) is shown.  It will have remediation, not just the current reporting feature.  In the demo, a file association no longer works.  That’s because someone has uninstalled it.  ConfigMgr uses a state to decide what software should be installed.  AT LAST!  This has been needed since SMS 0.0.  V.Next will remediate the state (software is assigned to the PC but missing) by reinstalling the software.  DCM can also remediate things like firewall, IE settings, etc.  Enabling the remediation is a simple tick box operation for the administrator.  Doh – the demo falls into the trap of trying to do things too quick in ConfigMgr.  ConfigMgr is not meant to be a hurried product.  Things in large enterprises take time.

The beta will be out in May.  Everything is re-rewritten to leverage the DCM state engine.  That’s the way it should be.

Road Map

VMM v.Next, ConfigMgr v.Next, OpsMgr v.Next, Service Manager 2010 R2 all appear in 2011.  MMS 2011 will be a crazy busy conference.

 image

That was a keynote that had the content you want – lots of demos and lots of new stuff.  Nicely done!