Powered by System Center
The 16th of April 2013 was a really great day for the Hyper-V.nu crew. After a couple of months of preparation we were all looking forward to this next Hyper-v.nu event. It was exciting also… Will all subscribers visit the event, will the visitors like the location, the lunch and the sessions, and so on.
Now some days after the event we can conclude that everything was great. Amply 100 visitors has visit the event, the visitors were really satisfied about the location, the reception, the lunch, the coffee, the presenters, the presentations actually about the whole event! ….and that’s great to see and hear!
A special word of thanks to VX Company, they facilitate a great location and were very hospitable. Also many thanks to the sponsors: Amsio, Comparex, Duvak, Imara ICT, Inovativ, Savision and Wortell.
Then our ‘Beast from Belgium’ Didier van Hoye aka WorkingHardInIT. Still suffering from a jetlag he came over to the Netherlands and present a top session, with deep technical content and a good sense of humor! Thank you Didier!!
Last but not least we thank all visitors for this great event, you all made this a great success.
The presentations are online and you can find them on the following locations:
- NIC Teaming and Converged Fabric – Marc van Eijk
- Cluster Aware Updating – Maarten Wijsman
- Make your VM mobile – Hans Vredevoort
- The way you can deploy Hyper-V – Peter Noorderijk
- Advanced networking capabilities – Didier van Hoye
See you all on our next event!
Currently I’m involved in a private cloud project. In this project we really using beast of machines. We’re using HP DL980 servers. These servers have 1TB of memory and 8 – 10 Core CPUs. So we have 80 CPU cores available and with hyperthreading enabled 160 logical processors.
We are using Hyper-V Server 2012 as the host OS. After the installation was finished I looked at the Task Manager because I was curious if we had enoug CPU power . However when I opened the Task Manager and switched to the Performance tab I see a strange number of CPU’s. Only 64 Host logical processors are shown in Task Manager:
The supported Number of logical processors on a Hyper-V Server 2012 host is 320 so this can not be the problem. The maximum virtual CPUs supported in a virtual machine is 64. Now we all know that the parent partition is also a virtual machine but in previous versions of Hyper-V server we allways see the correct number of host logical processors even if this was more than four (this was the support number of vCPUs in a vm in Hyper-V Server 2008 R2). ..
My question now is this a cosmetic bug in Windows Server 2012? If anyone knows the answer, please let me know!
To be continued….
Only one minute after posting this blog my fellow Hans Vredevoort pointed me to: http://www.windowsitpro.com/article/hyper-v-server/windows-2012-64-logical-processors-144278
So no bug but default behavior, thanks Hans!
When you configure Live Migration settings on a Windows Server 2012 Hyper-V host then you have two options for authentication of Live Migration sessions:
- Use Credential Security Support Provider (CredSSP)
- Use Kerberos
Kerberos is my recommendation to customers. This is more secure than CredSSP. However the Kerberos option requires constrained delegation. If you do not configure constrained delegation, Live Migration of a virtual machine is not possible and you will receive a message that the source server does not have enough permissions to migrate the virtual machine to another host.
Yesterday I was at a customer location and I would like to configure constrained delegation so that I can use Kerberos as the authentication protocol for Live Migration.
I opened Active Directory Users and Computers and browsed to the computer objects representing the Hyper-V hosts. I went into the properties of the computer object and selected the ‘Delegation’ tab (just like the screenshot below).
When I would add the service Microsoft Virtual System Migration Service this option was not available in the list of services.
So I start a discussion with the guy who had installed the servers and asked him how he did the installation of the Hyper-V role. Then he told me that he had enabled the Hyper-V role while the servers were not joined to Active Directory….. Tadaaa that’s the reason why the service Microsoft Virtual System Migration Service was not available!!
To solve this you had to register the Service Principal Name for this service. To do so you had to open a Command Prompt or a PowerShell prompt and run the following commands:
- setspn -S "Microsoft Virtual System Migration Services\Servername" Servername
- setspn -S "Microsoft Virtual System Migration Services\Servername.fqdn" Servername
After running those commands you will see the ‘Microsoft Virtual System Migration Service” in the list of services that you can add for delegation using Kerberos.
Lesson learned: first join the Hyper-V server to Active Directory and after the server is joined you can enable the Hyper-V role.
My first plan was to write a two part blog article about 5Nine Security Manager. But because of some bugs in the firewall part of this solution I decide to split it up in three parts. In the first part I described a global overview and a look at the installation of 5Nine Security Manager for Windows Server 2012 Hyper-V. Now it’s time to take a look at the antivirus solution.
We will first take a look at the anti-virus/ anti-mallware part of the solution. It sounds great that you didn’t have to install an agent inside a virtual machine and that the Hypervisor wil take care of this. Enabling the antivirus option is very simple:
… It took a while but we are very happy to announce the next Hyper-V.nu event! The event is scheduled for April, 16th 2013 and will be held in Baarn at VX Company. We are very grateful to VX Company for making this location available for this event.
As usual we have a great program with standout speakers:
|Intro||09:30 – 10:00||Welcome||Jaap Wesselius|
|Track 1||10:00 – 11:00||NIC teaming and Converged Fabric||Marc van Eijk|
|Break||11:00 – 11:15|
|Track 2||11:15 – 12:15||Cluster Aware Updating||Maarten Wijsman|
|Lunch||12:15 – 13:00||Lunch|
|Track 3||13:00 – 14:00||Make your VM mobile||Hans Vredevoort|
|Break||14:00 – 14:15|
|Track 4||14:15 – 15:15||The way you can deploy Hyper-V||Peter Noorderijk|
|Break||15:15 – 15:30|
|Track 5||15:30 – 16:30||Advanced networking capabilities||Didier van Hoye|
|Drink||16:30 – 17:15|
Please note that all sessions will be presented in Dutch.
Registration for this event is required, you can register at: http://hyper-v.eventbrite.com/
Due to the following GREAT, GREAT sponsors we can offer free access to this event:
- Imara ICT
- VX Company
Be quick to register because we will apply the policy: Full = Full
If you have any questions regarding this event you can send an e-mail to email@example.com
In this two-part blog article we will take a look at 5Nine Security Manager for Windows Server 2012 Hyper-V. In the first part I will give a global overview and take a look at the installation of this product. In the second part we will take a look at the configuration of this interesting solution. So here we go….
In the ‘classic’ world of physical machines there’s in most cases a lot of attention for a secure server environment. People make their environment as secure as possible with firewalls, intrusion detection systems and anti-virus/ anti-malware protection. These products are working very well in the classic physical server environments.
However the world of IT is changing and virtualization of servers and devices has become common. Although we are using virtualization techniques for a couple of years now we are still using the security solution in the classic way by installing anti-virus/ anti-mallware agents in the virtual machine and try to controll VM traffic through a physical firewall.
These classic ways of securing the IT infrastructure are not efficient and cause unnecessary load inside the virtual machines. This can be fixed smarter, don’t you think so?
In Windows Server 2012 Hyper-V Microsoft introduced the extensible virtual switch. The Hyper-V virtual switch is a software-based layer-2 network switch. With built-in support for Network Device Interface Specification (NDIS) filter drivers and Windows Filtering Platform (WFP) callout drivers, the Hyper-V virtual switch enables independent software vendors to create extensible plug-ins (known as Virtual Switch Extensions) that can provide enhanced networking and security capabilities.
EMC announced SMB 3.0 support in their EMC VNXe series! As we can read in the published whitepaper the VNXe series now support the SMB 3.0 protocol that was introduced with Windows 8 and Windows Server 2012.
As of VNXe Operating Environment version 2.4 the SMB 3.0 protocol is enabled by default.
For all the details see this published whitepaper: http://www.emc.com/collateral/white-papers/h11383-vnxe-introduction-wp.pdf
Jeffrey Snover of the Windows Server team has announced that Windows Server 2012 is RTM! He has made this announcement yesterday on the Windows Server Blog.
Windows Server 2012 will be general available on September the 4th. Microsoft will celebrate this milestone with an online launch event. Take a look at http://www.microsoft.com/en-us/server-cloud/new.aspx for more details.
For Windows 8 Microsoft announced that this version will be general available on October 26th. However for those lucky people who have a MSDN subscription they can get the bits on the 15th of August. For more details you can take a look at The Windows Blog.
Keep in mind that Hyper-V Server 2012 is not RTM yet.
In the past I’ve seen a lot of problems around virtual domain controllers. This varies from time synchronization problems to orphaned domain controllers (which were restored/ reverted from a snapshot). In a lot of cases the administrators of the virtual infrastructure does not understand what happened when a domain controller is restored from a snapshot.
Beside the problems I’ve seen I’ve also seen a lot of succesfull implementations of virtual Domain Controllers. These Domain Controllers were configured according a set of best practices. In the past we need to be aware that we cann’t snapshot a virtual Domain Controller and that we cann’t clone a virtual Domain Controller. This means that we apply traditional backup’s of these virtual machines (with an agent inside the virtual machine) and the we always install Domain Controllers from scratch instead of cloning an existing one.
Well this all belongs to the past with the comming new version of Windows Server: Windows Server 2012! With Windows Server 2012 we can build, deploy and protect domain controllers like every other virtual machine. Guess what: The Active Directory role in Windows Server 2012 is virtualization aware.
A while ago Savision asked me if I would help to write a whitepaper about Hyper-V best practices for them. Of course I said yes to this request and wrote some chapters for the whitepaper. Last week we’ve made the whitepaper final.
This whitepaper is neither a tutorial nor step-by-step handbook for common problems. Rather, this whitepaper provides one with the wisdom of the smartest, cutting edge Hyper-V administrators. It’s just a whitepaper with some tips, guidelines and best practices for a Hyper-V environment.
You can download the whitepaper over here: http://www2.savision.com/l/12082/2012-05-08/smvd