Archive

Archive for the ‘System Center’ Category

New Technical Preview for Microsoft Windows Server management experience Project “Honolulu”, released

Modernized, simplified, integrated, and secure experiences. Project “Honolulu” Technical Preview 1711 update is now available!

Some cool new features were release like the Windows 10 client management: You can now add Windows 10 client machines as connections in Honolulu, and manage them with a subset of tools in the “Computer Management” Solution.

For more information on new and removed features check https://blogs.technet.microsoft.com/windowsserver/2017/12/01/1711-update-to-project-honolulu-technical-preview-is-now-available/

 

Automating the deployment of Hyper-V hosts with VMM 2016 with Baremetal deployment

To deploy a new Hyper-V host from bare metal, the following simple steps are carried out by System Center 2016 Virtual Machine Manager (VMM) :

  1. VMM Discovers the physical computer through out-of-band management (BMC)
  2. VMM Installs an OS image on the physical computer using a previously created physical computer profile.
  3. VMM Enables the Hyper-V role on the physical computer.
  4. VMM Brings the computer under VMM management as a managed Hyper-V host.

Now in order for that to happen, let’s see what pre-requisites you are required to provide first:

  1. DNS and Active Directory
    Create DNS entries and Active Directory account for the machine names.
  2. BIOS

    a. Set up the BIOS on the machine to support virtualization: Configuring the BIOS boot order to boot from (PXE)-enabled network adapter as the first device.
    b. Configure the BMC settings. Configure the logon credentials and IP address settings for the BMC on each computer.
  3. Add a PXE server environment: A PXE server integrated to VMM is required for Bare Metal deployment.
  4. Add resources to VMM library: Add a generalized virtual hard disk with an suitable OS to use as the base image, and driver files that will be added to the during installation of the OS.
  5. Create a Run As account. In VMM create a Run As Account with permissions to access the BMC.
  6. Create Physical Computer profiles: In the VMM library, create one or more physical computer profiles. These profiles include configuration settings, such as the location of the operating system image, and hardware and OS settings.


Now let’s have a look on the step by step to provision a Hyper-V host using Baremetal Deployment:

  1. Click Fabric > Servers > Home > Add > Add Resources > Hyper-V Hosts and Clusters.
  2. In the Add Resource Wizard > Resource location, select Physical computers to be provisioned as virtual machine hosts.
  3. In Credentials and Protocol select the Run As account with permissions to access the BMC. In the Protocol list, click the out-of-band management protocol that your BMCs use. If you want to use Data Center Management Interface (DCMI), click Intelligent Platform Management Interface (IPMI). Although DCMI 1.0 is not listed, it is supported. Make sure the correct port is selected.
  4. In Discovery Scope, enter the single IP address, the IP subnet, or the IP address range that includes the IP addresses of the BMCs

Note:

  • If you specify a single IP address, when you click Next, the computer is restarted.
  • If you specify an IP address range, when you click Next, information about the computer is displayed, and you can confirm that you specified the computer that you meant to.

4a. If you specified an IP subnet or IP address range the Target Resources page appears. Select the BMCs you want to provision as Hyper-V hosts.

  1. In Provisioning Options, click a host group for new Hyper-V hosts. Select the physical computer profile you want to apply.
  2. In Deployment Customization, provide information for each computer that you want to provision as a Hyper-V host:

Note: To remove a BMC from the list, select it and then click Remove.

For each BMC IP address in the list:

    • Click the BMC IP address and specify a unique computer name, without wildcard characters.
    • Select or clear Skip Active Directory for this computer name. The Active Directory check prevents deployment if the computer account already exists.
    • For each BMC IP address in the list:
    • Click on the Network Adapter (on the left) to modify the configuration, or fill in more information. You can specify the MAC address of the management NIC (not the BMC) and static IP settings for this network adapter.
    • To specify an IP address select a logical network and an IP subnet if applicable. If the selected IP subnet includes IP address pool, you can check Obtain an IP address corresponding to the selected subnet. Otherwise, type an IP address that’s within the logical network or its subnet.
    • Configure the adapter settings for each network adapter. You must specify any information that is missing for the adapters.
    • When all information for the listed BMC are completed, click Next.
  1. In Summary, confirm the settings, and then click Finish to deploy the new Hyper-V hosts and bring them under VMM management.

Make sure that all steps in the job have a status of Completed.

  1. To confirm that the host was added click Fabric > Servers > All Hosts > host group, and verify that the new Hyper-V host appears in the group.

 

Note: Nano Server is not a supported OS for infrastructure-related roles like Hyper-V. I recommend that you use Windows 2016 Core Server version

Shielded VM’s: Virtualization security is a major investment area in Hyper-V 2016

security_banner1SECURITY – Protecting the company data should be a priority.

 

Protecting a Virtual Machine(VM) guest from a possible host compromised as well as the certain that on a 3rd party hosting environment your VM will be protected in addition to the protection applied to the hosts is a major investment area in Hyper-V 2016.

If you find that Microsoft is helping you and your business and find it has amazing technologies  as I as do, please help me out by recommending it on Recomazing a new tech platform where socially connected networks store and share trusted recommendations. Please click here to help our community.

Taking into consideration that a VM is a file, stored somewhere on a storage on locally in the Hyper-v host, it needs to be protected from attacks to the storage system, the network, while it is backed up or taken or copied to other systems.

To help protect against compromised fabric, Windows Server 2016 Hyper-V introduces Shielded VMs. A Shielded VM, requires a VM to be created as generation 2, which has a virtual TPM, is encrypted using BitLocker and can only run on healthy and approved hosts in the fabric. So, if someone copy either maliciously or accidentally the VM to a non-approved host, the VM (which is encrypted), won’t start and cannot be used to be mounted to allow access to it’s file system.

Shielded VM’s use several features to make it harder for Host administrators and malware on the host to inspect, tamper with, or steal data from the state of a shielded virtual machine. Data and state is encrypted, Hyper-V administrators can’t see the video output and disks, and the virtual machines can be restricted to run only on known, healthy hosts, as determined by a Host Guardian Server.

A configured Shielded VM has:

  • BitLocker encrypted disks
  • A hardened VM worker process (VMWP) that helps prevent inspection and tampering
  •  Automatically encrypted live migration traffic as well as encryption of its runtime state file, saved state, checkpoints and even Hyper-V Replica files (from 2016 TP5)
  • Blocked console access
  • Blocked  PowerShell Direct
  • Blocked Guest File Copy Integration Components
  • Blocked  services that provide possible paths from a user or process with administrative privileges to the VM.

 

 

 

With the release of Windows Server 2016 TP5, the Hyper-V team at Microsoft  made shielded virtual machines compatible with Hyper-V Replica. As with copying/moving the VM, to replicate a shielded VM, the host you want to replicate to must be authorized to run that shielded VM.

The Host Guardian Service supports two different deployments of a Guarded fabric (attestation modes): TPM-trusted attestation (Hardware based) and Admin-trusted attestation (AD based).

I hope you walk away with a better understanding of the Hyper-V Shielded VM solution from this post.

 

Hyper-V. CSV Volumes pause states 5120‏: Workaround

 

Microsoft is aware that after installing KB3126593 (MS16-014) there may be an issue that causes loss of network packets.

This may cause Cluster Shared Volumes (CSV) on the nodes Failover Clusters to going into a paused state with an event ID 5120 in the System event log what indicates “Status c000020c – STATUS_CONNECTION_DISCONNECTED”. 

You will also find that, on the node that owns the CSV volume(s), there will be an event 7031 with the source: “Service Control Manager”, which indicates “The Windows Firewall Service terminated unexpectedly”. 

Troubleshooting Cluster Shared Volume Auto-Pauses – Event 5120. https://blogs.msdn.microsoft.com/clustering/2014/12/08/troubleshooting-cluster-shared-volume-auto-pauses-event-5120/

Microsoft is aware of this problem and are working on a fix. But until it is release here is what you could do to get around this issue:

Option 1: Disable the Firewall LOGGING for all profiles (domain, private, public). (just the logging, not the firewall . You don’t want to be un-protected)

1.  Start the Windows Firewall with Advanced Security management console (wf.msc)

2.  Right-click Windows Firewall with Advanced Security on Local Computer and select Properties

3.  For all profiles (Domain, Private, Public), under Logging, click Customize. Set Log Dropped Packets and Log Successful connections to NO.

Option 2. Uninstall https://support.microsoft.com/en-us/kb/3126593 from the systems.

I will post an update once Microsoft releases the Hotfix.

Overcome the challenges of Managing IT in a hybrid cloud world – FREE WHITEPAPER

Overcome the challenges of Managing IT in a hybrid cloud world.

The IT world is increasingly hybrid, with cloud-based computing making major advances on many areas of on-premise computing. This has opened new opportunities for applications and services that would never have been possible before. Nonetheless, the monolithic “datacenter” of the past, with heavy concentrations of the products of a single vendor in place, has not been completely replaced by the Cloud. Instead, it has given way to a hybrid environment that includes physical datacenters and clouds, decades-old legacy systems, licensed and open-source applications and infrastructure components, and cloud-based services from many different vendors.

Savision’s newest whitepaper outlines a framework for approaching IT management that combines excellence in IT Operations with a strong focus on business impact of IT systems.
Download the whitepaper to find out:
 What are the different forces that are driving adoption and deployment of hybrid cloud architectures?
– What are the major trends that make today the most innovative environment ever for business, and also the most challenging IT management environment?
– What is the current state of hybrid cloud management offerings?
Download here the free whitepaper entitled: ‘Challenges of Managing IT in a Hybrid Cloud World’
Categories: Cloud, Microsoft, System Center Tags:

Azure ASR’s SLA-backed enhanced VMware to Azure solution is now ready to replicate your on-premises workloads to Azure

You heard right. Microsoft has launched an enhanced version of its Azure Site Recovery (ASR) targeted especially for VMware customers.

asr-new

The concept of ASR is very simple: organisations will be able to replicate their VMware virtual machines (VMs) to Azure, update and then run them in Azure as a disaster recovery option. They will be charged a small amount by VM but won’t have to pay for compute or storage until the VM is up and running in Azure.

To note, Azure Site Recovery, as part of Microsoft Operations Management Suite (OMS), enables your organisation to gain control and manage your workloads no matter the source: Azure, AWS, Windows Server, Linux, VMware or OpenStack.

 

Some of the key ASR characteristics:

  • With non-disruptive recovery testing, you can easily test the failover of your VMware virtual machines to Azure within minutes, and validate your workload’s performance in Azure, without impacting on-going replication or the production workload.
  • With ASR-integrated failback, start replicating your Azure virtual machines back to your on-premises ESXi environment, and failback to the original or an alternate location when your on-premises site is once again available for use.
  • Heterogeneous workload support, automated VMware vCenter Server discovery
  • Continuous data protection (CDP), one-click failovers with ASR Recovery Plan
  • Rich health monitoring and e-mail notifications.

I’ve been working with ASR for a while and I definitely recommend it.

Ready to start using ASR? Check out additional product information, to start replicating your workloads to Microsoft Azure using Azure Site Recovery today. You can use the powerful replication capabilities of Site Recovery for 31 days at no charge for every new physical server or virtual machine that you replicate.

You can read the announcement at https://azure.microsoft.com/en-us/blog/ga-enhanced-migration-and-disaster-recovery-for-vmware-virtual-machines-and-physical-servers-to-azure-using-asr/

Technologies that work together to create Microsoft’s SDN solutions

January 10, 2016 1 comment

With the upcoming Windows 2016 and System Center 2016, there will be many technologies that will work together to create Microsoft’s Software Defined Networking (SDN) solutions and the best part is that you can already check them by downloading and deploying Windows 2016 and System Center 2016 Technical Preview.

  • Hyper-V Network Virtualization, which enables virtualization of tenant networks on top of a shared physical network infrastructure. , which are being performed by hardware appliances (such as load balancers, firewalls, routers, switches, and so on) are increasingly being virtualized as virtual appliances. Microsoft has virtualized networks, switches, gateways, NATs, load balancers, and firewalls.
  • Network Controller, which provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual and physical network infrastructure in your datacenter.
  • RAS Gateway for High Availability and failover, which can be deployed in multitenant mode to provide network traffic routing to and from virtual and physical networks, including the Internet.
  • Software Load Balancing (SLB) for SDN, which can be used to evenly distribute tenant and tenant sub-networks traffic among virtual network resources. The Windows Server SLB enables multiple servers to host the same workload, providing high availability and scalability.
  • Datacenter Firewall. A new service. It is a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant firewall. When deployed and offered as a service by the service provider, tenant administrators can install and configure firewall policies to help protect their virtual networks from unwanted traffic originating from Internet and intranet networks.
  • Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET). When you use a converged NIC to combine both RDMA and Ethernet traffic using a single network adapter, it will help you reduce the capital expenditures that are associated with each server in your datacenter, because you need fewer network adapters to manage different types of traffic per server.  The converged NIC allows you to use a single network adapter for management, Remote Direct Memory Access (RDMA)-enabled storage, and tenant traffic. SET is a NIC Teaming solution that is integrated in the Hyper-V Virtual Switch. SET allows the teaming of up to eight physical NICS into a single SET team, which improves availability and provides failover.
  • Border Gateway Protocol (BGP). When configured Border Gateway Protocol (BGP) provides you with the ability to manage the routing of network traffic between your tenants’ VM networks and their remote sites. BGP reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and automatically learns routes between sites that are connected by using site-to-site VPN connections.
  • System Center. VMM can be used to deploy Software Defined Networks

 

Source: https://technet.microsoft.com/en-us/library/mt590952.aspx