Posted on

10 tips for a Happy Hyper-V or VMWare Network

 

  1. Make sure your external out of bound access is working.   (if you are lucky enough to have it that is) There is nothing worse than having to trek to a remote site or drag someone out of bed just to go and press F1 on a keyboard.  So test your iLO or IP KVM now and make sure It works over your remote access solution as well.
  2. Keep an eye on those disks. (or better yet have an automated solution to monitor them for you)  Not just on the guest machines but on your cluster shared volumes.  It is a lot better to forecast a growth trend and plan for disk growth than it is to run out unexpected and suffer an outage or worse, corruption.
  3. Test those backups.  Virtualization makes it easier than ever to take portable backups of all your servers but have you ever tested them?  It is much better to find out there is a problem in your business continuity plan in a test when everything is working than after a disaster so go plan a test now.
  4. How many hosts can you lose?  It is tempting to use all the available CPU and RAM on all your hosts but what happens when you have a failure?  Even keeping at least enough spare capacity for the loss of one host can be a risky situation.  This is especially true with Hyper-v; if you want to upgrade to the latest 2012 Hyper visor you will need to start again with a new cluster and move hosts over one at a time, so if you only have N+1 spare hosts during a migration you may well have no spare capacity to cope with loss of a host at all.
  5. So where will we restore all these backups to?  For all but the largest and most cash rich organizations an off-site backup datacentre is likely to be a dream.  Get an agreement in place now for new hardware in the event of a DR situation or have an account ready with Azure/Amazon/Rackspace etc. to host all your guest machines.  Once again, test it as the devil is in the details and have as much as possible pre-configured, there is nothing worse than battling firewall rules when a configuration could have been prepared and tested earlier.
  6. Updates, plan ahead how you are going to deploy updates and when.  Are you going to have them install automatically or will you need to test them in a dev environment now and deploy them to production later?  Either way think about it now and plan accordingly, no one likes downtime and its always a good idea to keep all of your hosts on the same patch level.
  7. Document everything.  Something which during the initial build you know like the back of your hand will be quickly forgotten in a few months when you need to re-visit it for a change.  What happens when you leave for a new job or fall under a bus?  Your current employer will still need to keep things running and its never nice for the newcomer to walk into an undocumented environment where everything has to be worked out from scratch.
  8. Log changes.  If you have an official change control procedure then use it, but even if your organization doesn’t have any official change control, write down any changes you are making, in a helpdesk call, email or anywhere you can refer to if required.  Better yet try to make changes in a pair.  If both you and a colleague agree on a change it is less likely that you have forgotten something crucial and when you leave for your 3 week jungle adventure holiday there is someone else in the team who knows what was done.
  9. Licensing.  Make sure your windows hosts are all activated and any VMware hosts have the required license keys installed.  You don’t want to have your grace period run out and leave you in the lurch.  You have bought licenses haven’t you?
  10. Security, access and auditing.  You should know exactly who has access to what and have auditing enabled for all changes.  Not so that you can apportion blame but so you know who to talk to about a particular change or can easily spot unauthorised or unexpected changes should they occur.  Also “have a go” at your hosts and guests, check what services they have available and if necessary get a professional in to check your security.  It is a lot nicer when a penetration tester finds a hole than a malicious hacker.
Posted on

System Center 2012 – Inside the Private Cloud

My three favorite parts of the System Center suite are Configuration Manager, Data protection Manager and Endpoint Protection.  These three products work well at making most of the chores of running an IT environment lighter

 

Configuration Manager & Endpoint Protection

This is, in my opinion, the flagship product of the System Center Suite.  Management of servers, workstations and even mobile devices is completed here and with Service Pack 1 an impressive list of operating systems and devices are supported including Linux and Mac OS.  The mobile device manager has now been brought into Configuration manager as well.  It is also within Configuration manager that you should deploy and manage Endpoint Protection.  Endpoint Protection was formally known as Forefront Protection, and I really hope this product continues being supported and isn’t eventually dropped like other forefront products have been, such as TMG. If you are lucky enough to have the standard or Enterprise CAL already (and you really should if you are looking at System Center) then it might be that you can save a fair bit of money by ditching your current Antivirus vendor and moving to Endpoint.

Typically in the past I would have used standard windows deployment from a share or USB volume or another vendor’s solution such as Ghost as the configuration manager effort wasn’t always worth the reward.  Deployments are now a lot easier and when tied with a decent collection of drivers and task sequences it is simple to quickly cater for a new situation or model of desktop or server.

 

Data Protection Manager

In my experience no backup solution is perfect and generally each has its strength and weaknesses.  With the 2012 iteration of Data protection manager the Microsoft offering is looking to be more of the former and less of the latter.

DPM is great at backing up Microsoft own products and applications and I have been using it to back up nearly 2TB of Exchange data and a large SharePoint Farm as well.

DPM offers many of the features an enterprise backup solution should, such as continuous protection, differential and incremental backups as well as Disk to disk and Disk to Tape backups.  I feel that it is only in the scheduling and retention options that DPM starts to fall down.  Typically I like to keep daily data for a month, weekly data for 2-6 months, month end for 2 years and year end data for even longer but unfortunately the retention a scheduling options don’t really cater for this approach, you simply have a hard limit on how long you can retain backup data with disk to disk used for short term and a second schedule for long term tape backups.  This leads to me using a different product to perform end of month backups simply so that I can keep them for longer than the other tape backups.

Generally DPM performs very well and can perform backups in shockingly fast order but it can have a tendency to occasionally mark replicas as bad or fail a snapshot only for it to succeed later without issue.  Quite possibly a quirk of the environment I have evaluated it in but something which seems to happen with other solutions a lot less often.  Also on upgrading on to sp1 be prepared to check the consistency of every replica and build the time taken for this into your upgrade plan.

Service pack 1 is definitely worth the upgrade as it sees a number of feature improvements such as support for deduplicated volumes and is the final piece in the puzzle to getting dedupe working on cheap hardware.  With Windows Server 2012 and Data Protection Manager you can use deduped volumes without the need to buy expensive storage solutions and licenses.  The useful extra features don’t end there, Cluster shared volumes can now be backed up as well as continuous protection of Hyper-V guest machines even while they are being live migrated.

 

Virtual Machine Manager

Virtual Machine Manager is to Hyper-V as vCentre server is to VMware.  VMM is the only real additional software cost you will have to bare if you want to use a full Hyper-V clustered solution. (God help anyone who wants to manage a large cluster of Hyper-V hosts as individual servers) The thought obviously being that if Microsoft gives you the Hyper visor for free you won’t balk at paying for the management tools and I expect a good number of people will buy the System Center Suite simply to be able to run Virtual Machine Manager.  If this sounds like you I hope you at least try the other parts of the System Center suite as they are worth a good look.

 

Orchestrator

Orchestrator is the centre point of the System Center suite and ties all of the other products together to make an intelligent workflow based automation solution.  It is based on software Microsoft acquired when it purchased Opalis back in 2009.

Orchestrator makes sense in the larger environments or when a requirement for automation is present such as in managed hosting.  It will likely be less use in smaller environments as the time taken to configure and automate tasks won’t have quite the same payback.

With Orchestrator it is possible to automate almost anything from deploying VMs through to recovering from an error condition in a service.  You can even find Integration packs from various vendors which lets you control and automate them from Orchestrator.

 

Operations Manager

Operations Manager is Microsoft monitoring and alerting system and in the latest version it does a lot more than peer into event logs and give you a huge list of errors.  As with the rest of the System Center Suite Service Pack 1 introduces support for Linux which enhances the appeal of Operations manager a little and the list of supported applications and devices seems to be constantly growing as well.  No doubt pure Linux environments will be running Nagios or something similar but for mixed or pure Microsoft environments Operations manager is definitely one of the best out there.

 

Service Manager

Service Manager is the System Center component I have spent the least time looking at.  It is hard to get excited about help desk solutions, especially when so many spend so long logged into them.  Possibly the best feature of Service Manager is the auditing and reporting.  If correctly configured with orchestrator Service Manager can help you to identify why problems are occurring or when changed were made which could have contributed to an issue.  Service Manager doesn’t feel like the kind of product people would buy on its own, but if you have already paid for the full System Center suite you would have to be silly not to at least try it and as with all of the other solutions mentioned here, generally the longer you use them, the more you come to realise how powerful and  they are.

 

Unified installer

There is a unified installer which is great for quickly deploying the whole System Center Suite and you can read all about my experience here I also urge you to click through some of the categories above for more System Center related posts.

Posted on

Azure – a cloudless sky?

I signed up for my azure trial some time ago, unfortunately long before infrastructure services reached general availability and for me this is the main feature I am interested in; SaaS and PaaS are secondary points of interest. 

The interface is lovely and clear but from an infrastructure point of view some of the concepts of a VHD existing inside a blob which is displayed elsewhere is a little confusing and on more than one occasion I found myself with multiple VHDs floating about without a virtual machine associated.  Sometimes I was also unable to delete the VHD’s or storage blobs as they were showing as in use; usually waiting till the next day cleared the problem and I could delete them as expected.

azure portal

The templates which were on offer in the preview were a little disappointing but that situation has improved dramatically and since the announcement of general availability there are now three new Windows templates, SQL Server, BizTalk Server and SharePoint Server.  This should really take the sting out of deploying these services to azure and in my opinion lowers the barrier to entry a little as SharePoint in particular can be a demanding deployment.  For everyone else you can simply pick up one of the basic server 2012, 2008 or Linux templates and build from there or even upload your own virtual machine images.  I think Azure offers a great get out of jail card for smaller businesses and enterprises a like who can leverage the IaaS as a Virtual DR site for their datacentres or critical apps.

Along with the announcement of general availability of IaaS there has been separate announcement of price changes which from my understanding removes the discounted preview price and brings some of the larger compute instance costs in line with Amazon.  Personally I am a little disappointed to see the Extra Small (A0) instance jump in price by 50% as this was my favourite instance for running a little “Desktop in the cloud” but it is good to see the larger instances drop in price.

One advantage to the Azure cloud with the Extra small instance is that there is no difference in cost between Linux and windows compute instances so Microsoft are effectively giving away the windows server guest license for free so while It can on the surface look pricey to leave a server always on in the Azure cloud, once you factor in the server license as well things start to look a little more competitive.

I would love to be able to take my trial over again and play with some of the new templates for free but I fear I will have to get the credit card out to play with Azure again.

Posted on

Windows Server 2012: Thoughts so far

When I first booted up into windows server 2012 I genuinely couldn’t believe my eyes.  The user interface formerly known as metro?  On a server?  Who is going to have a touchscreen on a server?  But slowly, it starts to make sense.  When you open the start menu it is usually because you are looking to start an application or configuration console from a shortcut, and with the old start menu the rest of the screen is somewhat redundant.  Not any more; every icon in the menu now fills the entire screen and the Win key + search term combo stills works so I am happy.  The only thing I miss is the ability to shift and right click on an item to run it as another user; now I have to pin it to the task bar and go to the desktop to do so.  A minor inconvenience, but an inconvenience none the less.

metro 2012 gui

Now on to some of the amazing new features of 2012: I love the ability to team network interfaces at the OS level.  Previously, you were at the whim of your network card drivers to achieve any kind of teaming, whereas now you can use whatever network interfaces you like to create a bit of redundancy and/or failover.  I can’t say enough good things about the new server manager either; it makes adding roles and features a breeze, particularly when compared to previous versions.  You can quickly and easily add a role or make a change to entire clusters of servers from one server manager console.

server 2012 manager

The new resilient file system, and in particular the Deduplication feature of 2012, look very exciting and I suggest everyone tries building a test 2012 server and moving their file shares to it, just to see how much space you could save with deduplication.  Actually using it in production could be a little trickier as it requires backup solutions that are Deduplication aware ,or else on a restore you may find yourself rapidly running out of space or encountering other issues.  I don’t imagine it will be long before vendors include support for this feature.  Another great new feature of the resilient file system is that you can now run check disk online; never again will you have to restart and wait while check disk trawls tediously through a volume before the operating system starts. The new resilient file system also does not re-use the same disk blocks during a write, so if there is a power outage or other failure, the original data will still be readable.

PowerShell 3 is touted to have over 2,400 command-lets and to be honest I am only starting to scratch the surface of what is now available, but it is safe to say that if you liked PowerShell in 2008 R2,  you will love it in 2012.  A useful trick I use to learn more about PowerShell is to first configure something in the GUI and then hunt through the PowerShell logs in event viewer to see all the actual commands that were run.  Also dont forget to check out the new PowerShell 3.0 ISE.

PowerShell 3.0 ISE

There are other less tangible improvements such as boot time; it certainly feels a lot quicker to be up and running than previous versions.

There are a few gotchas.  For example, while deploying a new Lync 2013 environment I discovered that 2012 has much tougher certificate requirements, and even a single non self-signed certificate in the “Trusted CA” certificates folder was enough to upset the reset of the certificates in the personal store. So if you are planning to move to 2012 any time soon, now is a great time to think about cleaning up your certificates and rationalising any you have pushed out via group policy.  Another issue I faced was with a core edition server which had many updates applied.  I then tried to install the server GUI and found myself unable to do so, I would recommend that you build all servers with the GUI, update them and then uninstall the GUI so that you have the option of re-adding it later should you so desire.  The new “Minimalism” interface offers a reasonable compromise if the core is a little to extreme for you but you want to realize the benefits of a lighter footprint.

Hyper-v is now in its 3rd generation and each new version feels a little more mature and stable, and if you are already paying for datacentre licenses for your hosts this new version makes it harder than ever to justify paying for a competitor’s Hyper-visor when this is already included in your datacentre licenses.  Unfortunately I have not yet built a 2012 Hyper-v cluster, but even running it on single hosts I can see improvements. Additionally, running native hyper-v guests means that you can always export them to Azure, either for a bit of extra capacity or as a backup/DR solution.  My only gripe is that the new Hyper-v management tools can’t manage older 2008 R2 Hyper-v hosts, but I guess that is one of the prices of progress.

hyper-v manager 2012