VMM | Aidan Finn, IT Pro

Results & Report on The Great Big Hyper-V Survey of 2011

I am pleased to present the results and a report on The Great Big Hyper-V Survey of 2011, that was conducted by myself, Hans Vredvoort, and Damian Flynn. We conducted this report over the last few weeks, asking people from around the world to answer 80 questions on:

Their Hyper-V project
Their Hyper-V installations
Systems management
Private cloud
Their future plans

Note that this survey had no outside influences. Microsoft found out about this survey by reading blog or twitter posts at the same time as the respondents. I have deliberately chosed not to try get a sponsor for my report to further illustrate its independence.

Some of the results were as expected, and some of them were quiet an education. Thank you to all who completed the survey, and to all who helped to spread the word. And now, here’s what you have been waiting for:

Here is a report that I have written over the last 2 days. I dig into each of the 80 questions, analysing the results of each and every question that we asked.
For those of you who want to dig a little deeper, here is a zip file with all of the raw data from the survey. You will find reports and spread sheets with different views and selections of data. I also created an additional spread sheet that was used to create the report.

Whether you are a sales person, a Hyper-V customer, a potential customer, or an enthusiast, I think there is something here for you.

Now the conversations and debates can begin. Have a read of the report and then go over to see what Hans Vredvoort, and Damian Flynn thought of the data. We have deliberately not shared our opinions with each other; this means we can all have unique view points, and possibly see something that others don’t. For example, I work in the software sales channel with a background in consulting and engineering, Damian is an enterprise systems administrator/engineer, and Hans is an enterprise consultant. We each have a different view of the IT world. And after you read their opinions, it’ll be your turn: we want to hear what you think. Post comments, tweet (#GBHVS2011), blog, or whatever.

Technorati Tags: Hyper-V,Virtualisation,System Center,System Center Essentials,Windows 8,Windows Server 2008 R2,DPM,VMM,Cloud,Private Cloud,Operations Manager,ConfigMgr

Great Big Hyper-V Survey 2011 Is Now Closed

I closed the Great Big Hyper-V Survey of 2011 this morning at 10:05 (Dublin time, 11:05 CET, 5:05 EST). Thank you to all who completed the survey. Myself, Damian Flynn (another Hyper-V MVP), and Hans Vredevoort (Failover Clustering MVP) will be sharing the results on this Wednesday (7th September, 2011) at 10:00 Dublin time, 11:00 Amsterdam time (05:00 EST, 19:00 Sydney).

Technorati Tags: Hyper-V,Virtualisation,Cloud,Private Cloud,Cloud Computing,System Center,System Center Essentials,VMM,Operations Manager,DPM

VMM 2012 Beta Crash: VmmAdminUI has stopped working

I got this crash when trying to view the properties of a virtual machine in VMM 2012 beta console. Fellow MVP, Mohamed Fawzi (Virtual Machine Manager), had the fix.

It’s a PowerShell command that you need to run from the VMM PowerShell window. Before that will work, you need to run:

set-executionpolicy unrestricted

Technorati Tags: Hyper-V,VMM,System Center

VMM 2012 Distributed Key Management (DKM)

Virtual Machine Manager 2012 (VMM/SCVMM) 2012 adds something that was lacking in VMM 2007/2008/20008 R2: clustered VMM servers. VMM 2012 is the gateway to the private cloud and you want that gateway to be fault tolerant at the hardware, OS, and service level. If you want to have a clustered VMM server then you will need to get to grips with some new concepts.

The VMM database contains a lot of information. Some of that information can be sensitive, such as product keys or administrator passwords. You don’t want just anyone getting a copy of that database (from offsite stored backup tapes, for example [which should be encrypted anyway]) and figuring out a way into gaining administrative rights to your network. For this reason, VMM uses encryption to protect the contents of this database.

By default the decryption keys for accessing the encrypted data are stored on the VMM server. Now imagine you have set up a clustered VMM server and those keys are stored locally, as seen below.

The first node with the local keys would encrypt the SQL data and access it with no issue at all. But what would happen after a failover of the VMM service from Node 1 to Node 2? The decryption keys are unavailable, on Node 1, and Node 2 has no way to read the encrypted data in clear text. There goes the uptime of your cloud!

That’s why we have a new concept called Distributed Key Management (DKM) in VMM 2012. Instead of storing the decryption keys on the server, they’re stored in a specially created container in Active Directory. This means that the decryption keys can be accessed by both of the VMM cluster nodes, and either node can read the encrypted data in clear text.

You can configure the option to enable DKM when you install the first member of the VMM cluster. You can optionally do this even if you’re setting up a non-clustered VMM server. It’ll mean the keys are safe in AD, and it gives you the flexibility to easily set up a cluster without too much mucking around.

When you enable the option to use DKM, you have two choices:

Installing as a Domain Administrator: You can enter the LDAP path (e.g. CN = VMMDKM, CN = System, DN = demo, DN = local) and the installer will use your rights to create the VMM container inside of the default System container.
Not Installing as a Domain Administrator: You can get a domain admin to create the container for you, ensuring that your new user account will have Read, Write, and Create all child objects permissions. You can enter the LDAP path (as above) that is provided by the domain administrator.

I like SystemVMMDKM for two reasons:

ConfigMgr uses SystemSystemsManagement for its advanced client objects
VMMDKM is quite descriptive.

Now Node 1 of the VMM server cluster will use the DKM/AD-stored decryption keys and access the secured data in the SQL Server instead of storing them locally.

After a failover, Node 2 can also read those DKM/AD-stored decryption keys to access the encrypted data successfully:

Decryption keys; I bet your security officer is concerned about that! I haven’t mentioned the protection of these keys yet. Note how we didn’t do anything to lock down that container? Normally, Authenticated Users will have read permissions. We sure don’t want them to read those decryption keys! Don’t worry, the VMM group has you covered.

In the new container, you will find an object called DC Manager <unique GUID>. This is a container that DKM has created and contains the protected keys for the VMM server/cluster you just set up.

It is protected using traditional AD permissions. VMM is granted rights based on what account is running VMM. I prefer to install VMM using a domain user account, e.g. demoVMMSvc. That account was granted full control over the container object and all descendent (contained) objects:

Note that Authenticated Users is not present. In fact what you will find is:

Self: Inherited with apparently no rights
System: Full Control on the container object only
Enterprise Domain Controllers: Read tokenGroups (Descendent User Objects), Read tokenGroups (Descendent Group Objects), Read tokenGroups (Descendent Computer Objects)
Enterprise Admins: Full Control on this and descendent objects
Domain Admins: Full Control on this and descendent objects
Administrators: It’s long but basically it’s not Full Control and no delete rights on this and descendent objects
Administrator: Full Control on this and descendent objects

In other words, VMM 2012 DKM is a pretty sure way to:

Enable a SQL database to securely store sensitive data for a highly available VMM cluster running across multiple servers
Allow those nodes of a highly available VMM cluster to share a single set of decryption keys to access the encrypted data in the SQL database

Now you have some very special data in your AD – like you didn’t already! But if you’re “just” a virtualisation administrator/engineer or a consultant, you better make sure that someone is backing up AD. Lose your AD (those DKM keys), and you lose that sensitive data in the SQL database. While you’re verifying the existence of a working AD backup (System State Backup of a few DCs, maybe), make sure that the backup is secure in terms of access rights to data and encryption. You’ve got sensitive encryption keys in there after all.

Technorati Tags: VMM,System Center,Failover Clustering,Security

VMM 2012 System Requirements

The official TechNet content is a bit scattered about so I through I’d reorganise it and consolidate to make stuff easier to find. The software requirements of Virtual Machine Manager (VMM/SCVMM) 2012 are easy:

Windows Server 2008 R2 Standard, Enterprise or Datacenter with SP1
Windows Remote Management (WinRM) 2.0 – a part of W2008 R2
.NET 3.5 with SP1 (a feature in W2008 R2)
WAIK for Windows 7

There’s a significant change for the database. SQL Express is no longer supported. You will need to migrate the VMM database to one of the supported versions/editions:

SQL Server 2008 R2 Enterprise/Standard x86/x64 (no news of support for the recent SP1 yet)
SQL Server 2008 Enterprise/Standard x86/x64 with Service Pack 2

Here’s the system requirements for VMM 2012:

Manage Up To 150 Hosts

Let’s be honest; how many of us really have anything close to 150 hosts to manage with VMM? Hell; how many of us have 15 hosts to manage? Anyway, here’s the system requirements and basic architecture for this scale of deployment.

You can run all of the VMM roles on a single server with the following hardware configuration:

Component	Minimum	Recommended
CPU	Pentium 4, 2 GHz (x64)	Dual-Processor, Dual-Core, 2.8 GHz (x64) or greater
Memory	2 GB	4 GB
Disk space (no local DB)	2 GB	40 GB
Disk Space (local DB)	80 GB	150 GB

Although you can run all the components on a single server, you may want to split them out onto different servers if you need VMM role fault tolerance. You’re looking at something like this if that’s what you want to do:

A dedicated SQL server will require:

Component	Minimum	Recommended
CPU	Pentium 4, 2.8 GHz (x64)	Dual-Processor, Dual-Core, 2 GHz (x64) or greater
Memory	2 GB	4 GB
Disk space (no local DB)	80 GB	150 GB

A dedicated library server will require:

Component	Minimum	Recommended
CPU	Pentium 4, 2.8 GHz (x64)	Dual-Processor, Dual-Core, 3.2 GHz (x64) or greater
Memory	2 GB	2 GB
Disk space (no local DB)	Depends on what you store in it	Depends on what you store in it

A dedicated Self-Service Portal server will require:

Component	Minimum	Recommended
CPU	Pentium 4, 2.8 GHz (x64)	Dual-Processor, Dual-Core, 2.8 GHz (x64) or greater
Memory	2 GB	2 GB
Disk space (no local DB)	512 MB	20 GB

If all you want is hardware fault tolerance for VMM then the simple solution is to run VMM in a highly available virtual machine. I don’t like System Center being a part of a general production Hyper-V cluster. That’s because you create a chicken/egg situation with fault monitoring/responding. If you want to virtualise System Center then consider setting up a dedicated host or cluster for the VMM, OpsMgr, ConfigMgr VMs. DPM is realistically going to remain physical because of disk requirements.

Manage More Than 150 Hosts

It is recommended that you:

Not use VMM server to host your library. Set the library up on a dedicated server/cluster.
Install SQL Server on a dedicated server/cluster.

The VMM server requirements are:

Component	Minimum	Recommended
CPU	Pentium 4, 2.8 GHz (x64)	Dual-Processor, Dual-Core, 3.6 GHz (x64) or greater
Memory	4 GB	8 GB
Disk space (no local DB)	10 GB	50 GB

The database server requirements are:

Component	Minimum	Recommended
CPU	Pentium 4, 2 GHz (x64)	Dual-Processor, Dual-Core, 2.8 GHz (x64) or greater
Memory	4 GB	8 GB
Disk space (no local DB)	150 GB	200 GB

A dedicated library server will require:

Component	Minimum	Recommended
CPU	Pentium 4, 2.8 GHz (x64)	Dual-Processor, Dual-Core, 3.2 GHz (x64) or greater
Memory	2 GB	2 GB
Disk space (no local DB)	Depends on what you store in it	Depends on what you store in it

A dedicated Self-Service Portal server will require:

Component	Minimum	Recommended
CPU	Pentium 4, 2.8 GHz (x64)	Dual-Processor, Dual-Core, 3.2 GHz (x64) or greater
Memory	2 GB	8 GB
Disk space (no local DB)	10 GB	40 GB

VMM Console

The software requirements are:

Either Windows 7 with SP1 or Windows Server 2008 R2 with SP1
PowerShell 2.0 (included in the OS)
.NET 3.5 SP1 (installed by default in Windows 7 and a feature in W2008 R2 – VMM setup will enable it for you)

Managing up to 150 hosts will require:

Component	Minimum	Recommended
CPU	Pentium 4, 550 MHz	Pentium 4, 1 GHz or more
Memory	512 MB	1 GB
Disk space (no local DB)	512 MB	2 GB

Managing over 150 hosts will require:

Component	Minimum	Recommended
CPU	Pentium 4, 1 GHz	Pentium 4, 2 GHz or more
Memory	1 GB	2 GB
Disk space (no local DB)	512 MB	4 GB

Managed Hosts

Supported Hyper-V hosts are below.

Parent OS	Edition	Service Pack
Windows Server 2008 R2 (Full or Server Core)	Enterprise or Datacenter	Service Pack 1 or earlier
Hyper-V Server 2008 R2
Windows Server 2008 (Full or Server Core)	Enterprise or Datacenter	Service Pack 1 or earlier

Please note that the following are not listed as supported:

Hyper-V Server 2008
Windows Server 2008 R2 Standard edition
Windows Server 2008 Standard edition

In the beta, Windows Server 2008 is not supported.

Supported VMware hosts are listed below. They must be managed by vCenter Server 4.1.

ESXi 4.1
ESX 4.1
ESXi 3.5
ESX 3.5

There is no mention of vSphere/ESXi 5 at the moment. That’s understandable – both VMM and the VMware v5 product set were being developed at the same time. Maybe support for v5 will appear later.

Citrix XenServer 5.6 FP1 can also be managed as standalone hosts or as Resource Pools if you deploy the Microsoft SCVMM XenServer Integration Suite to your hosts.

Bare Metal Host Deployment

The requirements for being able to use VMM 2012 to deploy Hyper-V hosts to bare metal machines are:

Item	Notes
Windows Server 2008 R2 Windows Deployment Services (WDS)	PXE Server to boot the bare metal up on the network. No other PXE service is supported.
Boot Management Controller (BMC)	This is a server management card: Intelligent Platform Management Interface (IPMI) versions 1.5 or 2.0 Data Center Management Interface (DCMI) version 1.0 Hewlett-Packard Integrated Lights-Out (iLO) 2 System Management Architecture for Server Hardware (SMASH) version 1.0 over WS-Management (WS-Man)
VHD image	A Windows Server 2008 R2 host OS captured as a generalized VHD image. Have a look into WIM2VHD or maybe using a VM to create this.
Host Hardware Drivers	NIC, Storage, etc.

Update Management

A dedicated WSUS root server, running WSUS 3.0 SP2. It cannot be a downstream server because that is not supported. There will be a lot of processed updates so this may require a dedicated server (possible a VM). If you install WSUS on a VMM server cluster then you must install the WSUS Administrator Console on each node in that cluster.

Technorati Tags: Hyper-V,VMM,System Center,Citrix,Xen,WSUS,WDS

KB2586286: SCVMM 2008/2008 R2/2008 R2 SP1 Crash With Linux Integration Services 3.1

This was quick!

“On System Center Virtual Machine Manager 2008, R2, and R2 SP1 (SCVMM), the Virtual Machine Manager Service (vmmservice.exe) crashes unexpectedly and the VM Manager event log shows Event ID 19999 and 1”.

VM Manager 19999: Virtual Machine Manager (vmmservice:368) has encountered an error and needed to exit the process. Windows generated an error report with the following parameters.
VM Manager 1:

System.ArgumentException: Version string portion was too short or too long. at System.Version..ctor(String version).

Apparently this is because the kernel version returned by Key Value Pair (KVP – a new feature in the Linux ICs) is longer than is expected.

The workaround at the moment is to run this command in the Linux guest OS as root:

/sbin/chkconfig –level 35 hv_kvp_daemon off

“This will prevent the KVP service from auto starting while retaining all other functionality of hv_utils. hv_utils provides integrated shutdown, key value pair data exchange, and heartbeat features”.

Technorati Tags: Hyper-V,Virtualisation,Linux,System Center,VMM

Recommended Updates for SCVMM 2008 R2 SP1 & Managed Hosts

You can find a list of updates that are recommended for System Center Virtual Machine Manager (SCVMM/VMM) 2008 R2 SP1 and any hosts it manages on the Microsoft support site.

Technorati Tags: VMM,System Center,Hyper-V,Virtualisation

SCVMMSSP 2.0 SP1 RTM

To be honest, I thought Microsoft would have killed this project because it causes confusion. Microsoft starting talking about their private cloud when System Center Virtual Machine Manager Self Service Portal (SCVMMSSP) 2.0 was released last year. With no other road map information, we were left to assume that it was the long term strategy – a shell in front of SCVMM.

Then along came SCVMM 2012 beta and we find that it is a self-contained private cloud solution. What about hybrid cloud integration? Project Concero takes care of that. It seems like SCVMMSSP is a one-time-only solution for those on SCVMM 2008 R2. Any effort you put into engineering it in your site will have a short term value if you do upgrade to 2012 because SCVMMSSP 2.0 is irrelevant there. I wish the messaging from MSFT had been clearer last year. I bet you a good few customers deployed the original SCVMMSSP 2.0 cloud solution to find it had a short life, and would have to be ripped/replaced by SCVMM 2012 with no migration path.

So, you can download this SP1 release of SCVMMSSP 2.0 now. I’m not going to bother copy/pasting any more information. This product is a total cul-de-sac, and a bad strategy to take in my opinion (now we know the real strategy).

Technorati Tags: Hyper-V,VMM,Private Cloud,Cloud,Virtualisation

Whitepaper: A Guide to Hyper-V Dynamic Memory

I’ve just published a new document or guide that is subtitled as “Understanding, enabling, and configuring Windows Server 2008 R2 Hyper-V Dynamic Memory for virtualised workloads”.

This whitepaper will walk you through:

The mechanics of Windows Server 2008 R2 SP1 Hyper-V Dynamic Memory
The scenarios that you’ll employ it in
The pre-requisites for Dynamic Memory
Configuring Dynamic Memory
Some of the application workload scenarios

“We normally don’t like it when a service pack includes new features. New features mean changes that need to be tested, possible compatibility issues, and more headaches in between the usual operating system deployment cycles. Windows Server 2008 R2 Service Pack 1 came with a number of new features but we did not complain; in fact, we virtualisation engineers had a mini celebration. This is because those new features were mostly targeted at server and desktop/session virtualisation, and aimed to give us a better return on hardware investment.

Dynamic Memory was one of those new features. Put very simply, this VM memory allocation feature allows us to get more virtual machines on to a Hyper-V host without sacrificing performance.

You can use Dynamic Memory in a few scenarios. The one that gets the most publicity is virtual desktop infrastructure (VDI) where economic PCs are replaced by expensive virtual machines running in the data centre. It’s critical to get as many of them on a host as possible to reduce the cost of ownership. Server virtualisation is the scenario that we techies are most concerned with. We’ve typically found that we tend to run out of memory before we get near to the processor or storage I/O limits of our hardware. And the final scenario is where we use Hyper-V to build an Infrastructure-as-a-Service cloud, where elasticity and greater virtual machine density are required.

The approach that Microsoft took with this new memory optimisation technique ensures that concepts such as over commitment are not possible; that’s because over commitment potentially does cause performance issues. Dynamic Memory does require that you understand how it works, how to troubleshoot it, and how applications may be affected, before you log into your hosts and start enabling it. It will require some planning.

The aim of this document is to teach you how Dynamic Memory works, show you how to configure it, how to monitor it, and how to use it in various application scenarios”.

The document continues …

Credit:

Big shout out to the Hyper-V PMs and my fellow MVPs for the many conversations over the past year that allowed us to learn a lot.

Technorati Tags: Hyper-V,Windows Server 2008 R2,Windows Updates,Virtualisation,System Center,VMM,Remote Desktop Services,VDI

Unattended Linux VM Configuration Tool for Hyper-V

Yusuf Öztürk has released a handy looking tool on his blog for setting up Linux virtual machines. It will:

1) Unattended IP, Hostname and DNS configuration for Linux VMs.
2) Automatic Linux integration components installation.
3) Multi Distro Support: Debian, Ubuntu, Centos, Fedora, Redhat and Suse!
4) Automatic CPanel installation for Redhat and Centos
5) Linux VM Template support (Use Skip for EnableLIC switch)
6) Hyper-V support! You don’t need SCVMM to use this script.
7) Multiple Hyper-V and SCVMM host support.
8) Automatic Emulated NIC to Synthetic NIC support.
9) No need to internet connection (SSH access etc.) or additional changes on VM.
10) Custom Answer File support! You can execute your own scripts.

You can download the tool from his blog. Well done, Yusuf!

Technorati Tags: Linux,Virtualisation,Hyper-V,VMM