Kevin Remde's IT Pro Weblog

  • The “Replica Replica” in Hyper-V

    In today’s article in the “Why Windows Server 2012 R2” series, I’d like to show off a new feature in Hyper-V; something I like to call the “Replica Replica”.


    ReplicationAs many of you know, Microsoft introduced a new, powerful tool for your disaster recover (DR) tool belt called Hyper-V Replica back in Windows Server 2012 Hyper-V and Hyper-V Server 2012.  For those of you who are not yet familiar with it, a Hyper-V Replica is an easily created and up-to-date offline copy of a virtual machine.  On some other host – either in your local or in some remote datacenter – you have a copy of a virtual machine that can be available in case of disaster.  If something bad happens to the production machine, you can failover to the replica virtual machine very quickly. 

    For a most-excellent description of Hyper-V Replica is and how to set it up in Hyper-V in Windows Server 2012 Hyper-V, check out this blog post from the series “31 Days of our Favorite Things” -

    Windows Server 2012 and Hyper-V Replica (Part 5 of 31) 

    “So, what’s new in R2?  What’s this ‘Replica Replica’ you talk about?”

    We’ve added the ability to create yet another replica.  It’s a replica of the replica.  It’s an additional offline copy of a virtual machine and its configuration, made available, synchronized and automatically kept up-to-date on yet another Hyper-V host.  Interestingly the request was from our many hosting providers, and it makes a great deal of sense in their scenario, where they are the ones hosting a replica on behalf of their customers.  It only makes sense that they would love to have a backup of the replica they’re hosting.. so why not make it a replica of the replica?


    Yeah, I thought so, too.

    “How does it work?”

    It’s very simple.  After you’ve created the first replica, you right-click on the replica machine and select “Extend Replication…”.  In my example, I have already set up a replica of my domain controller, and I’m going to extend the replication and put a replica of the replica on my Hyper-V Server named HVSR2-1


    The wizard looks and works very much like setting up the initial replication does.  Once you get past the Before You Begin screen…


    …you choose or browse to the server you want to put the replica on (the Replica server)…


    You pick the type of authentication you want to use (based on what has been enabled in the Replication Settings on the Hyper-V Host settings)…


    You pick a replication frequency. 


    NOTICE that I have two choices here, because I had selected the primary replica as sending changes every 5 minutes.  Your choices will depend upon what you selected for the first replica frequency. 

    You may not know this (yet), but Hyper-V Replica in Server 2012 R2 allows for more than just the 5 minute intervals that were in the original Hyper-V Replica in Server 2012.  You can have replication send changes every 30 seconds, 5 minutes, or 15 minutes for the first replica.  For the extended replica, you must replicate at an interval that is less-or-equally-frequent to the first replica; with the exception being that you cannot replicate the to the extended replica at the 30 second interval. 

    Here’s a quick chart that shows the extended replication interval options available based on the first replica interval selected:

    Primary Replica interval selected Extended Replica intervals available
    30 seconds 5 minutes
    15 minutes
    5 minutes 5 minutes
    15 minutes
    15 minutes 15 minutes

    Getting back to our wizard; now we select how many recovery points we want to maintain of the extended replica…


    We select an initial replication method, plus when to launch the initial replication if requested…


    Check the summary…


    And Finish.  We’re done.  And the first extended replication is now going over the wire.


    Pretty cool, huh?

    “Pretty cool.  So now I can failover to either of my two replicas?”

    That’s right!

    Now, if I right-click on the first replica…


    I see that I have similar options to what I had back in Hyper-V 2012.  But now I have an additional “Pause Extended Replication” option as well. 

    Here’s a failover scenario for you…

    Let’s say I have a virtual machine “DukeN” running on Host A, with replica on Host B and extended replica on Host C.

    Host A goes down.  So I right-click on the “DukeN” machine and select Failover…, and DukeN fires up and is now running on Host B.

    If I right click the newly running VM and look at the Replication options I have now on the failover machine, it’s pretty interesting…


    I can “Reverse Replication”, which means I can now treat this running (but still considered a replica) machine as the primary machine, and begin replication back to what was the primary location.  Note: if you do this, it essential "orphans” the old extended replica.  You’ll have to re-extend the replication if you want to.

    I can “Remove Recovery Points..”, which does cleanup of this replica of any other points still saved.

    I can “Cancel Failover”, which will shut this replica down and assumes that the original machine is now available and can be started.

    I can “Resume Extended Replication”.  This one is interesting to me.  It assumes that Host C (containing the extended replica) is still available.  When selected from Host B, then Host B becomes the main VM and the copy on Host C becomes the first replica.  Once a synchronization process is completed, you can then go to the VM on Host C and Extend Replication to another host (Host D?). 


    Good stuff?  Try it out yourself by downloading the evaluations of either Windows Server 2012 R2 or Hyper-V Server 2012 R2.  And let me know if you have any comments or questions by posting them in the comments section.

  • A New Blog Series: Why Windows Server 2012 R2

    Why Windows Server 2012 R2

    Yes, it’s been a few weeks since our last series wrapped up (“VMware or Microsoft?”), so it’s about time we started a brand new series of blog articles.

    “Who’s ‘we’?”

    A fair question.  The ‘we’ I’m talking about is the 11 Microsoft US DPE IT Pro Evangelists in these here 48 contiguous United States.  The series runs to the end of November (just before Thanksgiving here in the U.S.), and is all about answering in as many useful ways as possible, the magical question: Why?

    • Why should I care about Windows Server 2012 R2?
    • What does it do that I can’t already do with older versions of Windows Server or other operating systems?
    • What do I need to do to take advantage of it?
    • Where can I go to get more detailed information on a particular subject?

    …and so on.

    My friend Dan Stolts is the organizer of the series, and owner of the official landing page: “Why Windows Server 2012 R2

    Keep watching his landing page and the complete list of articles and their anticipated dates of publication. 

    RECOMMENDED: To follow along with the dozens of examples we’re going to be writing about, we highly recommend that you download and install the following newly-available R2-version evaluation software:

  • Windows Azure IaaS and File Security (So many questions. So little time. Part 53.)

    In the context of Windows Azure Infrastructure Services and our IT Camp in Saint Louis a few weeks ago, Lettie asked this question:

    Sign up for the Azure trial“If we had one large storage pool and added individual user folders, do we have the ability to setup file security access to each individual user folder? Is there the ability to limit a user’s folder size? We need a better backup solution for our 800+ remote users.”

    In order to answer this one, I have to make an assumption about the specific topic it relates to.  So I’ll answer this question in two ways.

    If you’re wondering (and I think you are) about whether or not ACLs can be assigned to or sizes restricted for containers within Windows Azure storage accounts, the answer is no. 

    But another thing to remember is that a network of virtual machines in Windows Azure can be treated as just another subnet in your corporate network.  And if your users connect via VPN or Direct Access to your network, they’ll have access to the servers “in the cloud”.  Those servers “in the cloud” can be hosting file services, with Storage Spaces storage pools and virtual disks containing user documents.  As long as those file servers are domain joined, you can easily add ACLs to those folders. 

    I’m only giving you one of what could likely be dozens of solutions out there.  If you’re reading this and have other recommendations for Lettie and her company, please share them in the comments.

  • FREE Virtualization IT Camps coming to a town near you

  • Can Windows Azure Backup support a bare-metal restore? (So many questions. So little time. Part 52.)

    Recently we’ve been showing off a capability (currently in preview) called “Windows Azure Backup”, which is a simple file system backup and restore to/from Windows Azure storage. 

    At our IT Camp in Saint Louis a few weeks back, David asked:

    Sign up for the Azure trial“Can Windows Azure Backup do a bare metal restore in the event of total failure of a physical server?”

    Short answer: no.

    Longer answer: Not directly, no.  But consider this…

    You have other tools such as Windows Server Backup and System Center 2012 SP1 Data Protection Manager that can do a full system, system state, or even bare-metal image restore of a backed up machine. 

    With Window Server Backup, you could use a two-step process of additionally saving the WSB-created image up to Windows Azure storage using Windows Azure Backup.  And the restore would be to retrieve the image using WAB and then recover it.

    With Data Protection Manager, the new functionality to store your backup data into Windows Azure already exists as of System Center 2012.

    “So I can just put my image backup into Azure, right?”

    No.  DPM only supports Volume, SQL DB, and Hyper-V Guest backups to Azure.  So, in the same two-step process we discussed for Windows Server Backup, you could do your bare metal backup to a file share and then use DPM to protect that share to Windows Azure.

  • TechNet Radio: Building Clouds - An Inside Look at Virtual Machine Migration Tools

    In this episode I welcome “Migration Mark” from the Building Clouds blog series on TechNet to discuss best practices for migrating your virtual machines to Microsoft Hyper-V as well as some free virtual machine migration tools that are available. Check out this great discussion on MAP 8.5, MVMC and the Migration Automation Toolkit (MAT) .


    Experience Microsoft's latest products with these FREE downloads!
    clip_image002Build Your Lab! Download  Windows Server 2012System Center 2012 and  Hyper-V Server 2012 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image004Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial


    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:



    clip_image005Follow the conversation @MS_ITPro
    clip_image006Become a Fan @

     Follow @KevinRemde
     Become a Fan @

    clip_image008Subscribe to our podcast via iTunes, Stitcher, or RSS


  • How should I backup my Windows Azure VMs? (So many questions. So little time. Part 51.)

    This excellent question was asked by Ralph at our IT Camp in Saint Louis a few weeks ago:

    Sign up for the Azure trial“One of the questions asked by our VP relates to Azure backups protecting from user error rather than hardware failure or disaster recovery.  What is the Microsoft guidance on backing up VMs in the cloud?”

    How do you protect the data on your servers today?  The quick answer to this question is that you need to protect OS and application configuration and business data the same way on your physical virtual machines; no matter where they reside.  A benefit of putting any storage (which includes your virtual machines) in Windows Azure is that it is all kept highly-available and geo-redundantly replicated; and that’s just automatic.  But beyond that, you are responsible for any machine or data backups or archiving that you may feel is needed.

    “Okay.. but what about Azure storage BLOB snapshots?”

    Well.. yes, Windows Azure actually does have the ability to take and maintain BLOB snapshots through the REST APIs.  And a few vendors have created solutions to use this as a way to keep point-in-time copies of virtual machine disks, and then restore machines from those snapshots.  But using BLOB snapshots for Virtual Machines in Windows Azure is currently not supported by Microsoft.

    I repeat: As of October 11, 2013, using BLOB snapshots for VMs in Windows Azure is not supported by Microsoft

    That said, Chris Clayton has a script that you can use to backup and restore Azure VMs using BLOB snapshots.  But: “This is a demonstration and should not be used for production scenarios”…”This should not be used to replace your current backup and restore strategy.”

    Companies like Cerebrata (Cloud Storage Studio and Azure Management Cmdlets) and ClumsyLeaf (CloudXplorer) and others also have tools and operations for taking and restoring Azure storage BLOB snapshots, but the process of restoring a snapshot currently involves saving a copy of the VM configuration, deleting the VM, deleting the original disks, restoring the snapshots, and then re-restoring the machine configuration.  It’s still cumbersome, and prone to error. 

    And if you don’t do it right, you can end up with a corrupted VM. (Trust me.. I know from experience.)

    “Will we have a supported way to do this in the future?”

    I don’t know.  Personally, I hope so. 

    In the meantime, treat your machines the same as you would any other machine.  Backup their configuration and data according to your policies as required. 

    “Okay.. so what if I just want to make offline copies of my VMs?  Can I do that?”

    Absolutely.  For the backup, what you’ll want to do is:

    1. Shutdown the VM
    2. Save the VM configuration
    3. Make a copy of the VM’s disks (maybe with a date-stamped disk name for easy retrieval)
    4. Optionally download the disks to local storage and delete them from Azure storage

    And then for the restore:

    1. If not already in storage, copy the disks into Azure BLOB storage and designate them as “disks”
    2. Build an Azure VM from the saved configuration, but referring to the new disks
    3. Start the restored VM

    EXTRA CREDIT: Someone who has more time than I do today – build us two PowerShell scripts for doing this! 

  • How safe is my Windows Azure virtual machine? (So many questions. So little time. Part 50.)

    In Saint Louis a couple of weeks ago at our Windows Azure IT Camp, Joe asked me this question:

    Sign up for the Azure trial“When dealing with virtual machines and cloud for R&D. If during the process of researching you happen to download a contaminated file, can that file do harm to the actual machine that you are running? Wouldn't that file be saved on the parent machine in order to be accessed on the virtual machine?”

    What Joe was concerned about was whether or not the virtualization host is vulnerable from something bad happening in the virtual machine.  If a virtual machine gets compromised and some harmful or malicious (likely both) files get saved on the virtual machine’s hard disk, isn’t that file also a threat to the virtualization host on which it’s running?

    The short answer: No.

    The longer answer: Not really, no

    Remember that, when using virtualization, whether it’s vSphere, Hyper-V, or some other solution, typically a virtual machine’s operating system disk is really just a file as far as the host hypervisor and operating system is concerned.  That .vmdk or .vhd file is sitting in storage, and its contents are only being used by the virtual machine.  So even if that VM installs something bad, the host on which it is running won’t ordinarily know or care about it.

    Can the host operating system get at the files within the VM’s disk?  Yes, there are ways to do that when you’re running your own virtualization.  But you have to go out of your way to do that, and only when the virtual machine isn’t currently using the disk. 

    The same holds true for any interactions between the VM and other computers; virtual or physical.  You treat the VM as just another machine that needs to be networked and protected. 

    If the malicious file gets saved on an SMB file share, or some other networked storage that is shared, then of course other machines may be exposed to it.  Here is where Windows Azure actually gives you better protection of the platform.  While a local virtualization host might also share access to that same compromised storage, in Windows Azure there is no way for the virtualization hosts to interact with a virtual machine’s data in any way.  Period.

    For the security minded among us, I highly recommend you bookmark this page: The Windows Azure Trust Center.  This is where you’ll find our documented security practices, privacy rules, compliance standards, and so on.

  • Can I use an ACL to protect my Azure SQL Server VM? (So many question. So little time. Part 49.)

    Sign up for the Azure trialAt our IT Camp in Saint Louis a few weeks ago, Todd had a great question on protecting his cloud-based SQL Server:


    Not sure this question was asked at the Azure IT boot camp but is there any future plans to segregate or ACL off the subnets in Azure?  Most of our web front ends are in our DMZ, in a lower security zone, and our SQL servers are in a higher protected zone.  The ACL allows communication between the two but I did not see that in the Azure portal.  So as it stands I could stand up a WFE and it could be talking directly to the SQL server and get compromised? 

    Is it the position of Microsoft to use Windows firewall between the servers? 

    I didn’t cover it in too much detail in our event, and it’s not something that is (yet) exposed in the Windows Azure Portal, but you do have the ability through PowerShell to assign complex network ACLs to a Windows Azure virtual machine. 

    From the article “About Network Access Control Lists (ACLs)”:

    Using Network ACLs, you can do the following:

    • Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint.
    • Blacklist IP addresses
    • Create multiple rules per virtual machine endpoint
    • Specify up to 50 ACL rules per virtual machine endpoint
    • Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest)
    • Specify an ACL for a specific remote subnet IPv4 address.

    The most simple example of an ACL is the fact that a VM created running Windows likely has a public endpoint that maps to a private 3389 endpoint for the sake of remote desktop connections.  Without that endpoint definition, the default is to just block everything.  As you see from the previous list, we can be even more selective than just opening or closing ports. 

    For the complete description of what ACLs are, read “About Network Access Control Lists (ACLs)”

    To learn how to manage and use them in Windows Azure, read “Managing Access Control Lists (ACLs) for Endpoints”

    $200 worth of Windows Azure for a free month!

  • Why doesn’t remote desktop to my Windows Azure VM work? (So many questions. So little time. Part 48.)

    Sign up for the Azure trialAn attendee at our IT Camp in Saint Louis a few weeks ago had an problem that is understandable:

    “Thanks for training session, I have a question.  Tried to RDP one of my VM’s at work and I can’t connect.  Possible firewall port issue?  I am going to try and connect from home tonight.”

    You're already onto the issue.  It’s important to remember that the port that you’re using for RDP is not the traditional 3389. 

    “It’s not?  How does that work?”

    Let’s step back for a second and consider what you see when you first create a virtual machine in Windows Azure and you get to the screen where “endpoints” are defined.  By default, it looks something like this…

    Virtual Machine Configuration

    …Notice that, even though the operating system is going to have Remote Desktop enabled and will be listening on the traditional port 3389, the external “public port” value that will be redirected to the “private port” 3389 is going to be something different.


    Security.  We take the extra precaution of randomizing this port so that tools that are scanning for open 3389 ports out there won’t find those machines and then start attempting to log in.

    So the answer to your question: Yes, it’s a firewall issue.  And I bet it worked from home later that night.


    Let’s go one step further here and propose a couple of solutions to this, in case you also run into this problem.

    Solution #1: Open up the proper outbound firewall ports

    In the properties of your virtual machine, you can find what “public port” was assigned to the VM under the endpoints tab…

    VM Properties - Endpoints tab

    So this web server of mine is answering to my RDP requests via my ability to connect to it’s service URL and port 56537.  Since I am not restricting outbound ports, this isn’t a problem for me.  But knowing what this port is can help you understand what needs to be opened for a particular machine.

    “Is there a range of ports that I need to have open outbound?”

    The port that will be assigned automatically is going to come from the “ephemeral port range” for dynamic or private ports (as defined by the Internet Assigned Numbers Authority) of 49152 to 65535.  So if you simply enable outbound connections through that range, the defaults should work well for you.

    Solution #2: Modify the VM End Points

    You’ll note on the above picture that there is an “edit” option.  You have the ability to edit and assign whatever port you want for the public port value.  For example, I could do this…


    …and just use port 3389 directly.  Of course, this would defeat the purpose for using a random, non-standard port for remote desktop connections.  But it could be done. 

    Solution #3: Use some other remote desktop-esque tool over some other port.

    The server you’re running as a VM in Windows Azure is your machine, so there’s no reason you couldn’t install some other tool of choice for doing management or connecting to a remote desktop type of connection.  Understand the application, what port needs to be enabled on the firewall of the server, and then add that port as an endpoint; either directly mapped with the same public/private port or using some other public port.  It  is entirely configurable and flexible.  And as long as you’ve enabled the public port value as a port you’re allowing outbound from your workplace, you’re golden.

    Solution #4: Use a Remote Desktop Gateway

    How about instead of connecting to machines directly, you do something more secured, manageable, and along the same lines of what you would consider for allowing secured access into your own datacenter remote desktop session hosts: Configure one server as the gateway for access to the others.  In this way you have the added benefits of just one open port; and that port is SSL (443).  You’re very likely already allowing out port 443 for anyone doing secured browsing (HTTPS://…), so the firewall won’t get in the way.


    I hope you found this useful!  Don’t hesitate to ask questions in the comments if you’d like me to clarify anything, or share your ideas if you have other solutions I haven’t yet considered.


    Still haven’t tried Windows Azure yet?  We’ll give you $200-worth of Azure in a one-month free trial.

  • NEW: Virtualization IT Camps!

    No cost, hands-on, expert training designed for VMware IT Professionals

    Yes!  We’re coming back to a classroom near you (I hope) for an intense, full-day of training and hands-on with Windows Server 2012, Hyper-V, and System Center

    If you’re using virtualization

    “What do you mean, ‘if’?”

    Yeah, good point.  The modern datacenter is already virtualizing, and likely virtualizing using VMware vSphere, vCenter, and so on.  That’s why we think it’s time to help you – the VMware IT Professional – learn about and get familiar with all that Hyper-V in Windows Server 2012 can do; and in terms that you’ll understand.

    Here’s the full class description from the registration page:

    Want to gain an edge in your technical career? Industry insiders suggest that over 70% of businesses now run at least two virtualization platforms in their IT environment. That’s why IT pros who understand multiple platforms are invaluable to their companies and clients.

    Here’s your chance to upgrade your Microsoft Virtualization skills for FREE! We’re hosting an interactive, one-day technical workshop specifically for VMware IT professionals. Seasoned experts will demonstrate key scenarios and technologies from Microsoft and VMware. You’ll also complete hands-on labs and leave ready to build your own test and evaluation environment.

    You’ll learn:

    • The basics (and beyond) in Microsoft virtualization technology
    • How your current VMware skills apply to a Microsoft environment
    • The differences between key Microsoft and VMware technologies
    • How to use Microsoft tools to help manage a VMware environment
    • The latest on upcoming Windows Server 2012 R2 and System Center 2012 R2 releases

    At a high level, as part of this course, you’ll learn about the following topics:

    • Hyper-V Configuration, Clustering & Resiliency
    • Virtual Machine Mobility, Backup & Replication
    • Managing Hyper-V with Virtual Machine Manager
    • A look at System Center 2012 R2 Preview
    • VMware: Management, Integration, and Migration

    Session Requirements:
    In order to participate in the labs, please bring a modern laptop that can run the following technical prerequisites.
    Click HERE for more detailed system specs.

    • Supported Operating Systems include all editions of Windows Vista, Windows 7, Windows 8, Windows Server 2008, 2008 R2 and 2012.
    • Browsers supported include Microsoft Internet Explorer 7.0 or later. Other browsers are supported conditionally.
    • Microsoft .NET 3.5 will be required to complete the labs.

    All participants registering for the event should download Microsoft Hyper-V 2012 R2 Preview.


    “Looks good, Kevin!  Where are you going to be?”

    I’ll be covering the events in my usual main locations: Minneapolis, Omaha, Kansas City, and Saint Louis. 
    Click below to register for them.  See you there!

  • Windows Azure and SmartCards? (So many questions. So little time. Part 47)

    It’s been over a year now since I posted my last in the series “So many questions. So little time.”

    August 20, 2012 to be exact.”

    Yes indeed.  And now that I’m again giving my IT Camp attendees the ability to submit their questions to me in writing, their questions become a really good source of content for the blog.

    For example, at our Saint Louis IT Camp a couple of weeks ago, Ron asked:

    “Azure can be locked down with certificates.  Can that be incorporated with smart cards to further secure access?”

    The short answer: Yes.

    The longer answer.  Absolutely, yes.

    First, and quite simply, I know this to be true because this is how I authenticate every day into my Microsoft Full-time Employee-granted Windows Azure subscription.  It’s the difference between a typical LiveID/Microsoft Account login and what is known as an “Organizational Account” login, similar to what businesses are enabling for single-signon in products such as Office 365.  When I attempt to get into the Azure portal and I enter my Microsoft e-mail address, I’m redirected to a page that has this on it:

    My Microsoft Organizational Account Login

    Notice that I can use my Smart Card (which is my employee badge) to authenticate.

    Making this work requires using Active Directory and ADFS, where ADFS acts as the Security Token Service (STS), and Windows Azure is the Relying Party (RP).

    Remote Access by Devices testing as health

    “The RP requests a collection of claims routed by an application (for example, the Web browser) on the user device to one or more STSes. The user authenticates to the STS with whatever credential has been provided: password, smart card and so on.”

    That drawing and quote come from an excellent explanation of how the parts relate to one another, written by Dan Griffin and Tom Jones.  Read the full article here: Windows Azure: Authenticate Windows Azure with ADFS

  • VMware or Microsoft?–Does VMware get it?

    How much would you pay for 99.95% uptime?Does VMware understand the value of Infrastructure-as-a-Service (IaaS) and have the ability to support your “Hybrid Cloud”?  And can they back up their service with a solid Service-Level Agreement comparable to Microsoft’s?

    Of course they can.  At least I think they can.  Do you think so?  Does Keith

    In today’s final article of our 6-week-long series, “VMware or Microsoft?", my friend and teammate Keith Mayer answers these very important questions:

    • What Level of Availability is Guaranteed?
    • How is "Availability" Measured?
    • What is Excluded from SLA Guarantees?


    And in case you missed any of the full series, you can always return to the full list here:

    Tell your friends!


  • BREAKING NEWS: If you’re going to use Oracle, it’s in Windows Azure

    And we’ll support you!


    Today Microsoft and Oracle announce the availability of Oracle virtual machine images on Windows Azure.  As you may recall, on June 24 of this year (which happens to be my birthday every year), we announced..

    “…a partnership that will enable customers to run Oracle software on Windows Server Hyper-V and in Windows Azure. Customers will be able to deploy Oracle software — including Java, Oracle Database and Oracle WebLogic Server — on Windows Server Hyper-V or in Windows Azure and receive full support from Oracle.”

    In Windows Azure, try creating a new virtual machine.  In the gallery of VM images, you’ll notice the new additions…

    Oracle Platform Images

    Oracle Platform Images

    (HINT: If you don’t already have a Windows Azure subscription, you can try $200 of it for a month for free.)

    If you want some instructions on how to create and use these images, check out the MSDN page: Oracle Virtual Machine Images for Windows Azure

    And here’s the blog post in our “In the Cloud” blog: Oracle OpenWorld 2013: Oracle’s Mission-critical Software and Microsoft’s Enterprise-grade Cloud

    The Oracle images are currently “in preview”, which means they’re not (yet) intended for production use.  Click HERE for pricing and licensing details, including the “license mobility” that Oracle provides.

  • BREAKING NEWS: A new “memory intensive” VM size in Windows Azure

    In case you haven’t noticed, Microsoft has added a new virtual machine size available in Windows Azure.  To go along with our really big “A6” and “A7” sizes, there is now an “A5” machine size…

    Memory-hogger size

    So, if don’t have a need for so many processors, but need a bigger chunk of RAM, you’re in luck.

    For more information, please refer to the Cloud Services or Virtual Machines sections of the Pricing Details webpages.

  • VMware or Microsoft?–How robust is your availability?

    Disclaimer: facts and figures in this article are based on the state of the technology as it exists at the date of its publication. 

    Our article today in our “VMware or Microsoft?” series is about availability. 

    When I say “availability”, I mean “high availability”. 

    And when I say “robust high availability”, I mean a solution such as Windows Failover Clustering that provides high availability and scalability of server workloads.

    I argue that Microsoft’s solution is robust and solid, but VMware has argued differently.  In a currently available document that VMware provides comparing vSphere 5 to the as-of-then beta of what is now Hyper-V in Windows Server 2012, VMware makes the claim that they have “robust high availability” with a “single click, [that] withstands multiple host failures”, whereas Microsoft’s Failover Clustering is “based on legacy quorum model, complex and brittle”. 

    Really?  They haven’t been watching how far clustering has come in Windows Server lately.  In fact, at best, VMware’s document might be referring to how failover clustering used to work back in 2008.  More specifically, they are referring to the quorum model of how a cluster needs a majority vote to determine whether or not a node is actually unavailable, so that the resources it was managing can fail over to other nodes.  To ever have a solid majority, the number of voting members needs to be an odd number.  All nodes get a vote, and so if you have an even number of nodes, you need something else to break the tie.  So to make that work, you need some other “cluster witness”; which is either a “witness disk” or a “witness file share”. 

    From this document on Windows Server 2008 failover clustering:

    In a cluster with an even number of nodes and a quorum configuration that includes a witness, when the witness remains online, the cluster can continue sustain failures of half the nodes. If the witness goes offline, the same cluster can sustain failures of half the nodes minus one.

    Well then, please allow me to introduce you to…

    The Dynamic Quorum

    “Batman and Robin?”

    Tell me you didn't LOVE this show as a kid.No.. that was the “dynamic duo”.  I’m talking about the ability of all nodes in a Windows Failover Cluster to have a vote, and for the number of voting members to adjust dynamically as nodes fail; so that there is never any confusion (lack of a quorum) by having an even number of voting members.

    Is this diagram…

    Node & Disk Majority

    …we see a healthy 4 node cluster, each running 2 VMs, or any other clustered roles.  (Windows Failover Clustering is not just for virtualization, you know.)  The quorum is maintained because we have a disk witness to break the tie in case two nodes say “one node is down!” and the other two say “no, he’s not!”.

    If one of the nodes in our cluster goes away…

    Simple Node Majority

    …depending upon whether that removal was planned or a complete surprise, the clustered roles are able to failover or restart on other nodes.  AND, because the cluster now only has three active nodes, then that in itself becomes a quorum of voting members.

    “When a node shuts down or crashes, the node loses its quorum vote.  When a node successfully rejoins the cluster, it regains its quorum vote.  By dynamically adjusting the assignment of quorum votes, the cluster can increase or decrease the number of quorum votes that are required to keep running. This enables the cluster to maintain availability during sequential node failures or shutdowns.”

    Later, if either the node is re-added, it again gets a vote. 

    Robust.  But wait… there’s more…

    The Dynamic Witness

    The story gets even better In Windows Server 2012 R2.  R2 improves with something called the “Dynamic Witness”:

    “If the cluster is configured to use dynamic quorum (the default), the witness vote is also dynamically adjusted based on the number of voting nodes in current cluster membership. If there are an odd number of votes, the quorum witness does not have a vote. If there is an even number of votes, the quorum witness has a vote.

    The quorum witness vote is also dynamically adjusted based on the state of the witness resource. If the witness resource is offline or failed, the cluster sets the witness vote to ‘0’.”

    The benefit of this is for the rare case of a witness failure.  If that happens, the vote simply goes away and is assumed to not be there.  A huge benefit of all of this is that you never really have to worry about whether or not to count your nodes and the to configure a quorum witness or not. Just do it (as recommended), and let the dynamic nature of our failover clustering take care of it.

    Guest Clustering Without Limits

    Microsoft has a distinct advantage over VMware when it comes to guest clustering.  With Hyper-V and with virtual servers running Windows Server 2012 or 2012 R2, clusters of virtual machines can be created that use iSCSI, Fibre Channel, and even .VHDX files (in R2) as the location for their shared storage in either a Clustered Shared Volume (CSV) or just a server file share (SMB Share – file based storage). 

    So here are a couple of the new, flexible choices you have for guest clustered VM shared storage in Windows Server 2012 R2…

    Flexible choices for placement of Shared VHDX

    Try doing that on NFS. 

    While we’re on the subject of scale…

    Does Size Matter?

    VMware requires Essentials Plus or better for HA, and unless something else changed in vSphere 5.5 that they haven't yet said much about, I do believe they still can only support up to 4000 VMs in a 32 node cluster.  (Correct me in the comments and point me to documentation that proves me wrong, please.  I sincerely thought they would up their game here.) 

    You can cluster up to 8,000 virtual machines in up to a 64 node cluster with Windows Server 2012 and Windows Failover Clustering.  And you can do it for no additional cost


    “Holy robust high availability, Batman!”

    I’m glad you like it.  But if not, or if you have any questions, let me know in the comments.

    And for more details on what’s newer than what VMware would have you believe in the world of robust high-availability, check out these two TechNet documents:

    What's New in Failover Clustering in Windows Server 2012

    What's New in Failover Clustering in Windows Server 2012 R2

  • VMware or Microsoft?–Agentless Backup for Virtual Environments

    Today’s post comes to us courtesy of an old friend and coworker, who is still a friend but who now works for Veeam.  I’m talking about none-other than Chris Henley

    Thank you, Chris, for this excellent write-up on backing up virtual environments!


    One of the most important things to remember when talking about backup best practices in virtual environments is that virtual environments are not physical environments. I know that sounds really silly but that it is really quite important because physical environments have a different architecture than virtual environments. When we talk about running one operating system and one underlying hardware set, it’s important to understand that one hardware, one disk, one operating system, relationship demands a specific architectural design for the software that would be used to backup that physical architecture. In that physical environment the software designers used an architecture that focused heavily on the use of agents to provide the interactions between backup software and the physical hardware they were trying to back up. This agent based approach was incredibly successful for a very long time. Decades! The agent based approach is still successful in physical environments today, and probably represents the best possible backup solution for the physical environment. The problem is virtual environments are not physical environments, and the world of IT is headed for the virtual environment. Virtual environments differ from physical environments because the hypervisor, whether that’s VMware or Hyper-V, provides a layer of abstraction between the underlying hardware and overlying operating systems that will actually run above the hypervisor in the virtual architecture. The important consequence that goes right along with this architectural change in the virtual world means that if you try and use the agent based approach of the past in conjunction with a virtual environment it just doesn’t work. Now the reason it doesn’t work is not that you couldn’t force the old agent based model into the virtual environment where you added an agent to every virtual machine and then monitored, managed, administrated, and maintained those agents. The challenge here is that the virtual environment would demand a dramatic additional measure of work in order to get the backup operations to work properly, and frankly it is not necessary. VMware and Microsoft, the two major players in the hypervisors space, with ESX and Microsoft Hyper-V respectively, have each made a recommendation that we do not use agents in the virtual machines! Instead the recommendation is that you use an open set of APIs and connect to those APIs using standards that will allow us to interact with a virtual machine. This technique allows the software to interact with the underlying host for that Hyper-V or ESX VM. The host provides the tracking mechanism for us to do data protection or data protection mechanisms. Agentless data protection is a big deal.

    The Agentless Backup Approach.

    When we think about Hyper-V we want to make certain that we take an agentless approach to backup, replication, restoration, monitoring, and management so that we maximize the capabilities that have been built into the hypervisor by Microsoft as well as minimizing the impact in resources that data protection will have on the actual virtual machines themselves. The Microsoft VSS process allows for the imaging of virtual machines in their entirety along with the associated binary, configuration, xml, snapshot, settings, and any other associated virtual machine files which would allow you to make a very complete copy of a virtual machine and its data for backup or other data protection uses. The cool thing is that this is all without the use of any installed agent inside the virtual machine. Of course all of this relies on the fact that you are using the standards based approach, where you have built a set of tools that work directly in conjunction with VSS, and with the way that Hyper-V is built.

    When we think about Agentless Systems we don’t necessarily mean that we will not use any agents anywhere in the architecture. Instead what we’re talking about is the fact that the agents will not be installed in the virtual machines. In most cases the actual software that is going to provide data protection to a virtual environment running Hyper-V will have some kind of interactive component that is actually installed or configured on the Hyper-V host. These “agents” and I use the term loosely run in conjunction with the windows operating system that is actually supporting that Hyper-V host. Generally these “agents” come in the form of drivers and or services. They are really not agents in the traditional sense. The key here is that when we make the installation of components that those installed components are not going to the virtual machines, meaning there is no additional overhead to the running virtual machine, or to its application based workflow, or services, and you are not providing any additional requirement for the usage of administrative time and resources necessary to update and manage those agents.

    The VSS process

    Microsoft has this really cool process called the volume shadow copy service and it is the base for agentless backup of VM’s in Hyper-V. The Volume Shadow Copy service is not new, in fact, it has been around since 2003. Microsoft introduced the volume shadow copy service with Windows Server 2003 and initially it was designed to provide just what its title suggests, shadow copies or previous version copies of existing documents inside the Windows Server operating system. Today we rely on that same functionality and in fact the same VSS.exe service that was used for volume shadow copies to make image copies of virtual machines in Hyper-V. It’s important that you have a brief understanding of the volume shadow copy service so let’s talk about it now.

    The volume shadow copy service is made up of three essential components first the Vss.exe service, second the VSS Requestor, and finally the VSS writer.

    The VSS.exe service is responsible for taking requests from a VSS Requestor and fulfilling those requests. In this case the requests will be associated with virtual machines and image copies of those VM’s. VSS is installed with each version of Windows Server.

    The VSS Requestor will formulate requests to the VSS service for a specific image to be created of a specific virtual machine. The VSS Requestor is not written by Microsoft; instead it’s a piece of software that is written by a third party in order to formulate a request that would then be passed to the VSS Service. You can make your own VSS Requestor with a little help from Microsoft who provides code samples and guidance for those interested in writing a VSS Requestor.

    The VSS writer is responsible for taking the image copy of the data that is requested. The VSS writer does the actual writing of that data to disk. Depending on exactly what is requested there are a number of different VSS writers that might be used. For example if you wanted to make an image of a virtual machine running on Hyper-V the volume shadow copy service would use the Hyper-V VSS writer in order to write the image of the virtual machine that was requested by the requester.


    For more information on the VSS process please see the following link to

    Fast recovery

    Agentless backup is cool, VSS process is cool, and new ways to implement the 3-2-1 rule are cool, none of this really makes any difference if we can’t get that data back quickly. The defining point in any disaster recovery plan is the ability to recover the data. When we think about recovering data, not only is it important that we understand where the data is located, it’s also important that we know and can clearly work with the format in which the data is stored, and be able to extend the new capabilities to enable advanced data recovery options at a moment’s notice. Virtual machines are built to run application workloads and those application workloads support lots of individual users. A virtual machine running Microsoft Exchange is providing e-mail services to the users in an organization. Those users do not want downtime of the virtual machine that supports their email. In the event of data loss (small or large scale) as administrators we need to find a way to recover e-mail items direct from the backup into the running virtual machine that is supporting the Microsoft Exchange email application. The data protection market has changed dramatically over the past two years with companies focusing more and more on application specific tools and less and less on the legacy methods of data restoration.

    With innovative tools like Veeam’s Explorer for Exchange an organization might receive a request from a user who needs to recover an erroneously deleted email message with an associated attachment. The tool allows for the mounting of the Exchange.edb database from within the backup file. Once mounted the helpdesk professional can then search for the desired email, or simply select the user’s mailbox and browse to the email. At this point the email can be restored to the running Exchange VM, emailed directly back to the user, saved as an .msg file, or a .pst file. All of this is done in seconds while the user is on the phone, and while the Exchange server is still running and providing the desired services to the rest of the network.

    This new paradigm of agentless data protection at the application level is changing the way we think about data protection and disaster recovery in virtual environments. Best of all its free!

    Get the Veeam Backup Free Edition tools at

  • Step-by-Step: Get up to $200 in FREE Cloud Services with a Windows Azure Trial Subscription

    Using the 4 easy steps provided in this article, you’ll be able to activate a FREE Windows Azure Trial Subscription, suitable for building your Lab in the Cloud for Windows Server 2012 R2 or Linux without the need for local on-premises lab hardware.  This trial subscription provides a tremendous opportunity to gain hands-on experience with the cloud – it provides up to 30 Days or $200 USD of “cloud credit” to use as you see fit for building new cloud-based lab solutions involving Cloud Storage, Virtual Networks and Virtual Machines.

    Step 1 – Sign-up for a new Microsoft Account ( aka., Windows Live ID )

    Your Microsoft Account is used to both sign-up for a FREE Windows Azure Trial, as well as sign-in to the Windows Azure Management Portal to provision and manage Cloud resources.  Even if you already have a pre-existing Microsoft Account, many IT Pros prefer to sign-up for a unique account to better track Windows Azure resources.

    Sign-up for a new Microsoft Account
    Step 1 – Sign-up for a new Microsoft Account

    • Country and ZIP Code: When completing this form, please be sure to accurately reflect your country ( United States ) and ZIP code to take advantage of this special offer.
    Step 2 – Launch the FREE Trial Preview Page

    To request a FREE Windows Azure Trial with the appropriate evaluation resources, launch the FREE Trial Preview Page using the link below:

    Launch the FREE Trial Preview Page
    Step 2 – Launch the FREE Trial Preview Page

    • From this page, be sure to select Windows Server 2012 R2 Datacenter Preview on Windows Azure from the drop-down list.
    • Click the GET STARTED NOW button to continue.
    Step 3 – Register for the FREE Windows Azure Trial

    On the Windows Azure page, register for a Windows Azure FREE Trial subscription.

    Click on “Try it now” to Register for your FREE Trial
    Step 3 – Click on “Try it now” to Register for your FREE Trial

    Step 4 – Submit the Windows Azure Free Trial Registration Form

    To activate your Windows Azure FREE Trial subscription request, submit a completed registration form.

    • DO IT: Complete each field on the registration form and click the SIGN UP button.
      Submit the Windows Azure FREE Trial Registration
      Step 4 – Submit the Windows Azure FREE Trial Registration

    NOTE: When completing the Windows Azure FREE Trial Registration form, you will be asked to supply valid Credit Card information in Section 3 of the form highlighted in the figure above.  This information is securely processed for validating your individual identity ONLY.  Your credit card account WILL NOT BE CHARGED during the FREE Trial Subscription period, unless you EXPLICITLY decide to convert your FREE Trial Subscription to a PAID Subscription at a later point in time.  It may be interesting to note that this requirement is not unique to the Windows Azure free trial subscription program - as most cloud providers in the industry generally require credit card information to validate the identity of individuals when signing up for trial programs of this nature.

    Completed! Your Windows Azure FREE Trial is now Active!

    After completing the 4 steps above, you should now have an active Windows Azure FREE Trial Subscription to use for building your cloud-based lab environment.

    Completed! Your Windows Azure FREE Trial is now Active.
    Completed! Your Windows Azure FREE Trial is now Active.

    Let’s Build IT in the Cloud!

    To get started exploring key IT Pro cloud scenarios that you can leverage with your FREE Windows Azure Trial subscription, be sure to check out the next step resources below:

    See you in the clouds!


    (NOTE: BIG thanks to Keith Mayer for writing this up.  I’m posting here with his permission.)

  • VMware or Microsoft?–VDI: A Look at Supportability and More!


    “A little bit of history first.  Virtual Desktop computing has been slowly etching its way into more IT plans year over year.  The advantages can be enormous when isolating the end user into a virtual desktop that looks and acts like their regular everyday PC.  Of course the ROI has been quite difficult to manage especially when looking at large deployments, and when performance must be guaranteed to match or exceed the current computing requirements.”

    If you want to read more of my friend Tommy Patterson’s article today for our “VMware or Microsoft?” series, CLICK HERE.

  • VMware or Microsoft?–Replaceable? Extensible? What kind of virtual switch do you want?

    PresentationPro,communication,connections,global,information,networking,organizations,people,systems,teamworkIn today’s article in our series, “VMware or Microsoft?”, my friend Chris Avis compares the way flexible, extendible networking is implemented for virtualization.


  • TechNet Radio: (Part 3) What’s New in 2012 R2: Enabling Modern Business Applications

    Brad Anderson and I wrap up our 3 part What's New in 2012 R2 series.  In today's episode we discuss how you can better enable modern business applications in your IT environment with the Windows Azure Pack.  Tune in as we go in detail about how IT Pros will be able to impact their organization's cloud strategy as they highlight the new powerful features and flexible and dynamic cloud functionality found in the next wave of Microsoft's Server and System Center products.

    Experience Microsoft's latest products with these FREE downloads!
     Build Your Lab! Download  Windows Server 2012System Center 2012 SP1 and  Hyper-V Server 2012 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

     Don’t Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE TRIAL HERE


    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:

    Parts 1 & 2:

     Follow @technetradio
     Become a Fan @

     Follow @KevinRemde
     Become a Fan @

    Subscribe to our podcast via iTunes, Stitcher, or RSS

  • VMware or Microsoft? - Dynamic Storage Management in Private Clouds

    Get your software evaluations here.

    Today we’re discussing storage and storage management.  The importance of storage can’t be understated.  Nor, unfortunately, can the impact of the cost of doing storage right.  And storage needs are never decreasing, are they?

    “Are you kidding?”


    Both VMware and Microsoft have solutions to address the flexible management of storage, and even some features that can automate the intelligent allocation and distribution of storage.  So in today’s article in our “VMware or Microsoft?” series, my friend Keith Mayer will be comparing and contrasting those solutions in the following areas:

    • Hot-adding VM Storage
    • Live Expand and Compact of VM Storage
    • Live Storage Migration
    • Automatically Move VM Storage across Storage Classes

    And if you’re wondering what these storage features will cost you, I think you will be pleasantly surprised by what Microsoft is including for no extra charge.


  • BREAKING NEWS: Windows 8.1 and Server 2012 R2 RTMs are now available to TechNet and MSDN Subscribers

    This just in today…


    According to the Windows blog, S. Somasegar’s blog, and the In the Cloud blog, today Microsoft has made the RTM (Release to Manufacturing) builds of Windows 8.1 and Windows Server 2012 R2 available for TechNet and MSDN subscribers to download.

    Also now available is the RTM of Hyper-V Server 2012 R2

    And also available today publically (that means, to anybody who wants to try it) is the Visual Studio 2013 RC (Release Candidate). 

    “The new releases give developers everything they need to start building and testing the next generation of apps for the Windows platform and demonstrate our commitment to listening to feedback from the developer community.”

    Gentlemen.. Start your downloads!

  • VMware or Microsoft?–Shopping for Private Clouds

    What’s on your shopping list for your datacenter?  What do you need to run the business you’re supporting?  What capabilities do you wish you had?  Is your goal to provide a dynamic, scalable, cost-efficient “software driven datacenter”? 

    Shopping for Private Clouds?  Try the System Center 2012 Private Cloud trial. The list of what we want to provide can get long and complex.  Even if we simply the process by determining to run on common, commodity hardware, the complexities just get more, um, complex, as we start considering the licensing of the software we’ll need to purchase. 

    In today’s article in our “VMware or Microsoft?” series, my good friend Keith Mayer describes a “cloud shopping list” an acquaintance of his has made.  He lays out all of the requirements, maps those requirements to the software supporting them in both VMware and Microsoft products, and then tallies up the total purchase price for each solution based on current published retail prices.


    Trust me.  You’ll want to bookmark and share this one with your team and your IT Director. 

  • Road Trip! FREE Microsoft Windows Azure Events in the US

    No cost, hands-on, expert training on Windows Azure

    Coming to a town near you, our four IT Pro Evangelists in the US Central Region (Brian Lewis, Keith Mayer, Matt Hester, and Moi) are delivering free, in-person, hands-on learning (otherwise known as “IT Camps”) from now through mid-October.

    Here is the complete event description:

    Discover Key Hybrid Cloud Solutions for IT Pros

    You CAN have the best of both worlds! With Windows Azure, IT Pros can easily extend an on-premises network to embrace the power and scale of the cloud – securely and seamlessly. These Hybrid Cloud scenarios present real solutions that you can implement today to solve pressing IT issues such as:

    • Right-sizing Storage Investments
    • Protecting Data with Off-site Backups
    • Business Continuance and Disaster Recovery
    • Cost-effective, On-demand Dev/Test Environments
    • Internet-scale Web Sites… And MORE!

    Join us at this FREE full-day hands-on event to experience the power of Hybrid Cloud. Our field-experienced Technical Evangelists will guide you through the process of jumpstarting your knowledge on Windows Azure Storage, Virtual Machines and Virtual Networking for key IT Pro scenarios.
    Complete all of the hands-on labs and you'll walk away with a fully functional Windows Server 2012 cloud-based test lab running Windows Azure!

    Session Requirements:
    Be sure to bring a modern laptop that is capable of running the following prerequisites. For more detailed system specs, click on the city nearest you.

    • Modern operating system, including Windows 7, Windows 8, Linux or Mac OS X
    • Modern web browser supporting HTML5 and Javascript, including IE 9 or later, Chrome, Firefox and Safari
    • A remote desktop (RDP) client – included with Windows platforms. Mac and Linux RDP clients can be downloaded for free

    All participants registering for the event should have an active Windows Azure subscription or trial.  If you have not already done so, sign up for a FREE trial of the Windows Azure platform and services, which includes access to Windows Azure Infrastructure Services.

    Register now and save your seat for this FREE, full-day event in your local area. For more information or to register, click on the city near you.

    Date Location Facilitator
    Sep 5, 2013 Houston, TX Matt Hester
    Sep 17, 2013 Indianapolis, IN Brian Lewis
    Sep 18, 2013 Saint Louis, MO Kevin Remde
    Sep 18, 2013 Mason, OH Keith Mayer
    Sep 24, 2013 Overland Park, KS Kevin Remde
    Sep 24. 2013 Austin, TX Matt Hester
    Sep 25, 2013 Waukesha, WI Brian Lewis
    Oct 1, 2013 Downers Grove, IL Brian Lewis
    Oct 1, 2013 Southfield, MI Keith Mayer
    Oct 2, 2013 Omaha, NE Kevin Remde
    Oct 3, 2013 Franklin, TN Keith Mayer
    Oct 8, 2013 Edina, MN Kevin Remde
    Oct 15, 2013 Irving, TX Matt Hester

    Modernize your datacenter
    Try the new Windows Server 2012 R2 Preview, System Center R2 Preview, Hyper-V 2012 R2 Preview today.


    “But I don’t live in the Central Region, Kevin.  Do you have an event near where I live?”

    If you’re in the 48 contiguous United States, then yes!  Here’s the entire list:

    Register today for an event near you -->