Event Notes | Aidan Finn, IT Pro

TEE14–PowerShell Unplugged

Speaker: Jeffrey Snover, uber genius, Distinguished Engineer, and father of PowerShell.

Tale of 3 Parents

UNIX: Small unit composition with pipes: A | B | C. Lacks consistency and predictability.
VMS/DCL: The consistent predictable nature impacted Jeffrey. Verb & noun model.
AS400/CL: Business oriented – enable people to do “real business”.

Keys to Learning PowerShell

Learn how to learn: requires a sense of exploration. I 100% agree. That’s what I do: explore the cmdlets and options and properties of objects.
Get-Help and Update-Help. The documentation is in the product. The help is updated regularly.
Get-Command and Show-Command
Get-Member and Show-Object –> the latter is coming.
Get-PSDrive HOw hierarchical systems like drives are explored.

Demo

Into ISE to do some demo stuff.

He uses a OneGet and PowerShellGet modules to pull down modules from trusted libraries on the Internet (v5 from vNext).

Runs Show-Object to open a tree explorer of a couple of cmdlets.

Dir variable …. explore the virtual variable drive to see the already defined variables available to you.

$c = get-command get-help

get-object $c

$c.parameters

$c.parameters.path

get-command –noun disk

Get-something | out-gridview

Get-Help something –ShowWindow

$ConfirmPreference = “Low”

TEE14 – Software Defined Storage in Windows Server vNext

Speaker: Siddhartha Roy

Software-Defined Storage gives you choice. It’s a breadth offering and unified platform for MSFT workloads and public cloud scale. Economical storage for private/public cloud customers.

About 15-20% of the room has used Storage Spaces/SOFS.

What is SDS? Cloud scale storage and cost economics on standard, volume hardware. Based on what Azure does.

Where are MSFT in the SDS Journey Today?

In WS2012 we got Storage Spaces as a cluster supported storage system. No tiering. We could build a SOFS using cluster supported storage, and present that to Hyper-V hosts via SMB 3.0.

Storage Spaces: Storage based on economical JBOD h/w
SOFS: Transparent failover, continuously available application storage platform.
SMB 3.0 fabric: high speed, and low latency can be added with RDMA NICs.

What’s New in Preview Release

Greater efficiency
More uptime
Lower costs
Reliability at scale
Faster time to value: get customers to adopt the tech

Storage QoS

Take control of the service and offer customers different bands of service.

Enabled by default on the SOFS. 2 metrics used: latency and IOPS. You can define policies around IOPS by using min and max. Can be flexible: on VHD level, VM level, or tenant/service level.

It is managed by System Center and PoSH. You have an aggregated end-end view from host to storage.

Patrick Lang comes on to do a demo. There is a file server cluster with 3 nodes. The SOFS role is running on this cluster. There is a regular SMB 3.0 file share. A host has 5 VMs running on it, stored on the share. One OLTP VM is consuming 8-10K IOPS using IOMETER. Now he uses PoSH to query the SOFS metrics. He creates a new policy with min 100 and max 200 for a bunch of the VMs. The OLTP workload gets a policy with min of 3000 and max of 5000. Now we see its IOPS drop down from 8-10K. He fires up VMs on another host – not clustered – the only commonality is the SOFS. These new VMs can take IOPS. A rogue one takes 2500 IOPS. All of the other VMs still get at least their min IOPS.

Note: when you look at queried data, you are seeing an average for the last 5 minutes. See Patrick Lang’s session for more details.

Rolling Upgrades – Faster Time to Value

Cluster upgrades were a pain. They get much easier in vNext. Take a node offline. Rebuild it in the existing cluster. Add it back in, and the cluster stays in mixed mode for a short time. Complete the upgrades within the cluster, and then disable mixed mode to get new functionality. The “big red switch” is a PoSH cmdlet to increase the cluster functional level.

Cloud Witness

A third site witness for multi-site cluster, using a service in Azure.

Compute Resiliency

Stops the cluster from being over aggressive with transient glitches.

Related to this is quarantine of flapping nodes. If a node is in and out of isolation too much, it is “removed” from the cluster. The default quarantine is 2 hours – give the admin a chance to diagnose the issue. VMs are drained from a quarantined node.

Storage Replica

A hardware agnostic synchronous replication system. You can stretch a cluster with low latency network. You get all the bits in the box to replicate storage. It uses SMB 3.0 as a transport. Can use metro-RDMA to offload and get low latency. Can add SMB encryption. Block-level synchronous requires <5MS latency. There is also an asynchronous connection for higher latency links.

The differences between synch and asynch:

Ned Pyle, a storage PM, comes on to demo Storage Replica. He’ll do cluster-cluster replication here, but you can also do server-server replication.

There is a single file server role on a cluster. There are 4 nodes in the cluster. There is assymetric clustered storage. IE half the storage on 2 nodes and the other half on the other 2 nodes. He’s using iSCSI storage in this demo. It just needs to be cluster supported storage. He right-clicks on a volume and selects Replication > Enable Replication … a wizard pops up. He picked a source disk. Clustering doesn’t do volumes … it does disks. If you do server-server repliction then you can replicate a volume. Picks a source replication log disk. You need to use a GPT disk with a file system. Picks a destination disk to replicate to, and a destination log disk. You can pre-seed the first copy of data (transport a disk, restore from backup, etc). And that’s it.

Now he wants to show a failover. Right now, the UI is buggy and doesn’t show a completed copy. Check the event logs. He copies files to the volume in the source site. Then moves the volume to the DR site. Now the replicated D: drive appears (it was offline) and all the files are there in the DR site ready to be used.

After the Preview?

Storage Spaces Shared Nothing – Low Cost

This is a no-storage-tier converged storage cluster. You create storage spaces using internal storage in each of your nodes. To add capacity you add nodes.

You get rid of the SAS layer and you can use SATA drives. The cost of SSD plummets with this system.

You can grow pools to hundreds of disks. A scenario is for primary IaaS workloads and for storage for backup/replication targets.

There is a prescriptive hardware configuration. This is not for any server from any shop. Two reasons:

Lots of components involved. There’s a lot of room for performance issues and failure. This will be delivered by MSFT hardware partners.
They do not converge the Hyper-V and storage clusters in the diagram (above). They don’t recommend convergence because the rates of scale in compute and storage are very different. Only converge in very small workloads. I have already blogged this on Petri with regards to converged storage – I don’t like the concept – going to lead to a lot of costly waste.

VM Storage Resiliency

A more graceful way of handling a storage path outage for VMs. Don’t crash the VM because of a temporary issue.

CPS – But no … he’s using this as a design example that we can implement using h/w from other sources (soft focus on the image).

Not talked about but in Q&A: They are doing a lot of testing on dedupe. First use case will be on backup targets. And secondary: VDI.

Data consistency is done by a Storage Bus Layer in the shared notching Storage Spaces system. It slips into Storage Spaces and it’s used to replicate data across the SATA fabric and expands its functionality. MSFT thinking about supporting 12 nodes, but architecturally, this feature has no limit in the number of nodes.

Technorati Tags: Event Notes,Windows Server 2015,Storage,Storage Spaces,Failover Clustering,Networking

TEE14–Software-Defined Compute In Windows Server vNext

Speaker: Ben Armstrong

Almost everyone in the room using Hyper-V. Large number also using VMware. About 1/3 using public cloud. Maybe 20% doing hybrid cloud.

Hybrid Cloud

Microsoft believes that hybrid cloud is the endpoint – seamless movement between on-premises and the public cloud.

Hyper-V scales. Azure runs on stock Hyper-V. It required a lot of work for WS2012, but it’s stock Hyper-V and that’s over 1 million servers running Hyper-V. If 1 in 10,000 installs shows a bug, and you run a hypervisor on that many host deploying 500m VM per day, then you test the product heavily. We benefit from this with our on-premises deployment.

What have Microsoft learned from Azure: Standardize your build – Keep the hosts simple and standardized. Don’t vary. Change does not scale.

Private Cloud Improvements

Large scale VMs and clusters
Accelerated live migration
Dynamic memory with hot add
Comprehensive host and guest clustering support
Rolling upgrades
Mixed mode cluster support
VM compute resiliency
Cluster-aware updating
Broad linux distro support
In-guest vRSS support
hot add and online resize virtual disk storage
Live backup
Comprehensive management

Hybrid Cloud

Hybrid Cloud is about extending your data centre, not replace it. In the MSFT Cloud OS, that’s Hyper-V, with SysCtr/WAP for private cloud, and Azure/partner run hosting cloud for public cloud. MSFT makes it seamless.

Right now, only Microsoft is listed as a leader in 4 categories of hybrid cloud computing by Gartner.

Linux and Windows parity on Hyper-V

Run Linux without compromises on a single host: Hyper-V. you don’t have to partition hosts. A single UI for managing Linux. Backup, monitoring, capacity planning, etc. All too often, the Linux people want to run their own virtualization, and it makes no sense. It’s a waste of time, effort, and importantly, money.

Open Source

Yes, Hyper-V is supported in OpenStack. And it’s supported in something called Vagrant. Microsoft has been working closely with them.

USP

Only company offering on-premises IaaS, public IaaS, public PaaS, and Public SaaS.

Change

People are running more VMs on:

More hardware
Less hardware

Hmm! How we scale is different now. Half a rack can run thousands of VMs. And in hyper scale clouds, you see a lower density for cost effectiveness and performance SLA. In private cloud, we focus on smaller clusters.

Virtualization is now assumed. Physical is no longer the default.

Workload mobility is assumed: People expect Live Migration or vMotion.

Secure isolation is assumed. Customers in different VMs expect that they are secure from other tenants’ VMs.

Hardware failure fault tolerance is assumed.

“I am the fabric administrator”. This is a new job title for the person who runs virtualization, network, and storage. What happens inside the VMs is not their worry. MSFT hearing from businesses that they want fabric admins have no access to data in the VMs. No solution to that today. In contradiction to this, that person used to be the domain admin that fixed everything. But now, it’s not uncommon that they don’t have sign-in credentials for the tenants’ VMs and cannot provide support.

Cluster Rolling Upgrades

Hyper-V upgrades are frequent. Downtime is hated by admins and tenants alike. Admins want to hide the fact that an upgrade is happening. This new process allows mixed mode clusters and Live Migration so you can rebuild nodes in a cluster with a new OS and LM VMs around without anyone noticing. Yes: you keep the cluster – it’s a host rebuild within the cluster and not a cluster migration of the past.

Compute Resiliency

Hyper-V failure are nearly always caused by hardware, drivers, firmware by OEMs. Big area of investment for Microsoft, including transient failures.

Backup

I know that this has been a focus point for Ben. Hyper-V is decoupling VM backup from the underlying storage. File based backup is the way forward, with efficient change tracking for backup. Provides reliability, scale, and performance. This session is on right now (Taylor Brown) so watch the recording in 24 hours.

Many more changes

Delayed VM upgrade
New IC servicing model
Secure boot for Linux Generation 2 VMs
Distributed Storage QoS
Resilienvt VM Configuration
And more.

Demo: Compute Resiliency

Clustering saves people over and over. But clustering is complex and it can break. Often caused by a transitory error, such as a cable being unplugged, etc. When there is a heartbeat failure, then you get a 30 second outage while VMs are failed over, and then there’s a wait time for the VMs to boot.

Ben demos with 3 nodes. A script will kill the cluster service on one of the nodes. In 2012 R2, the cluster would panic and do a failover. In vNext, the server is marked as isolated – there’s a problem. VMs are still “running” but market as unmanaged. A failover won’t happen immediately in case the node comes back online. The wait time is 4 minutes by default, but it is configurable. This behaviour is only applied to running VMs.

Another new feature is quarantine. When a host is frequently going in and out of isolated state, then it will be quarantined. It’s a disruptive server that causes a lot of churn. It is quarantined. VMs are migrated off (green quarantine) and then moved into red quarantine. Now it’s persona non-grata (no new workloads placed there) until you resolve the intermittent issue. There is a time for automatic quarantine so a host can come out of quarantine automatically.

Microsoft Were The First to Do Lots in Virtualization

Hardware assisted live migration for balzing performance.
SR-IOV with Live Migration
Fibre Channel in VMs with Live Migration.
TRIM and UNMAP

Is VMware really the market leader and inniovator?

Ben goes into Q&A.

Question: Is Hyper-V Manager going away? No. Emphatically. It’s used even by the happiest SysCtr and fabric controller admins, especially when things go wrong.

That’s a wrap!

Technorati Tags: Event Notes,Hyper-V,Virtualisation,Windows Server 2015

TEE14–Optimizing Your Data Centre With Windows Server, System Center, and Microsoft Azure

Speakers: Jeff Woolsey and Matt McSprit.

I am bursting – and I don’t just mean to use the toilet. Here comes the grand reveal for Windows Server & System Center vNext.

Here we go with a video: your data centre is an orchestra and you are the conductor. Left: compute. Right: networking. In front: storage. Keeping everything is the rhythm of management. Software-define all of it, make it possible in your data centre with Windows Server & System Center. Extend it with Azure.

Jeff Woolsey starts things off. We get the 3 clouds in one obligatory slide. Hundreds of new features that couldn’t be shown in the keynote. This foundation session will dive a little deeper. Jeff talks about “software-defined everything”.

MSFT Cloud OS hybrid cloud:

Empower enterprise mobility
Create internet of things
Enable application innovation
Unlock insights on any data
Transform the data center

Ugh: CPS. Yawn IMO.

More on WAP. You can run an Azure-consistent cloud on premises. Use this internally or as a service provider. Expect big pushes on WAP: it’s the front-end for enterprise deployments of Hyper-V/System Center for vNext onwards.

MSFT not bothering to change the scalability figures for Hyper-V because they haven’t had a customer hit the WS2012 numbers yet. The numbers were Top Gear numbers – big whoah but so high that they aren’t a blocker.

There is a major emphasis on guest clustering in Hyper-V. No artificial scale limitiations. You can do in-place or rolling upgrades of clusters in vNext from WS2012 R2. This includes mixed mode and live migration within the cluster.

Linux is getting vRSS support for network scalability.

Networking

Software-defined networking still puzzles people. Decouples the application/service from the underlying network. Doing lots to increase reliability and manageability.

Now RDMA to be added in network virtualization. Supporting VXLAN and NVGRE for SDN.

A new Netwrok Controller from Azure is being added to Windows Server.

A software load-balancer based on Azure is being added in the box in vNext.

Distributed firewall and cloud-scale network traffic management.

Storage

There is no such thing as a happy storage customer – Jeff Woolsey.

2012 gave us storage spaces. 2012 R2 added auto scaling. In vNext you get more. Microsoft does not use proprietary storage from the usual names. They use software-defined storage.

Storage Replica is synchronous replication in the box that works with any storage – you can even do it with a couple of laptops (allegedly).

Storage QoS is a killer feature for service providers.

Patrick Lang comes on stage to do Storage QoS demo. Perfmon is running, showing storage throughput from a bunch of VMs. VM1 is dominating.

He creates SLAs and applies them to VMs. Note: all PowerShell. He starts a bunch of more VMs. Some rogue ones try to take the storage bandwidth but the heavy user (a file server) gets the throughput that it needs for its SLA.

In 2012 they demod 1m IOPS from a single Hyper-V VM. Last year, they did it with 1.6m IOPS. In Server vNext, right now, they can do 2 millions IOPS from a single Hyper-V VM.

something Winter comes in to talk System Cetner. About 1/3 using SysCtr 2012. One or two hands using older. 2/3 of the room NOT USING SYSTEM CENTER.

MSFT will “ship another version of System Center in the Summer along with Widows Server”.

Making CPS work was an eye opener for System Center. They took over 500 improvements into SysCtr 2012 R2 and vNext. It was too complex to install/integrate the suite.

There is a cultural shift happening. Cloud is now. Users want services now, not in 4 hours or tomorrow. Do on-premises cloud or they’ll do it directly in public cloud. The solution is WAP offering service, SysCtr offering management, and Windows Server/Hyper-V offering compute, networking and storage.

You can do Azure Operational Insights with or without System Center:

Matt McSpirit comes on. He’s between us and lunch.

Azure Site Recovery now manages DR replication for:

Between Hyper-V and Azure
Between two Hyper-V sites
Between two VMware sites using InMage
Between two Hyper-V sites using array replication (just gone into preview)

Coming soon: From VMware to Azure DR replication using Azure Site Recovery Services.

Matt demos the setup of ASR and configuring a one-click failover plan.

Lunch time!

Summary: Azure is more than just cloud. It’s tricking down to on-premises infrastructure.

TEE14 – Keynote

Welcome to TechEd Europe 2014, blogged live to you by me from Barcelona, Spain. It’s early, I got in to near of the front of the hall, and the crowd is streaming in as a DJ Joey Snow mixes.

The stage is lit blue and purple, with the press sitting front and centre.

The crowd is awaiting the show to start.

Cameras are rolling.

And here we go ….

Alex Zander VP of Azure comes out. He starts on the pitch about the number of devices. The number of connected devices now outnumbers the number of humans on the planet. This brings up IoT. Here comes mobile-first, cloud-first.

What are Microsoft enabling in enterprise devices to expand your digital work and personal lives?

Here comes Joe Belfiore to talk about Windows 10 in the Enterprise.

1) Windows 10 delivers a single platform across a wide range of devices to ensure your investment covers a wide array of devices

2) Provide users with a platform that they will love to use.

3) Provide protection against modern security threats.

4) A way to manage all devices in a way that makes sense for businesses

Breadth of Devices

This covers everything from sensors in a jet plan to PCs, to tablets, to phones, to giant computing systems.

Love to Use

Interesting topic: Windows 8 has some “mixed response”. Customer satisfaction for keyboard/mouse users of Windows 8 was lower than that for touch users. Now they are making non-touch and emphasis point.

They have focused on that large group of Windows 7 users on classic PCs. The Start Menu is shown. Search is now a part of the Start Menu and is shown – this includes web searches so they are adding value to “Windows 7 features”. Windows 8 Live Tiles are added to the familiar start menu – adding value to familiar features. So this isn’t a big disruptive change for users – it’s more evolutionary.

Live Tiles add personalisation to a work environment – to make Windows more enjoyable for users.

Now he starts on the apps and the store. Today, they are not being used as much as MSFT would like because “the apps behave so differently”. Apps of all kinds are in the start menu and launch in Windows that run on the desktop.

And then he gets a big round of applause for CTRL+V at the command prompt:

Two more power user features coming in the next flight of Windows Insiders releases.

He has a multiple monitors display set up. Right now you cannot snap a window to the joining edge of a multi-monitor display. But Snap in Windows 10 allows you to snap a window to the “join”.

Now he moves over to the Surface Pro. Touchpads are all differently by the OEMs. MSFT are adding their own multi touch gestures on Windows 10 for the touchpad. 3 finger up/down hides/reveals all windows. Left/right does alt-tab with 3 finger swipe.

End user/consumer stuff will come in the new year. Then he shows the Continuum UI for hybrid devices (see previous posts).

Protecting Corporate Data

IT can control the PC’s apps that are used on the corporate network – allegedly.

Demo: Windows 10 PC that the user logs into. The company authorizes some apps to use company data and appear in the Start Menu. The user can also run non-authorized apps (including 3rd party). When she hits save as in Word she has Personal and Company stores that she can see. The user cannot save company data into a non-corporate store. For example, she cannot paste from Word (company app) into Twitter (non-company app). Policy allows a user override … assuming that the user enters a reason, and this goes into an audit log that IT is managing.

You’ll see this in Windows Phone too – one OS, remember?

Protecting User ID

Lots MSFT thinks they can do to protect against modern security threats. Today you can do 2 factor authentication but it’s cumbersome to deploy. They are going to enable cheaper two factor auth and fingerprint biometrics.

They user the Windows Phone as a second factor. When you log into the PC, the phone prompts you to enter a pin on the phone via Bluetooth. Do that, and now your log in on the PC is completed. No additional devices – just the company phone that you might have been buying anyway.Demo was done with Windows Phone.

Windows 10 Management for continuous Innovation

Improving the app store so you can use it to deploy your own or your licensed s/w. Hmm, SCCM? You’ll have a choice of GPO or MDM to manage all kinds of devices – “it’s your choice” – MSFT will faciliate 3rd party MDM.

Volume License support is coming via license claim and reuse in the Store. No MSA is required to use the Store infrastructure in the future. You can set up your own company store to manage your licensing.

Managed in-place upgrades are coming. They are ending the era of wipe and reload. Making OOBE more user friendly in the biz: a user gets a PC, goes through OOBE and corporate policy will be applied. There’s a “my organization owns it” option in OOBE. There’s a sign-in (looks like workplace join) dialog and policy is then applied accordingly. There will be 2 factor auth via Admin managed SMS. Now policy and pre-assigned apps are deployed. Custom data protection, authentication, security policy, etc are all deployed.

This is like a merger of SCCM and AD GPO into a cloud-based solution. I like the message. Lets see what the final product looks like.

Cloud

Back to Alex Zander again to talk cloud. Let’s watch the crowd to see what happens to them. It didn’t go well in Houston in May.

Asked to store more data and increase agility, security, and data privacy. Costs must be reduced while increasing flexibility for everyone. The pace of innovation is advancing at a dizzying rate. Businesses that adapt to this will thrive. Right now, SMEs are doing this.

MSFT cloud is more than Azure and O365. It’s also on-premises and with partner hosting companies. Three USPs to the cloud OS:

Hybrid
Enterprise grade
Hyper-scale

Key investments in Windows Server vNext in software-defined everything, such as the new Network Controller. This can run your software-defined networking.

Many are coming off of W2003 and are looking for new features, etc. MSFT wants to make that seamless: www.microsoft.com/ws2003eos.

A way to get started with the cloud is to just connect and extend functionalities using hybrid solutions, such as Azure Site Recovery Services for DR in the cloud.

Announcing: Azure Operational Insights. Install an agent on existing on-premises machines and start to log information into th cloud to do deep insights on how things are running and visualize that data. There are security, capacity planning and change management insight packs. You can do a fast search and fix incidents. See System Center Advisor *cough*

Bring Azure to your on-premises data centre. This is Windows Azure Pack (WAP). You get the same skin as Azure, powered by the same hypervisor (Hyper-V) and System Center.

Jeff Woolsey comes out to talk new stuff.

Storage Replica: Storage replication, storage agnostic, built into the box. Do replication between clusters or stretch clusters between sites. Demo: 2 notes in NY and 2 nodes in NJ. Seemless failover with no data loss thanks to synchronous replication. A cloud witness gives you quorum with a virtual witness site. Doesn’t require SANs and it woks with standalone servers. SIMPLE to set up.

System Center Advisor has come a long way:

Capacity planning allows you to project future usage based on empirical data and usage. Lots of information presented in a nice layout with lots of graphs. All powered by search. You can create personalized dashboards.

Manage your infrastructure using WAP to create Azure consistent clouds on premises using Windows Server and System Center.

Back to Alex Zander. He’s now going to pitch CPS. This is MSFT sold hardware running pre-packaged on-premises cloud, based on Dell h/w with lots of custom work done on drivers and firmware. Only Fortune 100’s need apply.

Half of the Microsoft hosting partners running the Cloud OS are in Europe.

On to Hyper-Scale. Over the last few decades, the industry is defined by the scarcity of resources: we are always struggling to find more, squeeze in more, etc. What if that was flipped on its head and we could use a hyper scale cloud with effectivly infinite resources.

Australia went live yesterday – now there are 19 Azure regions. The immense scale of Azure makes them cheaper and we can deploy cheaper “infrastructure” and services. Over 30 trillion storage objects in Azure. Over 1.2 million SQL DBs. Over 140m WAAD users.

Reminder of the G series of large memory VMs – the largest available on the public market. Intended for data processing. Also announced durable SSD storage in Azume Premium Storage with 50K IOPS with <1 MS read latency. Intended for workloads that might have been on bare metal.

Azure Batch preview is a job scheduling service in the cloud at a massive scale. Rich API and simple portal. Do batch jobs more quickly with massive elastic compute scale. You might use it for batch scale our and in on a scheduled basis to reduce VM costs.

1/5 of VMs in Azure are running Linux. CoreOS is supported now – a containerized tiny Linux OS.

Mark Russinovich, CTO and Azure, comes out to demo Azure Batch. He demos an open source 3d rendering app called Blender. He has a basic model that he will ray trace to make complete. he shows it before batch and it’s like watching paint dry. Now he adds a plug in to submit work to Azure Batch. How many VM instances you want are entered ina dialog. He uses 8 x A8 compute intensive VMs with 40 GBps Infiniband networking. submits the job and now he can track the job status via the plugin. The rendering accelerates. We get a nice picture. He compares with the non-optimized job and it’s barely got started.

He now starts to talk about Docker containers on CoreOS. Docker is normally managed from Linux We see Docker management from Windows for the first time:

He manages containers running in a Ubuntu VM. He creates a wordpress site from Windows, via the CoreOS management host, running in a container on the Ubuntu VM. Takes about 1 second to fire up.

Now he moves on to premium storage. There are 3 VMs, one on standard storage. IOMETER running in the VM to stress test the IOPS of the VM. Hits 500-600 IOPS (min guarantee is 500). The second is a D-Series VM with premium storage. Same test gives 4082 IOPS (single premium disk). 3rd VM has 16 disks on premium storage and they’re striped. Appears as 16 TB volume. IOMETER gives 61623 IOPS.

Microsoft are the only big 3 cloud vendor with enterprise grade, hyper scale, and hybrid cloud. Gartner has Microsoft as the leading cloud vendor in 4 key areas:

Amazon only has 12 MPLS WAN networked locations for hybrid cloud. Google has none.

Azure Marketplace offers ahuge collection of partner provided and curated VM services. See names like Kemp, Oracle, SAP, IBM, Riverbed, Dell, Symantec, Kaspersky, Barracuda, and many more.

Enterprise Productivity

Users expect to be connected from anywhere with access to resources with no IT-created complications. Workers coming into the workforce work very differently than my generation. Touch, connectivity, collaboration, discoverability of information are their norm. BYOD .. that’s a cultural thing that affects the USA more, according to IDC.

We go back to device management, applications, and identity.

Some old info here on MDM. Sleepy time.

New Windows Intune updates arriving in the coming months. Manage Office mobile apps, MDM for Office 365 so you can manage docs and email and do selective wipe of O365 data on lost devices.

Office 365

Julia White is out to demo. She shows the new Azure AD Connect Preview tool for linking on-premises AD to WAAD. Goal is to simplify a previous complicated process.

Azure AD app proxy allows you to bring all apps into a single control plane. She has a Sharepoint on-prem app that she adds to Azure AD. Users now go to one place for authentication and authorization. Is AD MOVING (not just extending) to the cloud? User logs into the app via an iDevice.

Feedback on Office for iPad is that IT wants to manage those apps and corporate data. Intune will enable this in near future. White sets up a configuration policy. Can set up so managed apps can only copy/paste to other managed apps. Can manage deployment of managed apps. Make available the app out from the admin portal. Back to the iPad. Runs Ourlook. There’s an email with an Excel attachment and opens that. The only app possible in the selection is Excel. That’s the only managed spread sheet tool so the unmanged ones are not available. Tries to copy/paste into the Apple email tool – cannot. But can paste into Word because it is managed.

There’s a new O365 SDK for iPad apps. Devs can reach into O35 data from the Apple tablet.

MSFT is the only global provider to be approved for Article 29 pan European data privacy. O365 data is encrypted at rest. DLP is a feature of the E3 plan that allows you to protect against data leakage. Users can see it in action and understand the purpose of it – therefore no excuse for trying to work around it.

Brings up a report to see amount of overrides on opt-in DLP policy. Too high, so she decides to change the policy. There’s a credit card DLP policy that’s being overriden. Modifies it, and adds an action for overrides. Adds and RMS policy to disable forwards when the policy is overridden. If it’s overriden, a notification can be sent to auditors.

Creates a new email with an attachment. Straight away Office detects the DLP rule and notifies the user. The user overrides. The recipient gets the doc in an email – RMS prevents snipit, forward, print, etc. os the credit card details are secure.

That’s a wrap, folks!

Technorati Tags: Event Notes,Events,Windows 10,Azure,Cloud,Cloud Computing,WAP,System Center,Hybrid Cloud,Hyper-V,Virtualisation,Storage,Failover Clustering

Microsoft News Summary-23 May 2014

1,000,000 IOPS from Hyper-V VMs using a SOFS? Talk about nerd-vana!!! Here are the links I found interesting over the last 48 hours:

TechEd 2014: What’s New for IT Pros: My summary from TechEd on Petri. Note that I forgot to include Trend Micro/Symantec/Microsoft offering guest OS AV, and Tm offering at-rest data encryption.
3 Tips for Working with the Active Directory Administrative Center (ADAC): I wonder what percentage of admins have ever even opened this tool that includes some of the features they’ve wanted for 10+ years.
How to troubleshoot the “Needs Attention” and “Not Responding” host status in System Center 2012 Virtual Machine Manager: Agreed, this happens way too often.
Quickly Recovering Replication on Hyper-V: How to force Hyper-V Replica to resync and restart replication after a long outage or connection issue.
Gathering Recent Events for a Specific Hyper-V VM: Troubleshoot a specific VM on a Hyper-V host.
Hyper-V Replica Replication Health Mailer: A PowerShell script which mails the replication health in a host or in a cluster in a nice dashboard format. It gets the status of the replicating VMs and their foot print on CPU and in Memory.
Hyper-V UNMAP Does Work With SAN Snapshots And Checkpoints But Not Always As You First Expect: How SAN snapshots impact UNMAP in ways that you might not initially expect.
How Storage Spaces Responds to Errors on Physical Disks: Essential reading for those doing Storage Spaces.
Achieving Over 1-Million IOPS from Hyper-V VMs in a Scale-Out File Server Cluster Using Windows Server 2012 R2: Go crazy with Storage Spaces in a SOFS.

Technorati Tags: Event Notes,Active Directory,System Center,VMM,Hyper-V,DR,Storage,Storage Spaces,Virtualisation,Failover Clustering,Windows Server 2012 R2

TechEd NA 2014–And The Winner Of Speaker Idol Is …

So I told you that I had qualified as a wildcard to the final of Speaker Idol in TechEd North America 2014. The judges also said I need to give them a tech talk rather than my tall tale based on photography. This would be a challenge. Other finalists would tweak existing decks that they’d worked on for ages. I had to start from scratch and get it right in less than a day. The most difficult thing is … it’s a 5 minute session and they time you. It’s one of the judging criteria. An hour long session is much easier to prepare.

So I got to the hotel on Wednesday night and started working. I knew what my topic would be: WS2012 R2 Live Migration. I had a demo script and a lab in Dublin … but there is no reliable speaker net at the podium so I would have to record my demo. VPN was too unreliable.

I built up my deck. No problem there. I knew the rules: the judges expect you to stick to a format. I went to build my demo but I had some problems with PowerShell modules in my VMM-deployed labs. It took some time, but I figured them out and got the demo ready. Then Camtasia did it’s thing … I remembered to record the video at eactly the screen resolution used by the big screen at the podium. One run through of the session and it was … nearly 9 minutes long. I needed to edit the deck, the demo, and me … brutally.

At 00:30 I was exhausted. I set the alarm for 06:00 and slept like a baby. It was the first morning that the alarm woke me. No jetlag on Thursday. I had a few hours to get myself ready for the final at 12:30. I rehearsed again and again, finally figuring that if I said certain things at the right time in the demo, and left out others, I could hit 4 minutes 45 seconds. Perfect!

So off I went to TechEd. I attended a session on Azure connectivity and thin skipped a fairly dull second slot, opting to go through my deck. I remembered something Mark Minasi told me last year – when he was not a judge. Speaker Idol judges and the audiences are a mixture of IT pros and devs. Give both audiences a hook. So I did: more service uptime and “your aps stay running while IT does stuff”.

The time came. I went to the area and waited. A crowd started to gather … and then people I knew started to arrive. The Hyper-V PM team from Redmond, the Irish MVP gang (John McCabe [ex-mvp, now MSFT]), Kevin Greene, Damian Flynn), readers of my blog and twitter followers, the gang from Petri, the Ferrills (father and son tech journalists, and so many more.

I was nervous. I do not get nervous when I speak. I really don’t. I’m comfortable speaking. I enjoy it – it’s a buzz when you’ve got something to share and you can see that the audience want to hear it. But damn I was nervous. I got on stage, and completely forgot that I had a clicker on the desk. I stood with Richard Campbell (the organizer, and famed for things like RunAs Radio) as I was introduced to the crowd.

I realized how much of the audience were people rooting for me. I was amazed. These people took the time to come and support me. The view from the podium was so cool.

My plan might work. I had 5 minutes to impress … starting now!

First thing: “How is everyone? Is everyone enjoying Speaker Idol?”. And they whooped. Thankfully! That got things going well. I did my intro slides and completely let the fact that I had a clicker slip out of mind. I like to get out from behind a podium so I was walking back and forth, pressing the keyboard to progress. Yuk! I did my demo and screwed up my timing and included stuff that I shouldn’t have. I included the “It does stuff” line and people laughed. Damn, this was going OK.

I wrapped up and waited for comments. I went over 5 minutes, nearly hitting 6 minutes. Argh! I was toast. Maybe I should have trimmed the intro slide. Some comments about font and bullet points. But overall, great comments about delivery and inclusion of the audience. The dev outreach worked.

I thought the guy that did the Azure talk would win. I liked his pace (I was a bit rushed) and he seemed very polished to me. I was sure I was not winning. We were all called up for the results. The judges said this was a tough one, tougher than it used to be in past years because people know what to bring now.

Mark Minasi (who recused himself of voting because we are friends) announced the results. It was a non-American (there was a presenter from Finland who also did a good job). And the winner of a speaking slot in TechEd North America 2015 is …

…

Aidan Finn.

Instantly pressure slid off. And the lack of stress left me … I was shattered. I think the stress was holding me up. Afterwards I talked for about an hour with people from all over. When it all died down I was ready to drop.

A few beers were had to celebrate 🙂

TechEd NA 2014–Extending Your Premises To Microsoft Azure With Virtual Networks And ExpressRoute

Speakers: Ganesh Srinivasan (Azure Networking), Jai Desai (StorSimple), Jon Ormond (MSIT).

Legacy Connections for Site-Site in Azure

Secure point-site VPN: for developers. POCs. Small scale deployments. VPN in from a machine. Based on STP.
Secure site-to-site VPN: This is for SMB and enterprises. Connect your business to Azure compute. IaaS and PaaS workloads. Configuration generally done on and on-rem edge device. Based on IPsec.

Now added: Private site-to-site called ExpressRoute. For SMB (with WAN) and enterprises. Mission critical workloads. Backup/DR, Media, HPC. Based on services provided by WAN ISP that are Azure networking partners.

Virtual Network Recap

Software defined private network in Azure. You carve out your own IP space/subnets. Can punch holes through Azure firewall for public presence. VPN connects to the virtual network via an edge subnet.

In-Region VNet to VNet

You want security between tiers or services so you put them in different virtual networks. In the same region, there are no data transfer costs. You can punch holes through firewalls to let services communicate.

Cross-region VNet to VNet

Need local presences across the glob but with interconnectivity. For HA/DR also. Can communicate securely using private IP addresses.

Multi-site VNet Connectivity

Up to 10 on-prem sites can connect into a single VNet in Azure. They may be geographically dispersed.

VPN Partners

Watchguard, OpenSwan, Cisco, Fortinet, Brocade, Sonicawall, Checkpoint, Juniper, F5, Allie Telesis, and Windows Server 2012 R2.

ExpressRoute

Other techs go via public internet so you have dependencies on many ISPs between you and Microsoft. Lots of chokepoints. It might be secure (IPsec), but you cannot build SLA on this. ExpressNetwork brings Azure VNets into your WAN. Now you connect to Azure via a private, SLA controlled WAN connection managed by your ISP, subject to your contract with them.

Enterprise Workloads

All services are made available, and not just VNets. VPN is limited to VPN. You also have controlled and predictable latency. This means there are lots more workloads that you can do over ExpressRoute:

Storage/backup/recovery
Dev/test lab
BI/big data
Media
Hybrid apps
Productivity apps

SharePoint has generated lots of interest as a service over ExpressRoute from customers.

Two Flavours

Depoy “on prem” at a colo facility such as provided by Equinox. You can route via colo facility to Azure. Probably requires lots of work for you and additional h/w.
Use an Azure ExpressRoute partner as your WAN provider. Then your sites connect direct to Azure. Almost a light switch. Probably no additional h/w.

Partners

Equinix, TelecityGroup, BT, AT&T, Level3, Verizon, SingTel

BT important for UK/Ireland. Telecity are important for Europe. If you are not with any of these, “talk to us” according to the speaker, and “we will figure it out”.

ExpressRoute Tiers

Unlimited inbound data transfer. You get some outbound data for free and above that there is a charge.

200 Mbps + 3 TB Month free
500 Mbps and 7.5 TB/month free
1 Gbps + 15 TB/month free
10 Gbps and 250 TB free/month

Customer Connectivity

If you do VPN then you can only access compute that runs in VNets. If you do ExpressRoute then you can access anything. And of course, if you punch holes in firewalls, then you can make services available publicly.

Common misconception: stuff you place in Azure is public. No: it’s only public if you make it that way. Your Azure services can be completely private if you want.

Customer Sign Up Experience

Talk to MSFT and ask for partners in a location. You get a key. Pass that on to the service provider. They query Microsoft and then they create a cross connection between you and Azure. You then set up BGP routes between you and Azure. And then you are connected.

In the case of a WAN provider, the routing is done for you.

Demo

He creates an ExpressRoute connection via the web ONLY using MSFT WAN and AT&T. The whole process is basically orchestrated. Should take no more than 5 minutes to complete after walking through the wizards.

He VPNs into Microsoft and can ping and Azure VM over the new WAN connection.

Another ping demo: between 1-2 MS latency between a MSFT office in California and a SharePoint farm in Azure over ExpressRoute (think he said US East region).

Fails over the SharePoint SQL database (guest OS install) from one region to another – takes about 3-4 seconds.

We now get Jon Ormond of MS IT to talk about how they are using ExpressRoute.

MSFT IT

LOTS of internal little apps that they have no interest in rewriting as PaaS apps. They use IaaS to run those VMs in Azure – doing that lift & shift now. Need a robust network connection. This is why they use ExpressRoute. They want to end up with 95% of VMs in “the cloud” both private (WAP) and public (Azure).

He does a demo using PowerShell to create the connection. Can also do this using REST API.

Jai Desai, a TSP takes over to talk StorSimple. I tune out here … a StorSimple talk.

Technorati Tags: Event Notes,Azure,Networking,Cloud,Cloud Computing

TechEd NA 2014 – Windows Azure Pack versus OpenStack

Speaker: Damian Flynn, MVP

OpenSource options

Eucalyptus.
Apache CloudStack: open sourced by Citrix.
Open Nebula: Poor support for hypervisors. Not there for Hyper-V.
OpenStack: Youngest of the four.

Then we have the Microsoft Cloud OS.

A handful of the room are running open source cloud, managing Hyper-V. Windows Azure Pack and SMA are the front end to VMM/SPF.

OpenStack clearly dominates the forum chatter.

Cloud OS Basic Deployment

Management network for WAP, SysCtr stamp, Network resources (NVGRE g/w) on Control Plane and External networks, and Compute on Control Plane and External networks.

Tip: download Damian’s deck from the Channel 9 site in a few days.

Architecture of OpenStack

Portal manages network, compute, image and blob. Identity drives all of those. Block storage also added.

The names of the components are … random codenames, e.g. Horizon, Heat, Trove, etc. See Damian’s deck. Same 3 networks are used, but the stack is simpler.

Hypervisors

WAP: only supports Hyper-V. vSphere and XenServer are supported by SysCtr.
OpenStack: Hyper-V, vSphere, XenServer/XenCloud, KVM, QEMU, UML

Hyper-V gets “a fair amount of love” from OpenStack. Microsoft Cambridge UK are writing support for OpenStack.

Storage

VMM will manage the storage fabric elements. Based on industry standards like SMI-S and MSFT-owned stuff like SMB 3.0/Storage Spaces.
OpenStack: Swift does BLOB/file-based storage. Cinder does block based storage. Relies on a lot of work by the storage vendors.

Library

SCVMM: Store images here. Tag those images using POSH.
Openstack uses Glance: Uses a workflow. Unlike what is in SCVMM. Glance needs to do a lot of prep work –before- deploying a VM. Cloud OS uses Hyper-V KVPs for a lot of that work on running VM during deployment phase.

Identity

Cloud OS: WAP authentication sites. Authenticate against local DB, .net (build your own stuff), or using ADFS (potentially any authentication system via federation).
OpenStack: Keystone. Everything must talk to Keystone to authorise actions. Keystone does better role-based access control – what a user can do within their tenancy.

User Experience

Cloud OS: WAP Admin and Tenant portals.
OpenStack: Horizon. Single portal doing some admin and tenant roles.

Damian says “God damn this is complicated” regarding OpenStack administration. A nightmare to figure out where you start and what to do.

Italian company called Cloud Based IT that make a product to make OpenStack work. They configure Windows with all that jazz you need. And it’s way out date.

Damian reckons RedHat would have been a better choice for his lab. Went with Ubuntu. Installing: easy. Configuring: not so easy.

Roadmaps

OpenStack: Public. Modules built within the stack.
Cloud OS: Microsoft do not talk futures publicly. MSFT focusing on bringing in partners to expand the eco system. SDK allows you/others to build add-ons.

OpenStack

MSFT engineering supporting 3rd party platforms.
Openstack is “free” – requires LOTS of engineering to customise and deploy

Cloud OS

One platform
Built on proven & documented System Center
Familiar and fully supported tech

Requires an incredible amount of work with HUGE hidden costs. Don’t let “free” fool you or your boss.

Technorati Tags: Event Notes,Cloud,Cloud Computing,System Center,Linux

TechEd NA 2014 – Introduction To Microsoft Azure Automation

Speakers: Eamon O’Reilly (System Center automation) & Beth Cooper (same team)

What System Center has done has been extended into Azure. Both in preview. About half of the room are familiar with Orchestrator, the basis of what we will see this morning.

Pretty full room – pretty small room unfortunately.

Benefits

Optimize and extend existing investments: Based on POSH. Integrates existing systems.
Deliver flexible and reliable services: quicker. Reuse.
Lower costs and improve predictability: reduce manual errors.

Concepts

Same as SMA: runbooks, jobs, and assets.

Appears under Automation in the Azure portal.

Capabilities

All runbook management/authoring/testing can be done in the Azure portal. Has a HA engine. Also has suspend/resume/checkpoint features of SMA. All based on POSH workflows so if you have a cmdlet, you can do it.

Pricing

Free in preview. Pricing based on 3 points:

Job run time: time from start to complete. 500 minutes on free plan. $20/month (standard plan) gives you 10,000 minutes
Number of runbooks: 20 for free in free.
Integration module size: 5 MB on free plan.

You can register for the preview on the Azure preview site. This week is the time to do it. Preview is limited to East USA region.

Demo

Create a new automation account. Sample runbooks to be found on script centre. Tags are present to search/filter runbooks, like in SMA. Also has draft (what you are editing) and published runbook status. So you can have a published runbook and edit a new version.

Almost everyone in the room is using PowerShell. IT pros in Ireland are 5 years behind the USA, at least, and this is not a question of scale.

You can manually start a runbook or schedule on. Example: shut down idle VMs at end of workday and power them up at start of workday – save the runtime cost of VMs in Azure.

Automation Accounts

Organise automation by group of individual contributor
Accounts live in different regions.
Create up to 30 accounts

Automation Dashboard

For analysis and troubleshooting operations
Access problem jobs to get up and running quickly – focus on them instead of the lots of others that are OK

Authoring

Author: Create workflow runnbooks. Call existing runbooks in library
Manage & browse and insert assets in runbooks: Modules & activities, credentials, variables, connections, schedules
Test: Run and see results within authoring window.
Troubleshoot issues
Publish: Edit draft before publishing

Manage Runbooks & Jobs

Dashboard view: view jobs over time. Find jobs that need attention
Runbooks view: Filtering of jobs based on status and date. ID authoring state (new, in edit, published). Filter by tags to find runbooks.
Jobs view: Histor of jobs per runbook. Who last updated/when. Input parameters and output. Drill into each job to view streams generated to help troubleshooting. Stop/suspend/resume job.

Assets

Connections: Information to connect to a particular system. System specific settings.
Update to new versions of integration modules
Credentials
Variables
Schedules

Central set of resources that can be used by all runbooks, like in SMA.

Demo

Has application insights enabled. If there’s an error on his site, The runbook triggers an action when an alert is created. A response is triggered whenever an alert is detected. All done using inline runbooks. Note: the alert detection method he used was to search for an alert email in GMail via an RSS feed.

Another demo.

They’re using SharePoint to store and change control their runbook scripts. A runbook is monitoring the status of scripts in the SharePoint document library (list item), using a custom SharePoint module. This uses a connection asset. They see a script go into a “ready to test” status in SP and that triggers a child runbook. It appears that the action is that the runbook is updated in Azure and moved to “production” status in SharePoint – they don’t really explain but that’s not really the point anyway. The demo was connections to external resources.

Typical Scenarios

Azure automation is more than just about Azure resources. Posh offers huge extensibility via modules.

Monitoring & remediation: Alert on a VM. Monitor for new services to ensure management. Notify subscription owners of underutilized VMs that are wasting money.
Change control and provisioning: Deploy a VM, and enable monitoring. Deploy a new service and configure endpoints for alerts. Deploy from GIT and automate tests and swap to production if passes. Monitor SharePoint online for approval to update a service and do that once approved.
Patch/Update/Backup orchestration: Use traffic manager to patch IaaS VMs without downtime to services. Enable regeneration of storage account keys while avoiding downtime. SQL backup on a schedule. Backup and restore IaaS VMs.

Leave remote management of Azure VMs enabled and Azure Automation can reach into those VMs’ guest OSs.

Anything you do twice: Automate it.

Takes time to create automation, but the more you do it the quicker you do it. And the time you invest up front will save you time in the long term.

Technorati Tags: Event Notes,Azure,Cloud,PowerShell