VMM | Aidan Finn, IT Pro

TechEdNA – Upgrading your Private Cloud From 2012 to 2012 R2

I am live blogging so hit refresh to see more.

Speakers: Ben Armstrong, Jose Barreto, Rob Hindman

Primary focus of the session is upgrading from from (Windows Server 2012) WS2012 Hyper-V to (Windows Server) WS2012 R2 Hyper-V. There are scale requirements.

Advice: deploy new designs with upgrades in mind – faster release cadence from Microsoft.

Fabric

System Management: System Center on Hyper-V
Compute: Hyper-V
Storage: Scale-Out File Server on block storage or Storage Spaces

Upgrade System Center First

It will manage the existing cloud/hosts and enable upgrades.

Question: will users notice if a given SysCtr component is offline for a brief period of time.

http://technet.microsoft.com/en-us/library/jj628203.aspx …. should be updated with WS2012 R2 upgrades. Remember to turn on OpsMgr maintenance mode during upgrades!!!

Upgrading SCVMM

Ensure that SCVMM is configured with a seperate (preferably external) database server
Uninstall SCVMM 2012 SP1 – leave library/libraries and SCVMM database in place
Install SCVMM 2012 R2, and connect to existing database.

Your outage time is minutes. Deploy SCVMM in a VM. And deploy SCMM as a HA cluster (pretty sensible in a true cloud where SCVMM is critical to self-service, etc).

Up comes Jose Barreto …

You could do Compute upgrade next but ….

Upgrading Storage

Tools:

Storage migration
Copy Cluster Roles Wizard
Upgrade in place
PowerShell scripting

Options for storage upgrade

Extra hardware. No down time: (easiest) migrate storage. (2nd fave) Limited downtime: copy cluster role.

Limited extra hardware: No downtime: (4th fave) Migrate pools. (3rd fave) Limited downtime: upgrade in place.

Option 1 – Migrate Storage

Setup new 2012 R2 storage cluster
Configure access to new cluster
Storage migrate every VM (Live Storage Migration to new storage platform)

Easy and zero downtime. Easy to automate. Network intensive. Needs new storage platform.

Option 2 – Copy Cluster Roles

Some downtime, but very quick.

Setup new 2012 R2 storage cluster. Connect new cluster to existing storage.
Copy cluster roles.
Downtime begins: Offline roles on old cluster. Online roles on new cluster
Down time end.

Limited downtime. No data moved on the network. Limited additional h/w. Good for impatient admins.

3 – Upgrade in place

1 – Prepare

HA degraded
Evict a node from clsutger
Upgrade/clean install evicted node
Create new cluster with evicted node

2 – Migrate …. do the previous Cluster Role Copy process.

3 – Rebuild the last remaining node in old cluster and join the domain.

You lose HA for a time. You could buy 1 extra server if that’s an issue and recycle 1 old server when the process completes.

4 – Move Pools

No downtime. Moves data over the network. Limited additional hardware.

1 – Split cluster

Evict node(s) on old cluster – if you have 4 nodes then you can evict 2 nodes and keep HA.
Upgrade evicted nodes to new version
Forma site-by-side cluster with shared access to the storage

2 – Migrate storage

Evacuate a pool of VMs using storage live migration
Evict pool from old cluster
Add pool to new cluster
Use storage live migration to move VMs to pool on new storage cluster
Repeat until complete

You need extra storage capacity to do this … you are moving VM files from pre-evicted pool to other pools in the older cluster, before moving them back to the pool in the new cluster.

Also have 1 pool (minimum) per node member in the storage cluster.

3 – Finalize

Destroy the old cluster
Rebuild idle nodes and join to new cluster

Why have 3 or 4 nodes …. you provide some cushion for upgrade/migration scenarios.

Note: you can use VMM for any LMs or storage LMs.

Back to Ben for the compute upgrade.

Cross-Version Live Migration

Provides simple zero-downtime way to move a VM across to a new platform.

You can use one of many methods to get a new WS2012 R2 cluster … evict/rebuild, brand new, etc. Then you can do a Cross-Version Live Migration.

In the demo, Ben fires up the VMM 2012 R2 console (he can also do this using the built-in Server admin tools, e.g. Hyper-V Manager). VMM is managing the WS2012 hosts and the WS2012 R2 hosts. He can do a LM of the VM from the old hosts to the new hosts. Here’s the benefit of upgrading System Center first. It can manage the new platform and leverage the new WS2012 R2 features.

Another thing with SysCtr …. leverage your templates and logical networks to standardise hosts. New hosts will be identical config to the old hosts, e.g. the VM Network will have the same name so the VM won’t go “offline” when it has moved to the new hosts.

You can stage the upgrades

WS2012 R2 hosts and use WS2012 R2 storage. WS2012 hosts can use WS2012 R2 storage.

Upgrade the Guest OS Integration Components

The world won’t end if you don’t …. some new features won’t work if they rely on the new ICs. Start planning the upgrade around your next maintenance window or planned upgrade. You can deploy the ICs without rebooting immediately – but the new version won’t work until you do reboot.

d:supportamd64setup.exe /quiet /norestart …. Aidan – add that as an app in ConfigMgr if you have a private cloud, and send the sucker out to a collection of Hyper-V VMs, with a predefined maintenance window.

Cluster Rebuild Options

If you have scale, you can do 2 nodes at a time to maintain HA.

If you are small then do 1 node at a time, but lose HA.

Buy some new hardware to act as the “seed” for a new cluster, and evict/rebuild the older cluster. You maintain HA, but at a relatively small cost. You can recycle the last 2 nodes in the old cluster.

For a small shop, take advantage of save state compatibility through:

In place upgrade
Virtual machine import

Funnily enough, a HUGE shop might also use that last option. They could also:

Save state the VMs
Reconnect the storage to new hosts
Import/register the VMs

Cluster Validation

Will require downtime unless you are using Windows Server File Storage. Note that a cluster is not supported until you have a passed cluster validation report. Block storage will bring down the disks when validated.

Windows Server 2008 R2 to 2012 R2

Here comes Rob Hindman … who has the best job in the world, apparently, cos he works with Ben and Jose Smile

Copy Cluster Roles Wizard

This will move the cluster roles from 2008 R2 to 2012 or 2012 R2. Basically, it allows you to move cluster resources to a cluster from another cluster that is 2 levels back, e.g. 2008 R2 to 2012 R2.

You can test the copy without impacting production/customers
The process is reversible if you encounter issues
Assumes that your storage will be reused
Does not copy data … it remaps disks

You form a new cluster and connect it to the old storage. You run the wizard against the old cluster. You copy the roles. Then you bring online the roles in the new cluster after off-lining them on the old cluster. Then you can remove the old cluster.

Supports lots including:

Hyper-V VMs/VM configuration
SOFS
CSV
Storage pools/spaces

Does not do CAU or Task Scheduler Tasks.

PLEASE READ THE REPORT that the wizard creates. There might be fix-up steps, e.g. network settings.

Demo:

Does a W2008 R2 – WS2012 R2 migration. You have to migrate 1 LUN (CSV) at a time. Make sure that your destination cluster can handle the VM workload that is on the CSV that you are migrating. If it detects a VM workload, it’ll prompt you to select a destination virtual switch. The copy is done … no downtime, yet. Read the report, as advised.

The VM appears on the new cluster, but it’s showing as off. So is the CSV. On the original cluster, you take the resource offline – shutdown the VM. Take the CSV disk offline. Some customers prefer to unmask the CSV at this point from the old cluster. Bring the CSV online in the new cluster. Then power up the VMs on the new cluster. Done!

Other than a MS IT VPN blip, the demo worked perfectly.

Summary

You can do the upgrade with no downtime if you have lots of resources. More likely you’ll do with with few/no new resources with minimal downtime.

Q&A

Clarification: you are not abandoning CSV. You are putting an active/active file server cluster (SOFS) and SMB 3.0 between the Hyper-V hosts and the CSVs. This layer adds sooooo much and makes you very flexible.

Smaller deployments, such as 2 nodes, then you continue to direct attach your CSVs to your hosts, e.g. CiB Hyper-V deployment.

TechEd NA 2013: Building Cloud Services with Windows Server 2012 R2, Microsoft System Center 2012 R2 and the Windows Azure Pack

Spakers: Bradley Bartz, Nagender Vedula, and an army of others.

1 consistent cloud experience

Service Bus coming to WS2012 R2. There are 2 UIs:

Admin
Consumer portal

Cloud OS Consistent Experiences.

Heres Azure versus on-premise:

Continuity of experience and services being deployed. Note that Windows Azure Pack portal is customizable.

The right hand side is powered by:

Windows Server
Hyper-V
System Center – VMM and Operations Manager
Service Provider Foundation
Windows Azure Pack

Service Consumers

People centric computing – self-service administration, acquire capacity on demand, empowered operations, predictable costs, get up and running quickly.

Difference between Azure and on-premise. On-premise has limits of scalability. So we set quote a limits to control how much resources the consumer can take.

Service Consumers:

Build highly scalable web apps
Iterate with integrated source control
Manage app with real-time telemetry
Use the languages and open source apps of your choice (supported by Azure pack)

Service Providers

Extreme focus on cost. Maximize per-customer profitability, hardware efficiency, automate everything, differentiate on SLAs. All makes sense for the hoster. What about the enterprise private cloud? Same goals apply – IT needs to be efficient and effective. Doubly so when doing cross-charging … and to be honest, IT doesn’t want to become more expensive than outsourced services!

Service Bus

Messaging service for loud apps
Guaranteed message delivery
Publish-subscribe messaging patterns
Standard protocols (REST, AMQP, WS*)
Interoperability (.NET, JAVA/JMS, C/C++)
Now integrated with management portal

An elastic message queuing system. A dev building a modern app in Azure will feel right at home on your WSSC 2012 R2 cloud.

Virtual Machines

Consistent with IaaS Azure
Roles: portable, elastic, gallery, Windows & Linux support
Virtual networks: site-site connectivity, tenant supplied IP address

Additional services in Windows Azure Pack

Identity: AD integration, ADFS federation, co-administrator – huge for on-premise
Database services: SQL Server and MySQL
Value add services from gallery – you can curate a set of add-ons that your customers can use.
Other shared services from provider
Programmatic access to cloud services – Windows Azure consistent REST APIs

There is a model on acquiring capacity. There is a concept of offers and plans, and that dictates what’s being deployed. A subscriber will get billed. Concept of teams is supported with co-administration. Teams can be large, and membership can change frequently. With ADFS, you can use an AD group as the co-administrators of the subscription.

Demo

Azure supports ADFS – so he logs into Azure portal using his MSFT corporate ID. He deploys a new website, goes to a store in Azure, and installs a source code control app: Git. Now there’s a dedicate Git repository for that website. It’s the usual non-modified Git. He adds a connection to the repository locally. Then he pushes his source code up to the repository from his PC. That’s done in around a minute. The website launches – and there’s the site that he pushed up.

This is more than just an FTP upload. It’s cloud so it scales. Can scale out the number of website instances. By default they run on a shared tier, basically the same web server/pool. Can change that through the GUI. Can scale the site easily with a slider, with content and load balancing.

Now logs into the Katal portal. Can sign in with AD user account, Email account (ASP membership of email and password), and ADFS. The same login appears as on the Azure portal as on Azure. Same end user experience (can be skinned). Creates a web site. Sets up Git source code control, as on Azure. Basically repeats the same steps as on Azure – the customer is getting the same experience.

In Katal, scalability can be limited by the admins, won’t have the same infinite resources as Azure.

Now he logs out, and Mark Umeno logs in as a co-admin. He can see the resources that were just deployed by Bradley. He can also see some other stuff that he owns.

I get bored here … there’s no cloud building going on. It’s turned into a user experience demo which does not match the title of the session.

Technorati Tags: Event Notes,Windows Server 2012 R2,System Center,Hyper-V,Networking,Virtualisation,Cloud,Windows Azure Pack,VMM

TechEd 2013: How To Design & Configure Networking In VMM (Part 2)

Speaker: Greg Cusanza, Senior PM, MSFT (VMM) and Charlie Wen, PM (Windows).

This is a follow up to part 1.

Objective of this session: bring WS2012 R2, System Center 2012 R2 and Windows Azure together using hybrid networking.

Hybrid Network

Tenant thinks they have their own network, but it’s an abstracted network on hosting environment. Can link to Internet and extend clients’ on-premise network into hosting network. There is routing between the client network and the tenant network.

Can route between client site A, through client site B, to tenant network if Site A to tenant network link is down.

There is in-box capability for the gateway in WS2012 R2.

Hybrid Networking in WS2012 and SysCtr 2012 SP1

WS 2012 R2 adds HNV, RRAS, and IPAM
SC2012 SP1 – VM networks with single VPN.
3rd party gateways: F5 (software solution out now), Huawei, IronNetworks
Introduced Windows Azure Services for Windows Server (Katal, vNext to be Windows Azure Pack). Not a hybrid solution.

F5 solution is Windows Server based at the moment. They are working on a hardware solution.

Benefits of Hybrid Networking

For hoster, internal IT, or enterprise customer.
Must be cost effective
Capex cost per tenant must be low. Multi-tenancy.
Gateways must be highly available – using clustering in WS2012 R2 gateway
Must support self-service
Enterprises: must be able to extend on-premise network. Establish contract for average throughput for each connection. Easily provision and configure site-site connection on the hoster side

Network Fabrication Configuration

Enabling network virtualization: WS2012 R2 no longer requires NV filter enablement
Configuring provider address space: must have static IP pool. Must enable network virtualisation on logical network for provider addresses.
If mixing 2012 and 2012 R2 hosts, must have KB2779768 on 2012 hosts

Demo

Checked the Allow New VM Networks Created On This Logical …. in the settings of the tenant Logical Network – different tenant network than before – no VLAN stuff.

Enabling Hybrid Connectivity

you need a gateway
3rd party gateways do exist
WS2012 R2 gateway will do for many customers. 3rd party solutions will probably offer extra features.

Charlie Wen (Mr. QoS in WS2012) comes on stage to talk about the WS gateway.

WS2012 Hybrid Connectivity

Limitations:

1 VM per tenant
Static routing required on each tenant site
Manual provisioning
Internet connectivity back to remote site – no NAT for direct connectivity to VM networks.

WS2012 R2

Multi-tenant solution that requires far fewer VMs as gateways
Clustering for HA – this is an SLA business
BGP routing for dyanmic routing
Multitenant NAT for direct Internet connectivity

Demo

Shows NAT in action on the gateway. Client connects to VM in VM network using IE and public IP address. Does it twice and does 2 downloads (long and still running). Uses Get-NetCompartment to view tenant networks. Moves the gateway role from one WS2012 r2 cluster member to another and it’s done in the blink of an eye. The downloads do not get interrupted because the proactive failover of the gateway resource happens so quickly. Good for maintenance.

Private Cloud with WS2012 R2

You could use HNV for lab, test networks, dev networks
Most services still on the physical network, e.g. AD, DNS, etc.
That means the labs are isolated. You can give connectivity with a forwarding gateway.
You can extend into a 3rd party site by connecting the forwarding gateway to the edge router.

Multi-tenant networking stack

Multi-tenant Site-to-Site

On boarding: create new tenant with a compartment in the gateway Incoming packets go into a default compartment. Packet is inspected, and sent to the correct tenant compartment, and onwards to the VM network.

Outbound packet, from the VM network, to the tenant compartment. There is a routing table there and then it goes out to the right client on-premise site over the VPN.

Multi-tenant NAT

Each tenant compartment needs a unique IP.

Outbound packet into tenant compartment from VM network, then NATed before going out to the net.

For inbound packet, it comes into the gateway. A NAT mapping sends it to the correct client compartment, and onwards to the VM network.

BGP Dynamic Route learning and Best Path Selection

BGP will select the best route. Say the Site 1 – hoster link goes down. BGP will auto re-route to hoster via site 2.

Guest Clustering for HA

A 1:1 redundant (active/passive) cluster is created from the VMM service template when deploying the WS2012 R2 gateway
Failure is detected immediately
Site-site tunnels are reconnected on the new active node
So quick that end-end TCP connections do not time out

Back to Greg and SCVMM …

Provisioning from VMM

Build a host/cluster – this host/cluster is dedicated for the gateway VMs. DEDICATED. They are edge network, “untrusted” hosts. VMM agent uses certificates.
Deploy gateway VMs from the service template
Add gateway to VMM
Finalize the gateway configuration

Post-preview functionality configured from SCVMM, ie not in the preview and will be in RTM:

HA
Forwarding gateway for private cloud

Demo

Has the service template and deploys it to the untrusted host.

Has one already baked, and shows the service in his cloud view. The host was marked as a HNV host: get-scvmmhost <hostname> … IsDedicatedToWnvGateway is set to true. Set-SCVMMHost –IsDedicatedToWnvGateway $true <hostname>.

Adds a Network Service in Fabric-Networking. Selects RunAs account. Sets a network service connection string. Reviews the certificates. Tests the provider before existing the wizard. And then selects a host group – e.g. dedicate the gateway to a rack of servers. Configures the front end and back end NICs: selects NICs and network sites for each of the two. Done. The g/w is added … but it takes a minute or so to set up the compartments …. watch out for that!

Goes into VM Newtorks. Creates a new VM Network in the tenant logical network. Enables HNV. Sets the VM subnet. Connects the VPN tunnel, with BGP. Enables NAT. Selects an IP Pool for the NAT connection. Can add inbound access rules for specific ports, e.g. send inbound TCP 80 to 10.0.0.2 port 80. That configures the compartment in the g/w. Adds an IP pool to the HNV gateway.

Done! Now you can add VMs to the VM Network and they can talk through the gateway, e.g. talk to an external network.

No configuration done in the gateway VMs or on the HNV hosts.

Enabling Tenant Self-Service

Using Windows Azure Services for Windows Server:

Tenants creat their own networks
Consistent experience with Windows Azure
Configuration of topology and BGP
Reporting and chargeback

SPF provides REST API to enable hosters and private cloud providers to build their own portal if they want.

The client configures a VM network and VPN tunnel on the hoster portal. That configures VMM and the gateway for the tenant. The tenant must then configure their own VPN endpoint to complete the tunnel.

Demo of tenant self-service

Logs into the portal as a tenant. Creates a new virtual network. Selects IPv4. Specifies DNS, and chooses to enable NAT and VPN. Enter his tenant VPN endpoint info and enables BGP. Adds an address space for the VM network. Names the site-site VPN, enters the pre-shared key, and the address space for BGP to do initial routing for dynamic discovery.

Note: it is IBGP. Add the BGP peers and ASN info. Check the wizard and done.

Outbound NAT is enabled. Inbound requires configuration. Hosters can supply VPN configuration scripts that the tenant can download from the portal.

Creates a new NAT rule for a web server. Nice bit: can choose an already selected VM rather than entering an IP address.

And that’s that!

Technorati Tags: System Center,VMM,Networking,Hyper-V,Virtualisation,Cloud

TechEd 2013: How To Design & Configure Networking In VMM (Part 1)

Speakers: Greg Cusanza, Serior PM, Microsoft.

Part 1 is getting things going from scratch. Part 2 will be about Hybrid Networking (configuring network fabric for HNV, network virtualization gateways, tenant self-service).

Recap on VMM 2012 SP1

Connectivity: multi-tenancy, isolation, mobility, bring-your-own-IP. Result: VM Networks.
Capability: QoS, security, optimizations, monitors, extensibility. Result: Logical Switch

Also worked on a partner ecosystem. Moving on …

Step 1: Plan

Design: draw your network. Ask questions up front to get answers
Hardware: use hardware that supports your design. Iterate back on your design. Configure the hardware.
VMM configuration: Create logical objects. Configure hosts. Add tenants. Deploy workloads

Network Design

Questions: How do I provide isolation?

Data center isolation: separation of infrastructure traffic as security boundary and for QoS
Tenant islotion

Can do this via:

Physical separation: physical switches and adapters for each type of traffic
Layer 2: VLAN: Tag is applied to packets to control forwarding. Very mature and well understood. Limited number (4096) and very complex after a while.
Layer 2: PVLAN: Primary and secondary tags are used to isolate cliens while still giving access to shared services. Limited support in VMM 2012 SP1.
HNV: Use NVGRE encapsulation to isolate tenants

You can simulate community in VMM by using network virtualization on the back end of your isolated PVLANs – a common VM Network.

Network Virtualization: you can create networks on the fly that are abstracted from the physical VLAN that they are connected to.

No Isolation

Why: provides direct access to the logical network. VMM picks the right VLAN based on placement.
Upgrade to SP1: Pre-SP1 VMs have direct connectivity to the logical network by default
Direct access to infrastructure: Think of the system center in a VM scenario

Where should you use what?

Address spaces

Size based on broadcasts and address utilization
Can be DHCP and static
IPv4 and IPv6: You have to choose between them when using HNV

SR-IOV

Great performance and scalability. The trade off is that you lose vSwitch management features. Limited support for Intelligent Placement.

RDMA

Great fast storage. Can’t be used on Virtual Switch NICs.

Teamed Adapters

3 models:

Non converged. Physical NICs for every task/role/network. Cabling nightmare.
Converged: Use fewer NICs and QoS to converge roles.
Converged with RDMA: See my recent design

Networks in VMM

Logical network: models the physical network. Separates like subnets and VLANs into named objects that can be scoped to a site. Container for fabric static IP address pools. VM networks are created on logical switch.
Logical switch: central container for vSwitch settings. Consistent port profiles across data centre. Consistent extensions. Compliance enforcement.

Demo

It’s VMM 2012 R2. First, create a management network in Fabric – Logical Networks. Calls it management. He chhoses “One connected network”. Adds a Network Site that is scoped to a host group, and uses a DHCP subnet (and VLAN ID). Creates a clustering “One connected network” logical network with a network site/subnet with static IP (and VLAN ID). Creates a second network site with a static IP subnet (and VLAN ID).

Then creates IP pools for the 2 clustering network sites.

Now creates and External (name/purpose) logical network. Sets the Network site and IP subnet/VLAN. Then creates an IP pool for External.

For VLAN tenant isolation, he can create a logical network with lots of VLANs/subnets in a network site. Each subnet would require an IP pool.

VM Networks are required for connecting virtual NICs. For the tenant network (using VLANs) the VM Network will be assigned to a specific VLAN/subnet in the tenant logical network.

No HNV in this demo. That’s in part 2.

What’s New in VMM 2012 R2?

All network devices (except load balancers) and services are now “network services” (Virtual switch extension, network manager, network virtualization policy, gateway, physical switch):. New interfaces:

Network manage: separation of virtual switch and network management
Physical switch

IPAM as a network manager:

Inbox plugin for Microsoft IPAM
Exchange logical networks, sites, and subnets. Doesn’t use the manual/scheduled script of 2012 SP1. Plugin is shipped in VMM 2012 R2.

Can track utilization and expand as required.

In-box plugin for the standards based (CIM) network switch profile. Implemented and shipping with Arista EOS 4.12 – common across Arista switching platforms.

Logical Switch

Why:

Automatic team creation
Configuration for data centre on a single object
Live Migration limited within a logical switch – remember that this is an abstraction so it doesn’t limit LM across a data center, etc.

VM Configuration

VM Networks: All vNICs now only connect to VM Networks
Port Classifications: Container for port profile settings. For Hyper-V switch port settings and extions port profiles. Reusable. Exposed to tenants through cloud (a classification)

Demo (Logical Switch)

Everything is now called a port profile (they can be virtual or uplink, depending on what you choose in the wizard). Creates an uplink port profile and configure the NIC teaming configuration. You see the new Dynamic Mode there (only supports WS2012 R2). There is a new option: Host Default. Chooses the default for that particular OS (that is Dynamic on WS2012 R2). Then configures the Network Sites that can use this uplink port profile. You do not need to Enable Hyper-V Network Virtualization in this wizard if your hosts will be WS2012 R2. Doesn’t do any harm if you do.

Now creates a logical switch. Adds the new uplink port profile (meaning the switch will use that NIC team config). Configures the available QoS policies (virtual ports) for the virtual switches that will be created.

Now he creates a virtual switch on a host. New Logical switch, select the NIC, join it to the uplink port profile. Then add a second NIC and repeat. This teams the NICs. Can also use virtual network adapters here if you want to create converged networks – make sure one of them is marked for VMM management if using your default physical management NIC for the NIC team.

External Isolation

This is a feature you can do with a forwarding extension to the virtual switch.

Does a demo of the NEC PF1000 Programmable Flow OpenFlow forwarding extension, creating the above bits, after creating a VLAN.

Then a demo of the Cisco Nexus 1000V – which is now available for download/sale depending on the edition.

Forwarding Extensions in VMM 2012 R2

HNV and forwarding extensions can co-exist in WS2012 R2. Can enable network virtualization in the extension.

And that’s the end of part 1. You can find part 2 here.

Technorati Tags: System Center,VMM,Networking,Hyper-V,Virtualisation,Cloud

TechEd 2013: System Center 2012 R2–Virtual Machine Manager

Speaker: Vijay Tewari, VMM PM.

Boostrapping a repeatable architecture

VMM becomes the heart of the data centre. You deploy everything from VMM console/library. For example, MSFT will be supplying service templates for deploying the reset of System Center from VMM.

Network Architecture

A sample one:

Storage

Using SOFS service templates, SMB 3.0 management, SMI-S (including fiber channel support), VMM 2012 R2 can manage the entire storage stack from bare metal to zoning/permissioning.

Demo

Host Profiles has become Physical Computer Profiles. You can create a file server profile for a SOFS bare metal deployment. He reaches out to the BMC (DRAC, ILO, etc) to discover, power up, and deploy the OS of the cluster nodes. If the process completed, a new SOFS would be running and managed by VMM. Now you can use VMM to provision and permission file shares. Once done, you can start to place/move VMs on the file share on the permitted hosts.

Note: you don’t touch the file servers, log into them, use Server Manager, use a PoSH cmdlet. It’s all done from the VMM console. Very sweet.

See Datacenter Abstraction Layer (DAL).

Synthetic Fiber Channel In The Guest

VMM 2012 R2 adds support for guest fiber channel in Hyper-V. Uses SMI-S to talk to the SAN. Involves 2 things:

Project a fiber channel virtual adapter in the guest
You need to be able to program the fiber channel network

Simplified zone management from the VMM console.

Storage

Offloaded data transfer is now supported in VMM 2012 R2 to provision resources from the library.
VMM supports WS2012 R2 Hyper-V to create guest clusters using a shared VHDX. Remember the VHDX is stored on shared storage (CSV or SMB). MSFT uses this kind of SQL cluster for testing SysCtr. It’s a check box: Share this disk across the service tier … yes, you can deploy a guest cluster from a service template.

New in Service Templates: the first node online will initialize the cluster, and additional nodes join the cluster. Service templates understand the need for different tasks on the first and subsequent nodes. In the demo, he talks about how SQL can be installed on the guest cluster as part of the service template.

IP Address Management

You can create networks in VMM and IPAM will detect it. Or you can use IPAM to model your networks and VMM will pull in the configuration.

Top of Rack Switches

More DAL. This is where VMM can configure/manage physical switches using OMI. In the demo, a host cannot respond to a ping. In VMM, the host is non-compliant. The reasoning is that the required VLAN is not piped through the switch port to the host NIC. There is a “remediate” button – press it and VMM can reach out to an OMI switch to fix the issue …. assuming you have a RunAs account for the switch. Otherwise you beat your network admin with some Cat5 cables until he relents.

Hybrid Networking

This builds on things like virtual switch extensions, NVGRE, etc. The ability to move a VM from one network to another without changing the IP, and the VM stays online using HNV.

Windows Azure Pack is shown in the demo. Vijay spins up a network in a hosting company public cloud. He configures the IP stack of the new virtual subnet (a subset of a VM network). A site-site tunnel (VPN) is configured. Remember, WS2012 R2 RRAS will do this for us (NGVRE gateway too).

He configures IBGP for routing, and then configures the VPN connection properties (IP, shared key, etc). Now he has extended his on premise network into the hosting company.

Gateway Service Templates

An out of the box SCVMM 2012 R2 service template will automate the deployment of the WS2012 R2 NVGRE gateway.

Hyper-V Recovery Manager

This is Hyper-V Replica management via a new SaaS product in the Azure cloud (Recovery Services). It is in preview at the moment. A provider (an agent) is installed in the VMM servers in production and DR sites – VMM must manage the production cloud and the DR cloud, with a VMM server in each site. This only does management; all data replication goes directly from production to DR site, never going to Azure.

He configures cloud to cloud replication policies. Now from in the VMM console, he can enable replication on a per-VM basis using Enable Recovery or Disable Recovery in the ribbon. Replica VMs have a slightly different icon than production VMs.

HRM can be used to create recovery plans and be used to invoke them.

Operations Manager Dashboard Monitoring

A new OpsMgr MP, with rich dashboards. Demo: Drive down into the fabric health. Clicks on a network node and looks at the network vicinity dashboard to browse the health of the network. Can diagnose networking issues in the VMM console.

Summary

Built on features of WS2012 and added support for WS2012 R2 features.

Technorati Tags: Event Notes,System Center,VMM,Storage,Networking,Cloud,Hyper-V,Windows Server 2012 R2

The Most Under-Appreciated & Under-Used Feature Of VMM: VM Templates

Over the years, I’ve talked to people who own VMM and I’ve seen a few customer installations. Way too often I see one of these two things:

An empty VMM library
People are not deploying VMs from VM templates

The VMM Library

Adding files to the library is easy: you use Windows Explorer to copy the files into the share. If you can’t do that, maybe a job in IT isn’t appropriate? The library in the console refreshes every 1 hour by default. You can wait, or you can right-click the library and force a refresh. Now you have a repository of reusable contents.

Personally, that’s where I like to keep the ISOs that I download from Microsoft and others. Some software doesn’t come as an ISO, so I’ll use some free utility to “burn” and ISO with the installer on it. You’ll find a nicely populated MSSCVMMLibrary folder in our lab at work, and on my Windows 8 (Client Hyper-V) laptop.

To save space, WS2012 deduplication is enabled on the library volume in the VMM server.

This is also where I keep my VHDs. But more on that Smile

VM Templates

Microsoft has a different way of thinking about VM Templates than VMware. From what I am told by VMware customers, every virtual machine template in vSphere consists of a VMDK and some metadata. It’s the Ghost approach – lots of images.

Microsoft went a more modular route. A VM Template is made up of:

A linked VHD/X file: generalised by Sysprep if it’s got a Windows OS
An OS profile: how do you want to customise the OS deployment in the VHD/X? This includes computer naming, local admin password, roles/services, etc.
A hardware profile: how do you want to customise the virtual hardware spec of the VM? This is the entire set including, processors, memory, disks, network (and VM network connection, etc), and so on.

You can have a single WS2012 VHD/X. You can create lots of OS profiles. You can create lots of hardware profiles. And you can create lots of VM templates. You link:

A VHD/X. A single VHD/X can be reused many times.
A OS profile: maybe some VM templates will be for basic servers, some will be file servers (with all the storage stuff enabled), some will be web servers (with IIS enabled), and some will be .NET application servers (with .NET Framework enabled).
A Hardware Profile: How should this type of server be specced? Maybe SQL Servers should have Startup RAM of 1024 GB and 2 additional VHDX files on the SCSI controller?

The concept here is that you can create lots of VM templates from a single VHD/X file. That means you have a single, already patched and hotfixed, VHDX file for every kind of VM deployment with that OS. Single image deployment – it’s the achievable dream in OS deployment … and it’s really easy with VMM if you bother to try. You can deploy new VMs directly from your VM templates. Maybe you make no changes in the wizard, but you can also further customise the VMs at this point.

Now deployment is easy. For example, I need to build a lab for a series of events on WS2012 non-Hyper-V features for the next few weeks. I could waste a lot of time by deploying lots of VMs, not from templates, patch the suckers, customise hardware, lots of reboots, and enabling features/roles, and lots more reboots. Or I could be clever, and build a single VM, update the patching, turn it into a template (power it down, right click, Create VM Template), create more custom VM templates from that single VHDX file, and deploy my lab really quickly from that. Which one do you think I’ll be doing? Smile

Give yourself a couple of hours. Create a couple of VM templates based on your most common deployments, and you’ll save tonnes of time later on.

BTW, you can’t do self-service without templates, and you can have a cloud (of any type) without self-service.

Technorati Tags: System Center,VMM,Virtualisation,Cloud

Beware When Using Descriptive Names For VMM

Over the years I’ve seen lots of computer naming standards. Some have used Simpsons or Tolkein character names, football player surnames, etc. That has mainly because of laziness, but sometimes it’s to do with security-by-obscurity because “hackers then can’t figure the network out” Smile Ooooooo-k then! No need for defensive comments on that topic Smile

On the other extreme I’ve seen the likes of Dub-Lab-DC-1. It couldn’t get much more descriptive without including the spec of the server. You’ll need to be careful if creating a VMM server in this kind of network. There’s a small, but important, note in TechNet article that describes the system requirements of System Center 2012 Virtual Machine Manager (VMM) with/without Service Pack 1 (SP1).

In addition to the normal rule of the computer name not exceeding 15 characters:

The computer name cannot contain the character string of –SCVMM-, but you can use the character string of SCVMM in the computer name. For example, the computer name can be SEASCVMMLAB, but the computer name cannot be SEA-SCVMM-LAB.

In other words:

Dub-Lab-SCVMM-1 is BAD.
Dub-Lab-SCVMM1 is good. A single hyphen can be the difference between a successful day and a world of hurt.

Interestingly, neither Bing nor Google return any results for -SCVMM- for me.

Technorati Tags: System Center,VMM,Virtualisation

Deploying Load Balanced Servers Using VMM 2012 SP1 (And Citrix NetScaler)

In this post I’m going to run through how you can deploy a load balanced server farm in VMM 2012 SP1. My example will be using the Citrix NetScaler VPX virtual load balancing appliance. The Brocade ADX and F5 Big-IP also have support for this functionality – there may be more but I’m not aware of them.

Load Balancer

I got a demo of this appliance. The install is easy enough; unzip the files, place them on a host, register the machine in place (Hyper-V Manager), refresh the host in VMM, assign and record a static MAC address for the legacy network adapter. Power it up, assign an IP config when prompted. The default user name and password are nsroot and nsroot. In the email from Citrix there is a product key – which is useless by itself. Log into www.citrix.com/account (I had to use Chrome because the site didn’t like IE10), go to Activate And Allocate Licenses, click Don’t See Your Product, enter the product key and the recorded static MAC of the VPX appliance, and now a license file should appear under View Licenses. Download that file. Now browse to the IP that you assigned to the NetScaler. During the mini-setup wizard, you’ll see a link to manage licenses. Click that and upload your license file. Your NetScaler appliance will reboot. Log back into the NetScaler via your browser, right-click Load Balancing on the left, and Enable Load Balancing Feature. Phew!

By the way, your browser will require … Java. Oh! The horror! My advice: have an admin VM that you never venture online with. Dell storage requires Java too. Jeez!

Load Balancer Provider

The next step is to download the VMM provider for your load balancer. This provider gives VMM and interface to integrate with the load balancer. You will install this on your VMM server. The Citrix one is a bit of a next-next-next installer.

Note: VMM will not be able to use this provider until you start the VMM service on your VMM server.

Run As Account

VMM will require a run-as account to log into and manage the load balancer. You create that in Settings > Security > Run As Accounts

Name it after your LB, and enter the user name and password.

Virtual IP Address Pool

Your LB will require virtual IPs (VIPs). A VIP is used by a client (user or application) to access the load balanced service which actually spans multiple obscured IP addresses. That means you only need to register the VIP in DNS for the load balanced service.

Identify the logical network, network site (and thus the IP pool) that will be used y your service. Note that you might need to update many IP pools if your LB will work with services across multiple subnets.

Edit the properties of the IP pool and reserve some of the IPs for your LB to use as VIPs. Note that the reserved IPs must be a part of the range defined in the pool. Here I have defined several IPs for use as VIPs. They will be checked out (used) and checked in (recycled) as I deploy and remove services that use the load balancer.

Fabric > Load Balancer

Into the Fabric to define a new load balancer. Note that you must restart the VMM service on your VMM server to make use of the provider you installed earlier.

Once that’s done, right-click Load Balancers and hit Add Load Balancer. Select the Run As Account you just created. Pick the Host Group(s) that you will permit to use this LB. Select the manufacturer and model from the drop down box (populated by the provider). Enter the IP address and port for managing the LB.

Under Logical Network Affinity you enter the VMM logical networks that will be used for:

Client comms (front end)
Server comms (back end)

My network is rather simple because it’s a lab. I’m using a single logical network for testing and demos so I check both boxes for it in this setting.

In Provider you can test the new load balancer:

Now you have a load balancer. It’s time to start to define how VMM managed services will make use of it.

Fabric > VIP Template

The VIP Template will be used by a Service Template to define how the load balancing will be done. You’ll be asked for a number of bits of information, such as:

A label (make this something useful that describes the function and planned usage of the template)
A template type: specify the load balancer that you’ve added to VMM
Specify the protocol that will be load balanced (HTTP, HTTPS Passthrough, HTTPS Terminate, Custom)
Client connection persistence to the application server (on or off)
Load balancing method (least connections, round robin, fast response time, custom)
Add custom health monitors (optional)

Now you have all of the required load balancer ingredients.

Update The Cloud

Your cloud that will host the new VMs (the service) must be permitted to use the LB and the VIP Template. Open the properties and check the box for the LB, and then the box(es) for the VIP Template(s) that you will be deploying.

VM Template

You will need a VM template. Confirm three things:

You capability profile matches the cloud in question
You have configured the template to connect to the server logical network you defined in the LB object (Logical Network Affinity) in Fabric.
The virtual NIC that will be load balanced has a static IP/MAC configuration

You’ll have all sorts of “fun” in the Service Template and deployment if you don’t confirm that stuff.

I’m using IIS 8.0 for my testing so my VM template also enables IIS, the management console, and the default document. This allows me to re-use a single VHDX and get multiple server types from it.

Service Template

Time to start designing.

In reality you’d be working with Web Deploy 3.0 and creating Web Deploy packages. You’d use this Web Deploy package to automatically install your web app to the new servers as you scale out the web server tier in your Service Template. I’m doing lab stuff here and I’m sticking to the default web site. Anywho, there’s enough in this post to keep you busy for now

In Library > Templates > Service Templates, create a new Service Template. I’m choosing the Single Machine one (“single machine” refers to a single tier which might be made up of lots of identical servers) for my demo. Maybe you need a two or three tier service template?

Click the application at the top, rename it to describe the template and give it a meaningful version number. You can create new versions to update your deployed apps based on this mechanism.

I drag my VM template onto the machine in the service template. A warning with alerts appears – save and validate (in the Ribbon) the configuration and that’ll sort itself out if your VM template is OK. Select the VM. In the bottom you can configure scalability for this server, thus turning it into a tier of 1 or more servers. I’ve set my example to start out by deploying 2 VMs from this template. It will allow the tier to scale out to 10 VMs (inheriting all of the Service Template configurations), and shrink down to a minimum of 1 VM.

Now I click Add Load Balancer in the Ribbon. The VIP profile, a Client Connection, and a Server Connection appear. My demo example is simple with everything on a single Logical Network. I need to connect the LB connections to the logical network. Do that by creating Connectors (the Ribbon) and dragging to connect:

The Client Connection to the logical network
The Server Connection to the relevant NIC in the application server

Hit Save And Validate once again. Now any machines in this tier will be automatically be configured to use the LB. This tier will use a single VIP for client connections. OK time to play!

Deploy The Web Servers

You can hit Configure Deployment in the Ribbon of the Service Template Designer to test it out. Give the service instance that you are creating a name, and select the cloud it will be deployed to. There may be some warnings. Click Refresh Preview in the Ribbon. Everything is checked against the targeted cloud. If all is well, the errors will disappear.

If you got the LB config wrong then it won’t appear. You can see mine in the bottom right in the above screenshot and how it’s connected to a logical network (named after my hand-built converged fabric on the WS2012 Hyper-V hosts).

When you’re ready to commit, click Deploy Service.

A new job starts. Here’s what’s happening:

2 new VMs (based on my scalability config for this tier in the service template) are being deployed in parallel
Configure the roles/services to customize the VM
It would drop on a web app if I’d attached a Web Deploy package to the tier in the Service Template
VMM will use the LB and Run As account to configure load balancing for both of these servers using the VIP Template

All I have to do is sit back and be patient *tick* *tick* *tick* Smile

Tip: Your VM deployments will timeout if you forget to complete the OS configuration, e.g. a valid product key. I strongly suggest that you test your VM Template deployment before including them in a Service Template. Monitor the running VM during deployment from a Hyper-V Connect window to look for deployment, config, or timeout issues.

The Deployed Load Balanced Service

Once the template is deployed you can poke around. The service appears in VMs And Services in the Services (Ribbon) view:

In the NetScaler console, I can see a Virtual Server was created with one of my VIPs:

My two VMs are identified as servers in the NetScaler:

And all that appears to be tied together in a Service Group by the NetScaler (this Service Group is selected in the Virtual Server):

All I did was fire up the NetScaler, give it an IP config, license it, and enable load balancing. VMM did all the rest using the Service Template via the LB provider. Nice!

You can test by doing the following:

Set up different web pages on the web servers
Browse to the VIP of the Virtual Server (192.168.1.161 in my example)
If you selected round robin as the load balancing method of the VIP Template then the web pages should alternate.
Try powering down a VM and the web app should stay operational.

And the nice stuff continues:

Right-click on the service tier in VMM. You can Scale Out the tier. VMM will deploy a VM according to the Service Template. The LB will be reconfigured to include the new VM in the NetScaler Service Group.
You can manually delete VMs and VMM will tidy up the LB.
You can remove the service entirely and VMM will tidy up the LB and recycle the VIP.

When you’re done, you can optionally delegate access to this Service Template for your cloud tenants by editing the tenant properties:

And that’s Service Templates and Load Balancers. There’s a bit of work to get it up and running, but once you have, you can see just how easy it is to deploy new applications. And keep in mind that I’ve only scratched the surface of Service Templates!

Credit: Thanks to Hans Vredevoort MVP for some help on the Citrix end of things.

Technorati Tags: System Center,VMM,Networking

Below are the blog posts and articles that I have written for the Petri IT Knowledgebase over the past few weeks, covering topics like Hyper-V storage, Hyper-V snapshots, the Microsoft Cloud OS, and VMM 2012 SP1: