TechEd2008

You are currently browsing articles tagged TechEd2008.

Melio FS, Hyper-V, and VMware ESX

Monday, June 16, 2008 in Storage, Virtualization by slowe | 5 comments

Last week Network World published an article about Sanbolic’s announcement to provide VMware virtual machines access to shared application data using their shared file system, Melio FS. This announcement was made last week at Tech-Ed 2008 in Orlando, FL. Sanbolic also announced support for running Melio FS in VMware Infrastructure 3 (VI3) environments as well. Unfortunately, the information in these announcements seems to have gotten jumbled while being reported and now these two very different uses of Sanbolic’s products are being intermingled when they really shouldn’t be. Allow me to explain.

Readers who followed my Tech-Ed coverage will recall that I had the opportunity to speak one-on-one with Jeff Woolsey, Senior Program Manager for Virtualization at Microsoft. One of the questions I asked him during that session was about Hyper-V’s requirement of one VM per LUN when Quick Migration was involved. Quoting from my summary of that discussion:

Rather than spending time creating a clustered file system, Microsoft chose instead to allow storage partners to create those solutions. He referred me to Sanbolic, whose MelioFS clustered file system and LaScala volume manager will allow Hyper-V deployments to store multiple VMs on a single LUN visible to all hosts, just like VMFS.

Prompted by Jeff’s response, I went to the Sanbolic booth at Tech-Ed and spoke with Bill Stevenson, Sanbolic’s executive chairman and the same person quoted in the Network World article. Bill and I spoke at length and he shared a lot of information with me about Melio FS, LaScala, Hyper-V, and VMware ESX.

Here’s what the Network World article says about Sanbolic and Hyper-V:

Sanbolic for now isn’t providing shared access to application data on Hyper-V, because Microsoft’s upcoming hypervisor lacks the ability to store virtual machine images in shared SAN volumes, Stevenson says.

The first part of that statement is true. Sanbolic hasn’t announced support for allowing Hyper-V VMs to use Melio FS to access shared application data. However, Sanbolic has announced support for running Melio FS (and the La Scala volume manager) on Windows Server 2008 Hyper-V hosts. This allows the VHDs for multiple VMs to be co-located with each other on the same LUN but still be able to take advantage of Quick Migration. It eliminates the “one VM per LUN” limitation, essentially.

With regards to the second part of that statement, I believe that the reason Sanbolic hasn’t made any announcements regarding Melio FS inside Hyper-V VMs is that we don’t yet know how Hyper-V is going to handle physical disk access. We know that there is support within Hyper-V for NPIV (refer to this Tech-Ed session liveblog), but I saw only a single mention of physical disk access—what I believe to be the equivalent of VMware’s Raw Disk Mapping. Will Hyper-V support the equivalent of RDMs? I don’t know, and Sanbolic probably doesn’t know, either. Until they do know, they can’t run Melio FS inside a Hyper-V VM.

And that’s the crux of the VMware-related announcement: it’s not about running Melio FS on the ESX hosts, but instead about running Melio FS inside Windows-based VMs on ESX. Sanbolic requires direct disk access and VMware provides that ability via RDMs, so Sanbolic can allow organizations running VMware to utilize VMFS as the shared file system for the hosts and Melio FS as the shared file system for the guests. By the way, I’m waiting to hear back from Sanbolic as to whether physical mode RDMs or virtual mode RDMs are supported. I’ll post an update here when I find out.

The confusing part about the Network World article is that it doesn’t, in my opinion, clearly delineate these two very different use cases. The idea of running Melio FS on the host vs. running Melio FS in the guest are two very different use cases with very different results, and the article seems to intermingle the two more than it should. This statement especially confused me:

Gartner’s Paquet says VMware could choose to provide the shared access to application data within the virtualization engine, making the Sanbolic technology unnecessary. VMware officials did not respond last week whether they will take such a step.

What, VMware writing a share file system for Windows so that Windows VMs could access SAN LUNs concurrently? What sense does that make? Believe me, there are some real geniuses over at VMware, and I would imagine that there is some magic that can be played at the virtualization layer that would make guest-level shared file systems unnecessary. But would that “magic” be efficient? Would it be worthwhile to develop when companies like Sanbolic already have this offering? Not in my mind. The purpose of VMFS is not to provide shared file system functionality for VMs; it’s to provide that functionality for hosts.

To summarize:

  • In a VI3 environment, you use Melio FS (and La Scala, if you desire) inside a VM with an RDM to allow multiple VMs to access a SAN LUN concurrently. This is something that NTFS can’t/doesn’t do, so Melio FS provides that functionality.
  • In a Hyper-V environment, you run Melio FS (and La Scala, if you desire) on the Hyper-V hosts. This allows multiple hosts to access a SAN LUN concurrently, eliminating the “one VM per LUN” limitation imposed by Quick Migration.

Anyway, this can be a fairly complicated topic to understand and I wanted to try to help explain it as I understand it. I hope this has been helpful. If I’m wrong, feel free to correct me in the comments. Thanks!

UPDATE: Sanbolic updated me to inform me that they have thus far only tested physical mode RDMs with Melio FS. They are currently in the process of testing virtual mode RDMs.

Tags: , , , , ,

One More Tech-Ed Schedule Change

Thursday, June 12, 2008 in Microsoft by slowe | 1 comment

I have to swallow my pride and admit defeat: the amount of information at Tech-Ed 2008 has overwhelmed me. I’ll be skipping my last session, a session on Server Core, to return back to my resort and prepare to fly home early tomorrow morning. If you were looking for some information on Server Core, I’m sorry to disappoint you!

Tags: , ,

VIR350: System Center VMM Advanced Integration

Thursday, June 12, 2008 in Microsoft, Virtualization by slowe | 4 comments

Yes, yet another System Center VMM session…it’s pretty clear that System Center is a major component of Microsoft’s server virtualization strategy. This session is VIR350, System Center VMM Advanced Integration, so I suppose we will be seeing more PowerShell and more integration with other System Center family members. As with the other liveblogged sessions, I’ll try my best to weed out duplicate content.

The presenter for this session is David Armour, a Senior Program Manager at Microsoft.

(Side note: what exactly is a Program Manager, anyway? Microsoft must have thousands upon thousands of them. I think that every single presenter so far this week has been a Program Manager or a Senior Program Manager.)

The focus of this session will be on how to extend or customize System Center VMM, and most of the information presented here will apply to both VMM 2007 and VMM 2008 (currently in beta). The key technology used in this case is PowerShell, which can be used either against Hyper-V directly or against VMM. VMM, however, vastly simplifies the PowerShell code required to perform a task when compared to doing the same task against Hyper-V directly.

As has been stated elsewhere, VMM is built on PowerShell, and the GUI represents only a subset of all the functionality of the overall feature set available via PowerShell. Note that the self-service web portal is also built on top of PowerShell. David goes on to discuss the various ways in which a client, like the VMM GUI, interacts with the PowerShell layer.

David then moves into a demo of VMM. He walks through the creation of a new VM, and one thing I noticed that I hadn’t seen before was the idea of a “hardware profile.” This is a set of hardware properties like number of CPUs, amount of RAM, number of NICs, etc. This is a nice feature, as it separates common hardware configurations from the OS installation. Typical VM templates combine the hardware configuration and the OS installation together.

In the demo, David shows how the automatically-generated PowerShell script can be easily modified to use a variable and prompt the user for information so that you can create a script that quickly and easily creates a new virtual machine with the name of your choice. That’s fairly handy.

The next few slides described the hierarchical nature of the VMM PowerShell objects, and how the PowerShell Cmdlets always generate a job in VMM. This allows VMM to audit jobs, provide a job history, and store changes invoked by a job. Security can also be applied to a job, so as to enforce ACLs. This also allows long-running jobs to be asynchronously monitored over time via the job.

David recommends using the PowerShell button in VMM; this automatically loads the appropriate snap-in so that all the VMM Cmdlets are available for use. He then launches into a fairly in-depth demo and review of PowerShell, how to interrogate a snap-in to determine its commands, how to sort or filter output to show only the desired results, how to view the details on a particular command, and how to use some simple pipes. He also showed some ways to get more information or help or to view detailed documentation on a command or a command’s parameters.

The next little while was spent walking through a series of scenarios of using PowerShell to perform various tasks. First is a series of tasks to provide a report (or a group of reports) to management. Next David walks through scenarios involving the creation of new VMs, including creating a hardware profile, attaching hardware, and using intelligent placement for the new VM.

Tired of the boring old PowerShell command prompt? David moves into a demo of PowerGUI, a way of turning PowerShell commands into a GUI application. He also demonstrated PowerGadget Creator, which allows one to create a Windows Vista Sidebar Gadget using PowerShell. This would allow users to create tools to display VM or VM host information in the Vista Sidebar. Finally, David shows how to use Visual Studio to extend VMM using PowerShell. Frankly, this level of extensibility and customization is probably beyond most users, but I suppose it’s useful functionality to have nevertheless.

The next topic was….(drum roll please)….PRO! That’s right, another discussion of the integration between VMM and Operations Manager which is built upon PowerShell. Fortunately, David didn’t spend a great deal of time covering PRO yet again (thank you!).

David closed out the session with a quick summary of the material covered and pointed attendees to a few online resources. I found the session reasonably helpful, even if only from the perspective of getting more familiar with the VMM object model so that I can write my own PowerShell scripts.

Tags: , , , ,

Significant Networking Problem with Hyper-V

Thursday, June 12, 2008 in Microsoft, Networking, Virtualization by slowe | 15 comments

After the conclusion of VIR358, I went up to the front to speak with the presenters about the question I had during the session: what about NIC bonding or NIC teaming? You’ll recall that I wondered about that during the VIR358 session.

Well, it turns out that Hyper-V does not support any form of NIC teaming or NIC bonding. Yes, you read that right: you can’t link more than one NIC to a virtual switch in Hyper-V.

If you follow my del.icio.us linkstream, you will probably have noted that I recently bookmarked a Microsoft KB article that describes how using HP’s Network Utility can cause Hyper-V to stop responding. I guess this just goes to further support Hyper-V’s lack of support for NIC teaming or bonding.

In my opinion, that is a huge problem. How does one go about providing network link redundancy to guests hosted on Hyper-V? Surely using Failover Clustering and Quick Migration isn’t the answer here, is it? One of the presenters offered to get back to me with more information; I’ve already sent him an e-mail so he has my contact information. As soon as I hear something back, I’ll be sure to update this post.

Tags: , , , , ,

VIR358: Hyper-V Architecture, Scenarios, and Networking

Thursday, June 12, 2008 in Microsoft, Networking, Virtualization by slowe | 2 comments

Day 3 of Tech-Ed 2008 is upon me, and the first session of the day is another session with Jeff Woolsey. This session, VIR358, is titled “Windows Server 2008 Hyper-V Architecture, Scenarios, and Networking.” I suspect there will be some duplicate content from Jeff’s Day 1 session, and I’ll try to weed that out wherever possible. I’m particularly interested in the networking discussions, as I was unable to gather any real information on Hyper-V networking from the Day 1 session or from my private discussion with Jeff.

As the session begins, Jeff reminds everyone of the MAP 3.1 beta. I described MAP in more detail in a session yesterday. This new version adds some additional functionality and features, primarily around Windows Server 2008 Hyper-V. Jeff went into some additional detail about MAP, but I won’t worry about covering that again here.

Jeff’s agenda lists a virtualization comparison. I’m guessing that will mean a comparison of Hyper-V with other virtualization solutions. Will that comparison be against other vendors’ products?

According to IDC, virtualization penetration is estimated to be only 17% in 2010, up from 5% in 2005.

(The session is very crowded, perhaps the most crowded session I’ve attended thus far.)

With regards to system requirements, Hyper-V requires hardware assists (Intel VT or AMD-V) and hardware-enabled data execution prevention (DEP; in the form of AMD NX or Intel XD). Without these features, Hyper-V will not operate. Hyper-V is 64-bit also, meaning that you must use x64 processors.

Jeff describes the hypervisor itself as running in “Ring -1”, which he explains as less than Ring 0 due to the hardware assists provided by Intel VT or AMD V. This allows child partitions (guest VMs) to run at native Ring 0.

The architecture slide that Jeff takes some time to walk through contains much of the same information as VIR367 on Day 1. Going back to I/O again, Jeff revisits the concept of emulation (used in Virtual Server) vs. synthetic devices. Emulation provides great backward compatibility, but performance was awful. Hyper-V uses “driver enlightenment,” or synthetic devices, which leverage VMBus. VMBus is a point-to-point high-speed connection between a child partition and the parent partition. Note that synthetic devices are only available to “enlightened” guest operating systems. You can consider Hyper-V’s synthetic devices and their corresponding drivers to be the equivalent of VMware Tools, VI Tools, etc. Some vendors also call these paravirtualized drivers. Virtualization Service Providers (VSPs) and Virtualization Service Clients (VSCs) are part of this synthetic device architecture and VMBus.

The partnerships between Microsoft and Linux vendors (like Novell) allows for enlightened drivers to be available for Linux distributions as well, preventing them from having to use emulation and suffering the performance penalty that results.

Hyper-V features checklist includes support for up to 64GB of RAM per VM, up to 4 logical CPUs per VM, integrated cluster support (this provides both HA and Quick Migration functionality), support for BitLocker (earlier sessions seemed to question Hyper-V support for BitLocker), live VM backups through integration with Volume Shadow Service (VSS), pass-through disk access for VMs, VLAN and load balancing support, and snapshots. For the most part, this puts Hyper-V on par with most other virtualization solutions, with the glaring exception of live migration. Live migration is supported by VMware, XenServer, and Virtual Iron, among others. Microsoft does have an advantage with the VSS support for live VM backups.

Jeff references a white paper due to be published soon that details how to use BitLocker with Hyper-V.

Jeff did cover one slide on Hyper-V security. I won’t reproduce that stuff again; refer back to my coverage of Jeff’s discussion on Day 1 in VIR367.

Next, Jeff reviews the results of the TAP, RDP, and MSIT deployments. Based on thousands of VMs running on Hyper-V running in production across a variety of industries, Jeff says there have been zero performance blockers, zero deployment blockers, zero application compatibility bugs, and zero scalability blockers. According to Jeff, “the little red phone” that TAP or RDP customers can call if there’s a problem hasn’t rung even once. He also revisits the use of Hyper-V for the TechNet and MSDN web sites.

Mike Sterling then takes over to provide a demo of Hyper-V. Following the demo of Hyper-V, Mike also provides a brief demo of System Center Virtual Machine Manager (SCVMM) 2008. I’ve covered that product extensively in other sessions, so I won’t cover that material again here.

Once Mike concludes his demo, Jeff starts into a discussion of networking. Microsoft recommends at least two network adapters; obviously, more would be better. If you are going to use iSCSI, use another dedicated NIC for storage. That brings it up to three NICs at a minimum. I recommend an absolute minimum of three adapters with other virtualization solutions, so this is nothing surprising or unusual. In terms of connecting the NICs, connect one NIC to a management network (this is where the parent partition will communicate) and separate NICs connected to storage and production networks. Only VMs should be exposed to production networks.

We now move into some networking examples. In example 1, we have 4 adapters. One adapter will be assigned to the parent partition for management, and the remaining three NICs will be used for VM networking. Storage in this case will not be iSCSI; it will be Fibre Channel or direct attached. In the Hyper-V configuration, selecting these three NICs for use with VM traffic creates three separate virtual switches. What about NIC bonding for virtual switches?

In example 2, we have 4 adapters again, but this time 1 NIC will be used for iSCSI traffic. This leaves only two NICs for VM traffic. This example shows multiple VMs sharing a single virtual switch, but I still don’t see anything with multiple NICs assigned to a single virtual switch.

When looking at the properties for NICs assigned to the parent partition, all the typical components will be bound. Conversely, for NICs assigned to virtual switches, only the Virtual Switch Protocol will be bound to the NIC.

When looking at a VM, emulated NICs will be listed as “Legacy Network Adapter,” whereas the new synthetic adapters will be listed simply as “Network Adapter.”

If you’d like to run Hyper-V on a laptop (perhaps for demos or testing), Hyper-V does not provide any support for wireless networks. It also doesn’t support sleep or hibernation, and multiple spindles (multiple physical hard disks) are highly recommended. You also need a laptop that uses the Santa Rosa chipset or a later chipset. These newer chipsets will allow you to use 4GB of RAM or more in the laptop.

Jeff went through a few more slides, describing his personal laptop configuration (dual-boot Windows Server 2008 and Windows Vista with dual hard drives), a cheap test/dev system, and the overall procedure for creating new VMs. I believe I described the process for creating new VMs earlier, but if you’ve used a virtualization solution before there’s nothing new here. Jeff speaks highly of the rapid deployment capabilities that are possible now with Hyper-V, SCVMM, and VM libraries; I would dare to say this kind of functionality is pretty standard with most every virtualization solution out there. That’s not a knock against Hyper-V, just a “level set” that this isn’t something that doesn’t exist with other platforms. This just brings Hyper-V on the same level with other products.

The next few slides were all material that’s already been covered else, like SCVMM, SCOM integration with SCVMM, other System Center components, etc. I won’t bore you with all the details again. If there is one thing that I’m tired of hearing here at Tech-Ed this year, it’s the story about bringing all of System Center together with Hyper-V. Every single session says it.

The virtualization comparison first compares Hyper-V with Virtual Server 2005 R2, and then moves on to compare Hyper-V with ESX 3.5. I don’t necessarily agree with the way in which Jeff makes the comparisons with ESX; for example, he lists Hyper-V as having “unified physical and virtual management” but ESX as having only “virtual management.” It’s not Hyper-V that provides this functionality; that’s System Center Operations Manager. That kind of comparison is, in my opinion, playing loose and fast with the boundaries of the products and related products. I may just have to perform and publish my own comparison…

That wrapped up the session. They gave away three copies of Windows Server 2008, SQL Server, Visual Studio, but I didn’t win. Bummer.

Tags: , , , , ,

Small Tech-Ed Schedule Change

Thursday, June 12, 2008 in Microsoft, Virtualization by slowe | No comments

One quick note to readers following my Tech-Ed 2008 coverage: I’m making a small schedule change for today. I’ll be skipping the morning sessions except for VIR358 and spending some time in the Partner Expo area instead. Look for an update on some of the discussions from the Partner Expo late tomorrow.

Tags: , ,

MGT374: Offline Virtual Machine Servicing Tool

Wednesday, June 11, 2008 in Microsoft, Security, Virtualization by slowe | No comments

This session couldn’t be published live because I had no wireless signal and no cellular signal in the breakout room. However, I did want to capture the information and publish it at the next available opportunity for the benefit of the readers.

This session was hosted by Luis Camara Manoel, Satish Mathew, and Jay Sauls (he was also one of the presenters in the session prior to this one). The focus of the session, quite obviously, is the Offline Virtual Machine Servicing Tool, which is designed to help in the maintenance and patching of offline VMs. Offline VMs are typically cited as one of the major security concerns with virtualization projects, in that they likely will not as up-to-date with patches and malware protection as online VMs; thus, when they finally do come online they could present a security risk to the organization.

The session starts off with an overview of the various Solutions Accelerators that are available from Microsoft, and then Jay Sauls takes over and begins to talk about the MAP toolkit again. Of course, I’ve just finished an extensive session on the MAP toolkit, so this is completely redundant and absolutely useless for me. I tuned him out until the session changed focus again to the Offline VM Servicing Tool.

When the session switches focus back to the Servicing Tool, the question is asked: Why are offline VMs such a problem? Many attendees in the session indicate that they have sizable numbers of offline VMs sitting in a library. The typical problem, as I mentioned earlier, is that the offline VMs miss patches, miss compliance scans, and miss other updates.

The solution to this problem is the Offline Virtual Machine Servicing Tool. This tool is designed to automate the application of OS patches as well as application patches. This is accomplished by integrating with existing System Center products like System Center Virtual Machine Manager (SCVMM) and System Center Configuration Manager (SCCM) or Windows Server Update Services (WSUS). I appreciate the fact that Configuration Manager is not required; otherwise, this tool would be far less useful.

Note that “true offline” patching will be available in the next version of Configuration Manager, but it will only service VMs running Windows Vista and Windows Server 2008.

The Offline VM Servicing Tool takes four steps in its operation:

  1. Identify
  2. Assess
  3. Patch
  4. Report

The overall process of how the Offline VM Servicing Tool works looks something like this:

  1. The tool reads the SCVMM library and gets a list of VMs
  2. A VM group is created
  3. The user must select a group of maintenance hosts; these maintenance hosts will be where the offline VMs will be moved to be patched
  4. It will schedule a job on these maintenance hosts
  5. The VMs will be moved from the library to the maintenance hosts and started
  6. The VMs will be patched using Configuration Manager or WSUS (see below)
  7. Upon confirmation of the patching of the VMs, they will be shut down and moved back to the SCVMM library

The tool works by utilizing PowerShell to automate a series of tasks like starting the VM, moving the VM, applying patches, etc. The UI screens for the tool were developed to match the SCVMM UI screens. Windows Server 2003, Windows XP, and Windows Vista are currently supported; Windows Server 2008 is not yet supported.

The requirements for using the tool:

  • All VMs must be under SCVMM control
  • It’s strongly recommended to setup a separate VLAN for the maintenance hosts
  • If using Configuration Manager, all VMs must have the Configuration Manager client
  • If using WSUS, all clients must be configured to use WSUS
  • The server running the Offline VM Servicing Tool must be dual homed to talk to both SCVMM and Configuration Manager/WSUS

At this point Satish, one of the presenters, took over with a demo of the tool. As mentioned earlier, the tool looks and acts a lot like SCVMM.

The presentation consistently referenced SCVMM 2007, the currently shipping version; support for SCVMM 2008 will be included in the next version of the tool. Also slated to inclusion in the next version is support for Windows Server 2008, Hyper-V, Configuration Manager 2007 SP1, and WSUS 3.0 SP1. Unfortunately, this next version isn’t due until 2009, leaving quite a sizable gap in time between the availability of Windows Server 2008 and Hyper-V and the ability of the tool to work with those products. It seems to me that the Offline VM Servicing Tool, while useful right now, will become much less relevant and much less useful once Hyper-V and SCVMM 2008 go RTM.

At this point, Stephen Anderson with Compellent took the stage and began to discuss his company’s products. I’m not really clear why Compellent was given time to advertise their products, unless it was by virtue of the fact that Compellent provided Microsoft with some tools and equipment to assist in the development of the Offline VM Servicing Tool. In any event, I found this to be completely inappropriate and left the session.

Tags: , , , , ,

VIR361: Introducing MAP for Windows Server 2008 Hyper-V

Wednesday, June 11, 2008 in Microsoft, Virtualization by slowe | 1 comment

Based on rapidly dwindling battery life, I thought that I might not be able to liveblog this session. Fortunately, I was able to find a power plug between the last session and this session, and I was able to find a seat near a power plug in this session. You’re in luck!

This session is hosted by Jay Sauls and Baldwin Ng. Jay is a Senior Program Manager; Baldwin is a Senior Product Manager. This session will focus on the Microsoft Assessment and Planning (MAP) Solution Accelerator for Windows Server 2008, Hyper-V, and Virtual Server 2005 R2. The MAP Toolkit bears some similarity to Capacity Planner from VMware, as I understand it, so I’m very interested in learning more.

Both the MAP toolkit and the IPD Guides (discussed yesterday) fall into the Plan phase of the IT lifecycle as defined by Microsoft.

What are some challenges when considering a migration to Windows Server 2008 and virtualization? These include the accurate number of servers (some organizations, believe or not, actually have a problem having an accurate count of servers), compatibility (Does the hardware support Windows Server 2008? What about device compatibility? Does any of the hardware need BIOS or firmware upgrades?), and overall consolidation ratios. The MAP toolkit is designed to help address these questions.

The MAP toolkit consists of automated discovery tools and guidance. It provides an agent-less inventory of PCs, servers, applications, devices, and roles to provide migration readiness reports. Two ways in which the MAP toolkit might be used are 1) to assess hardware and device compatibility for Windows Server 2008; and 2) to assist with server placement in virtualization/consolidation scenarios.

MAP runs agent-less but does use WMI to gather information, so you will need to be sure that host-based firewalls (or network firewalls) allow the proper traffic to/from the systems, and you will need proper credentials on the host systems from which information is being gathered. After meeting these requirements, MAP can generate a report for different migration scenarios.

There are generally two types of documents that are produced by MAP. One is a migration proposal, which is a Word document that contains an executive summary and detailed data gathered from the environment. The second report is an Excel document that provides detailed information on every system discovered in the environment. This Excel document contains details on system components, configuration, installed devices, etc., and is intended to provide “deep detail” to back up the proposal document.

Next, Jay moves into a demo of MAP for three different scenarios. In the first scenario, we are using MAP to discover and document the existing environment. In the second, MAP will gather performance and utilization information to assist in recommendations for server consolidation/virtualization candidates. The third scenario involves some capacity planning, where we can specify a hypothetical host system and MAP will place virtualization candidates onto the hypothetical host in order to determine how many hosts will be needed.

MAP uses a local instance of SQL Server Express on the system on which it is installed. A separate database can be used for each instance that MAP is run.

For the first scenario, we need to discover the servers in an environment. There are a couple different ways to discover the servers, including enumerating Active Directory, IP address scanning, Windows networking (for servers in workgroups), or importing from a flat file. MAP should reconcile servers found in multiple methods, so a server found in AD as well as discovered via an IP address scan should be reconciled to the same server object.

Once the systems are discovered or imported, we need to specify credentials used to connect to the list of systems. These credentials need sufficient permissions to query WMI. It’s not clear if this means administrative credentials.

MAP currently does not have any scheduling functionality. This is being considered for a future version.

MAP also gathers a list of all the device drivers installed on all the assessed systems, and attempts to identify if those device drivers are compatible with Windows Server 2008. Updates are published by Microsoft that are automatically downloaded by MAP with the latest device driver information.

The Word and Excel documents produced by MAP are rather extensive and detailed, and of course can be easily customized.

MAP can also gather performance statistics so as to be able to provide guidance in a server consolidation/virtualization scenarios. Much like with the discovery process, you can specify how you want to provide the systems that should be monitored and how long it should gather information. While you can schedule the stop date/time, you can’t schedule the start date/time.

Once that data is gathered, you can use MAP to prepare a report that will make recommendations for how workloads will be consolidated onto either Virtual Server 2005 R2 or Hyper-V. During this wizard, you can select what types of CPUs, how many, how many cores per CPU, the L2/L3 cache amounts, and the bus speed. The wizard also allows you to specify the disk storage subsystem. This part of the wizard allows you to select from some predefined disk types, the number of disks, the RAID type (if you are using RAID), and the size of the disks. MAP uses this information to attempt to estimate the throughput of the disk subsystem. This method may or may not be applicable to SANs, since the predefined disk types and their corresponding information don’t really map to most SAN types, especially Fibre Channel SANs and arrays using Fibre Channel drives.

The presenter answered a few questions regarding storage subsystem estimates by referring attendees to the System Center Capacity Planner application, which apparently could do a better job of estimating how a disk subsystem operates and how it responds to particular applications.

Continuing along with the wizard in MAP, we can specify the number and type of Ethernet adapters in the projected systems (the system upon which we will consolidate or virtualize candidates that have been identified earlier by MAP).

An artificial limit can be assigned to limit the number of VMs per host.

Finally, MAP will ask for a list of computers that should be considered virtualization candidates. I believe this list can be easily produced or exported from MAP based on earlier steps in the application.

As in other tasks with MAP, it produces a Word document and some matching Excel workbooks with supporting detailed information. In one of the Excel documents is a breakdown of which workloads are assigned to which virtualization hosts. This is all very useful information to have, and while the MAP toolkit does have a fair number of limitations, it is free. (Of course, VMware Capacity Planner is now free as well.)

The MAP toolkit can use the full-blown version of SQL Server, and it is possible to run multiple MAP instances against the same database so as to scale out to larger environments.

Looking forward at the future of MAP, version 3.1 will add new support for Hyper-V server placement (version 3.1 is in beta right now) and will also provide information on migrations to SQL Server 2008 from earlier versions of SQL Server. Some basic desktop security assessments will also be provided. MAP 4.0 may expand into disaster recovery and business continuity assessments as well as hardware assessments for next-generation Windows (Windows 7?) deployments.

That wraps up this session. My next session is MGT374, Offline Servicing of Virtual Machines.

Tags: , , , ,

VIR250: Advanced Storage Connectivity for VMs

Wednesday, June 11, 2008 in Microsoft, Storage, Virtualization by slowe | 5 comments

I’ll do my best to liveblog as much content from this session as possible, but I arrived late (you’ll understand why soon) and my battery is running low. Sorry all!

I arrived in the session as the speaker was reviewing some Hyper-V architecture with regards to the placement of the storage drivers and the use of Virtualization Service Clients (VSCs) and Virtualization Service Providers (VSPs). I think I covered those in my earlier liveblogging session from Day 1; if I didn’t, I’ll revise this post with more information later.

One key limitation with virtualized servers with regards to storage is how to handle Fibre Channel; you can’t really have multiple VMs using the same HBA because they would all share the same WWPN (World Wide Port Name), and SAN zoning is all built on the use of WWPNs. NPIV (N_Port ID Virtualization) is the answer here, which allows an HBA to register multiple fabric addresses. Each VM can use one of those multiple addresses. This allows us to return to zoning on a per server/per VM basis and eliminates this problem.

Next the presenter discussed the idea of virtual fabrics, a T.11 standard implemented by Cisco as VSAN and by Brocade as LSAN. Each HBA can only reside in a single virtual fabric, but traffic can be routed to other fabrics as needed.

Regarding virtual HBAs and fabric QoS, this is handled on a per-initiator WWPN basis. (I guess this means we can apply QoS to individual VMs when using NPIV, then?) I’m not exactly sure why the presenter is discussing this particular topic; it doesn’t seem to tie back to the main topic of storage connectivity for virtual machines.

So what is required to do virtual HBAs (again, I’m assuming this means using NPIV to present a virtual HBA to a Hyper-V hosted VM)? Next month, a newer version of Emulex VMPilot and the Storport Miniport driver will provide support for Windows Server 2003 SP2 and Hyper-V on Windows Server 2008. This will be compatible with 4Gpbs HBA from Emulex. Depending upon the HBA, the number of virtual ports (VPorts) may be limited (only 16 VPorts on midrange 4Gbps HBAs, for example).

There is no performance impact for using virtual HBAs, by the way. The number is so small as to defy measurement.

You also need FC switch support for NPIV. This requirement only applies to “edge switches” where NPIV-enabled HBAs will actually connect. There are also no other requirements on storage devices.

Best practices for storage access:

  • For consolidating file/print servers or desktops, place all the VMs on a single shared LUN. (Note that this prevents Quick Migration.) You can’t use fabric QoS on a per-VM basis also, because all the VMs share the same WWPN of the physical HBA.
  • For virtualizing application servers, use a dedicated LUN for each VM. This will allow the use of Quick Migration and can used virtual HBA, LUNs can be masked only to this specific VM, and you can create single-initiator zones using the virtual HBA and the applicable storage targets.

System Center Virtual Machine Manager (SCVMM) supports VDS (Virtual Disk Service) for Fibre Channel and iSCSI. VMM allows partners to extend built-in functionality by exposing NPIV WMI interfaces and allowing NPIV WMI methods to enumerate, create, and delete VPorts. In addition, VMM automatically manages VM and VPort migration in SANs.

Emulex VMPilot is the UI for SAN configuration with VMM. The current version is version 1.1; version 1.2 will be released next month and will provide support for Hyper-V. VMPilot with VMM enables VPort creation according to the T.11 NPIV standard, provides a graphical and command line interface, and provides automatic generation of virtual WWPNs. (I need to stop by the Emulex booth downstairs to get more information on this.) VMPilot also supplies a VMM PRO pack to report HBA health up to System Center Operations Manager and then back to SCVMM.

Recapping the benefits:

  • LUN optimization through VM to LUN assignment
  • Fabric QoS and prioritization at the VM level
  • Single-initiator zoning possible, returns to a storage best practice
  • Array-level LUN masking to control LUN access on a per-VM basis
  • Accelerated VM migration (not sure about this one)
  • VSAN integration and routing
  • Eliminates duplication of storage administration tasks

I think that’s about going to do it for this liveblog; my battery is almost gone. I’ll be back with more information as soon as possible!

Tags: , , , , , ,

No Liveblogging of Lunch Session

Wednesday, June 11, 2008 in Microsoft, Security by slowe | 5 comments

Those of you that reviewed my Tech-Ed schedule saw a session called “Do These 10 Things Now or Get 0wn3d!”. This was an entertaining session by Steve Riley on security. I’m sorry, but there’s no liveblog for that session. I had to eat lunch, and I haven’t yet figured out how to eat lunch, liveblog, and pay attention to the session at the same time. Tips for doing all three are welcome in the comments.

Tags: , ,

« Older entries