Kevin Remde's IT Pro Weblog

  • TechNet Radio: (Part 2) Virtualization: Did You Know...

    In this episode I welcome back Jeff Woolsey to the show for Part 2 of our three part “Virtualization: Did you Know…” series, where we cover four more quick facts about Microsoft’s Virtualization solution.



    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Experience Microsoft's latest products with these FREE downloads!
    clip_image00232Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image00432Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial

    Websites & Blogs:

    clip_image00562Follow the conversation @MS_ITPro
    clip_image006112Become a Fan @

    clip_image00592Connect with Kevin @KevinRemde
    clip_image006122Become a Fan @

    clip_image00832Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • TechNet Radio: (Part 1) Virtualization: Did You Know...

    Today I welcome Varun Chhabra to the show as we kick off our three part “Virtualization: Did you Know…” series. 

    In this series we will discuss facts and facets of Microsoft’s Virtualization solution that, if you are currently using some other virtualization platform, you probably didn’t know but definitely should.



    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Experience Microsoft's latest products with these FREE downloads!
    clip_image0023Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image0043Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial

    Websites & Blogs:

    clip_image0056Follow the conversation @MS_ITPro
    clip_image00611Become a Fan @

    clip_image0059Connect with Kevin @KevinRemde
    clip_image00612Become a Fan @

    clip_image0083Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • Webcast: Microsoft Virtualization – Important Things You Didn’t Know

    Today (just a few minutes ago, in fact) I had the honor of presenting a webcast entitled “Microsoft Virtualization – Important Things You Didn’t Know” on BrightTALK

    The recording is now available, and viewable here:

    (click to go to the recording)
    Kevin's Webcast hosted on BrightTALK

    Let me know if you have any questions…

  • SWMOAITP Charitable Downloads Terms and Conditions


    For each member of the Southwest
    Missouri Chapter of the AITP (SWMOAITP) who downloads Window Server 2012 R2 or
    Hyper-V 2012 R2 from the below links between 11/4/13 and 11/30/13, Microsoft
    Corporation (“Microsoft”) will donate USD $2 to the Council of Churches of the
    Ozarks (a 501c3 organization; see



    When SWMOAITP members download Windows
    Server, we’ll point you to instructive videos, hands-on labs, and more available
    at each completed download by registered SWMOAITP members
    during the promotional period, a USD $2 donation, up to a maximum USD $3,000,
    will be made to the Council of Churches of the Ozarks.  See the official
    terms and conditions at:


    Terms & Conditions

    Offer good only to legal residents of the 50 United States & D.C.
    aged 18 or older who are registered members of the Southwest Missouri Chapter
    of the AITP (SWMOAITP).  Offer is not valid where prohibited by law.

    Must complete full download from below links
    between November 4, 2013 and November 30, 2013.  Offer good only to the
    first 1,500 registered members who complete downloads of Windows Server 2012,
    Window Server 2012 R2 Preview, Hyper-V 2012 or Hyper-V 2012 R2 Preview until
    the end of the promotional period, whichever comes first.  Limit 1 download
    per member, and up to USD $3,000 for donation on behalf of SWMOAITP to the Council
    of Churches of the Ozarks. May not be combined with other offers. This offer
    will be fulfilled in the form of a monetary donation to the Council of Churches
    of the Ozarks charity within 90 days after the end of the promotional period.
    Microsoft reserves the right to modify or cancel the terms of this offer at any
    time.  Your download for the purpose of this offer does not create an
    employment relationship of any kind between you and Microsoft or otherwise
    entitle you to compensation or remuneration from Microsoft. Due to government
    ethics and procurement laws, employees of certain government agencies
    (including but not limited to military and public education institutions) may
    not be eligible to participate. It is your sole responsibility to review and
    understand your employer’s policies regarding your eligibility to participate
    in offers and promotions. Microsoft employees are not eligible to participate.
    Microsoft disclaims any and all liability or responsibility for violations of
    laws, or for disputes arising between an employee and their employer related to
    this offer. Microsoft reserves the right, as determined by Microsoft in its
    sole discretion, to disqualify any person not complying with these offer Terms
    and/or acting fraudulently with the intent to avoid offer restrictions or other



    FY14 EP URL

    Windows Server 2012 R2

    Hyper-V Server 2012 R2

  • What’s New in R2 – The Executive Interviews

    Brad Andersion - Sr. VP - Microsoft CorporationA couple of months ago I had the privilege to interview Brad Anderson.  Brad is a Sr. VP at Microsoft, responsible for the System Center and Windows Server product lines.  So…

    “So this guy knows what he’s talking about?”

    Exactly.  As a companion to his blog - In the Cloud – we recorded these three interviews around his nine-part “What’s New in R2” blog series.  So for today’s article in our current “Why Windows Server 2012 R2” series, I thought I’d give you another opportunity to hear what Brad has to say.  Here are the videos, and I’ll include the links to his blog series posts below as well.  Enjoy!


    TechNet Radio: (Part 1) - What’s New in 2012 R2 - Empowering People-Centric IT

    TechNet Radio: (Part 2) What’s New in 2012 R2 – Transforming the Datacenter

    TechNet Radio: (Part 3) What’s New in 2012 R2: Enabling Modern Business Applications

    Brad Anderson’s “What’s New in 2012 R2” Series

    1. What’s New in 2012 R2: Beginning and Ending with Customer-specific Scenarios
    2. What’s New in 2012 R2: Making Device Users Productive and Protecting Corporate Information
    3. What’s New in 2012 R2: People-centric IT in Action - End-to-end Scenarios Across Products
    4. What’s New in 2012 R2: Enabling Open Source Software
    5. What’s New in 2012 R2: IaaS Innovations
    6. What’s New in 2012 R2: Service Provider & Tenant IaaS Experience
    7. What’s New in 2012 R2: Identity Management for Hybrid IT
    8. What’s New in 2012 R2: Hybrid Networking
    9. What’s New in 2012 R2: Cloud-integrated Disaster Recovery
    10. What’s New in 2012 R2: Enabling Modern Apps with the Windows Azure Pack
    11. What’s New in 2012 R2: PaaS for the Modern Web

    Related Resources

    Websites & Blogs:

     Follow @technetradio
     Become a Fan @

     Follow @KevinRemde
     Become a Fan @

    Subscribe to our podcast via iTunes, Stitcher, or RSS

  • Build a Hyper-V Lab for a Chance to WIN a Surface Pro and MORE! ( US ONLY )

    Build your very own Hyper-V Server 2012 R2 for FREE and Enter for a chance to win* one of the following fantastic prizes:

    • Three Grand Prizes: One of three Microsoft Surface Pro 64GB devices with Type Cover keyboard cover ($828.99 USD Retail Value)
    • Twenty-Five First Prizes: One of twenty-five Microsoft Certification Exam Vouchers ($150.00 USD Retail Value)

    You could win a Surface Pro or Certification Exam Voucher!

    You could win a Microsoft Surface Pro or Certification Exam Voucher!

    But Wait! There’s More!

    In addition to a chance to win one of the prizes above, EVERY ENTRANT will receive our Hyper-V Server 2012 R2 enterprise-grade bare-metal hypervisor software completely free.  This is a fully functional virtualization hypervisor that supports scalability up to 320 logical processors, 4TB physical RAM, live migration and highly-available clustering.

    Hyper-V serves as the virtualization foundation for Private Clouds leveraging Windows Server 2012 R2 and System Center 2012 R2.

    How To Enter the IT Pro “Cloud OS Challenge”

    You can enter the IT Pro“Cloud OS Challenge” Sweepstakes by completing all of the THREE EASY TASKS below to download and build your Private Cloud foundation with Hyper-V Server 2012 R2.  Be sure to complete the last task to submit your proof-of-completion for entry into this sweepstakes.

    • Entries must be received between November 1, 2013 and November 30, 2013 to be eligible. One entry per individual.
    • This Sweepstakes is open to all IT Professionals Age 18 and over that are legal residents of the United States.
    • Estimated Completion Time: 20 minutes

    TASK 1 – Download Hyper-V Server 2012 R2

    Download the Hyper-V Server 2012 R2 installation bits using the link below.

    Download Hyper-V Server 2012 R2 for FREE!

    DO IT: Download Hyper-V Server 2012 R2

    TASK 2 – Install Hyper-V Server 2012 R2

    Install Hyper-V Server 2012 R2 in your lab environment using the installation steps linked below.

    DO IT: Install Hyper-V Server 2012 R2

    TASK 3 – Submit Proof-of-Completion

    Complete the steps in this task to submit your proof-of-completion entry into the IT Pro “Cloud OS Challenge” Sweepstakes for a chance to win one of the exciting prizes listed above.

    1. At the console command prompt of your new Hyper-V Server 2012 R2 server, run the following command to collect your server's configuration:
      systeminfo >CloudOSConfig.txt
    2. Copy the CloudOSConfig.txt file created in Step 1 above to a USB storage device or other location that is accessible for sending an email.
    3. Send a new email message to
    4. IMPORTANT: In the body of the email, include this exact text:
      “I’ve completed the Microsoft IT Pro Cloud OS Challenge for Hyper-V Server 2012 R2.”
    5. IMORTANT: Attach the file created in Step 1 into the body of the new email message created above.
    6. Click the Send button in your email client to submit the email message as your proof-of-completion and sweepstakes entry.

    Upon submitting your entry, you will receive a confirmation email within 24-hours.

    COMPLETED! But … Want more?

    Now that you’ve installed Hyper-V Server 2012 R2, continue your learning and evaluation with these additional resources.

    • Want to learn more about Hyper-V Server 2012 R2 and Microsoft Private Cloud?
      • COMPLETE this Step-by-Step Guide for Hyper-V Server 2012 R2.
      • MANAGE Hyper-V Server 2012 R2 with local console tools.
      • CLUSTER Hyper-V Server 2012 R2 for highly available virtual machines.
      • MIGRATE Virtual Machine workloads to Hyper-V Server 2012 R2.
      • BUILD Your Private Cloud with System Center 2012 R2.

    *NO PURCHASE NECESSARY. Open only to IT Professionals who are legal residents of the 50 U.S. states or D.C., 18+. Sweepstakes ends November 30, 2013.  For Official Rules, see

  • TechNet Radio: Building Clouds - SQL Server Self-Service Kit - Deploying SQL Server as a Service with System Center 2012

    imageIn this episode I welcomes Bruno Saille to the show.  We discuss the SQL Server Self-Service Kit and how it works with System Center 2012 to help automate SQL Server deployments.
    Tune in as we discuss how the self-service kits works, which System Center components are required as well as what plans are in store for the next release.



    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Experience Microsoft's latest products with these FREE downloads!
    clip_image002Build Your Lab! Download  Windows Server 2012 R2System Center 2012 R2and  Hyper-V Server 2012 R2 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image004Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial

    Websites & Blogs:



    clip_image005Follow the conversation @MS_ITPro
    clip_image006Become a Fan @

    clip_image005Connect with Kevin @KevinRemde
    clip_image006Become a Fan @

    clip_image008Subscribe to our podcasts via iTunes, Stitcher, or RSS

  • What’s New for Active Directory in Server 2012 R2?

    Active Directory.  You know it.  You love it.  You’ve loved it since it made its introduction back in Windows 2000 Server.  Over 90 percent of the world’s business IT relies on Active Directory for local user and machine management, authentication, policy application, and directory services.'s ADAnd with every new version of a Windows Server product, we make improvements and add new functionality that either directly impacts Active Directory, or indirectly impacts (read: enables) other new functionality on behalf of your users, applications, and managed resources.  So naturally we couldn’t do a series of “Why Windows Server 2012 R2” articles without discussing it.

    If there were an overall theme on top of the updates in Active Directory in Windows Server 2012 R2, I would have to say it’s the new capabilities to support the “Consumerization of IT” and “BYOD”. 

    From this TechNet Document:

    “One of the most prevalent IT industry trends at the moment is the proliferation of consumer devices in the workplace.  Employees and partners want to access protected corporate data from their personal devices, from checking email to the consumption of advanced business applications.  IT administrators in organizations, while wanting to enable this level of productivity, would like to continue to ensure that they can manage risk and govern the use of corporate resources.”

    To support this notion of giving our employees the ability to get their work done from their personal devices, of course there has been new functionality added to Active Directory to support it.  But before I get ahead of myself, why don’t I list out the 4 key value propositions – the main things you get that are new, and enabled by new capabilities in Active Directory:

    1. Workplace Join – Allow a user to associate their personal device with the company directory
    2. Single Sign-On from those devices now associated with the directory, granting them access to corporate data and applications
    3. Securely authenticate for and connect to company applications and data from anywhere (with an Internet connection), and
    4. Manage the risk of those users who work from and access data from anywhere.

    NOTE: These each are very big topics in their own right.  So, rather than doing an exhaustive write-up on each one, I’ll summarize the capabilities and benefits here, point out what specifically has changed in Active Directory to support it, and then point you to more complete documentation and user guides for further study if you wish.

    Join the Workplace

    What is it?

    clip_image002As a company employee who has his/her own device, and with the blessing of the company I work for (who is really interested in allowing me to be mobile and productive on whatever device I have), I want to be able to get stuff done.  So I will “join” my device to the “workplace”.

    “Isn’t that like joining the domain?”

    Yes.  Well, sort of.  But more correctly, NO.  It’s not going to be a domain-joined device in the way that we’ve been managing devices since Windows NT.  In this case, we’re registering the device with the domain so that it (and its owner) will be trusted when requesting and running company-secured applications, accessing company-secured data, or otherwise accessing company-secured resources.  When you join a device to the workplace, it becomes “a known device and will provide seamless second factor authentication and single-sign-on to workplace resources and applications.”  And once the device is “known”, IT can leverage that knowledge to also apply additional configurations (example: pushing company VPN connection settings to the device).

    What changed in AD to support it?

    The main change here was the addition of the Device Registration Service.  The DRS, which is a new part of the Active Directory Federation (ADFS) role, creates a device object in Active Directory, and tracks the associated device’s certificate in order to represent the device’s identity.  

    For more information:

    The SSO (Single Sign-On)

    What is it?

    Here’s a simple scenario: You have a device that you’re using to connect to a company SharePoint server.  You’ve registered your device with the company (“workplace join”), so your device has a certificate that is known to the directory as being yours; an employee in good standing.  Without SSO, you would be prompted for a login with every application or company SharePoint server you try to access.  But with SSO, you will only be asked one time. 

    What changed in AD to support it?

    In addition to the Device Registration Service, the Active Directory Federation (ADFS) role allows claims-based authentication to occur based on trusted certificates.  Once the user is authenticated (username + password + trusted device + other factors as needed), the claim then is trusted and, while valid, can be used to launch company applications or access company data. 

    For more information:

    Authentication of users “Anywhere-and-on-Any-Device”

    What is it?

    Well.. it’s not just enough to be able to sign in once on my non-domain-joined, personal device.  I also want to be able to use it from anywhere.  With nothing more than an internet connection, I should be able to have authenticated, secured access to my company applications data; whether they’re hosted in public cloud locations or on the private corporate network.

    What changed in AD to support it?

    Web Application Proxy Topology

    The Web Application Proxy is a new role service; a new part of the Remote Access role.   Web Application Proxy “provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access them from outside the corporate network. Web Application Proxy preauthenticates access to web applications using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy.“

    So, now armed with SSO (facilitated through ADFS), the authenticated user + device can access applications on the corporate network without having to use a VPN connection

    For more information:

    Trusting your “Anywhere-and-on-Any-Device” Users

    What is it?

    In the end, who are we really trusting?  We have users who have user accounts with passwords in Active Directory.  They also registered their device in Active Directory so that we know we can trust it, and the user.  Hmm.. that’s two things that we’re trusting.  Is this what we might call “second factor authentication”?


    What changed in AD to support it?

    ADFS in Windows Server 2012 R2 supports more than just the permitted (or denied) user in ADFS claims.  We’ve added “multiple factors”, including user, device, location, and authentication data.  Authorization claim rules have a greater variety of claim types. 

    ”in AD FS in Windows Server® 2012 R2, you can enforce multi-factor access control based on user identity or group membership, network location, and device (whether it is workplace joined)”

    For more information:


    The idea here is that Microsoft has expanded Active Directory in Windows Server 2012 R2 to support tracking devices that are “registered” (not joined) to the domain.  With those trusted devices we have further technology to grant authenticated access to our trusted users; even using multiple forms of information (multifactor authentication) to grant secured access to applications and data.  We allow users to sign-in one time and continue to have access to multiple apps and resources, from wherever they are (thank you ADFS).  And we even have a Web Application Proxy to allow that trusted access directly to internal resources as well.


    Here are some other topics relating to “What’s New” in Windows Server 2012 R2 and Active Directory:

    And of course, if you haven’t had a chance to try it out, you can download the evaluation of Windows Server 2012 R2 HERE.


    What do you think?  Is Microsoft doing the right thing to add support in Active Directory and supporting technologies to allow any user, any device, from anywhere to be able to get work done?  Please add to the comments if you have an opinion, a question, or any sort of off-the-wall comment.

  • How fast is fast? Virtual Machine Live Migration Improvements

    When you’re doing a Live Migration** of a virtual machine between hyper-v hosts, you want it to go quickly.  You may be doing the migration of one or several or dozens of virtual machines all at once, and the performance of the network and the network paths you choose are going to determine how quickly you can get the job done.  Yes, sure, in one sense it doesn’t matter how long it takes if the VMs will continue to run and provide service during the migration.  But if I’m doing, say, an automated update of all of the hosts in my cluster, and allowing it to drive the live migrations of machines among hosts, the speed with which those migrations complete will ultimately determine how long it takes to complete the updates of all of those hosts.  If I’m really maxing out the capabilities of Hyper-V in Server 2012 R2 or Hyper-V Server 2012 R2, that could mean as many as 8,000 virtual machines moving around and among 64 clustered hypervisor nodes.  So, speed is still important.

    In the past, memory of a running virtual machine was just sent over the wire (TCP/IP) as it was.  Nothing special was done to it.  But as hardware costs have improved to support larger and larger scale, and as we’re afforded the ability to run more virtual machines with more and more memory, we certainly want to do everything we can to make that transfer of memory and configuration data go as quickly as possible.  So to address this and improve things, we’ve added two new technologies to hyper-v in Windows Server 2012 R2 and Hyper-V Server 2012 R2:

    1. Live Migration Compression, and
    2. Live Migration via SMB Direct (RDMA)

    Let’s talk about those, shall we?

    Live Migration With Compression

    Did you know that your hypervisor host isn’t typically suffering much when it comes to processor capacity?

    “I didn’t know that.”

    It’s true.  So, what we’re going to is borrow some extra CPU cycles while we’re doing a live migration, and actually compress the migration data before it goes over the wire, and decompress at the destination. 

    If it sounds just that simple, well, it is.  And it’s just a simple choice in the Live Migrations –> Advanced Features settings on your Hyper-V hosts:


    And as if that wasn’t good enough…

    Live Migration via SMB Direct (RDMA)

    In Windows Server 2012 we introduced a new version of SMB – SMB 3.  Among other things, this version of the protocol greatly improves performance; even to the extent that we can trust a basic file share to be the location for live data such as a virtual machine’s hard disks and data disks, or a SQL Server database.  (Click here for a good summary of what SMB 3 provides.)

    SMB Direct (SMB over Remote Direct Memory Access, or RDMA) is technology that, given hardware (the NICs) supporting it, can establish an efficient memory-to-memory transfer of data.  In Server 2012 the main beneficiary of this was faster file services.  But in R2 we’re using this to send live migration data between the Hyper-V hosts. 


    So now instead of just sending the memory and configuration of a VM over the wire using TCP/IP, or compressing it first, we’ll use a direct memory-to-memory channel. 

    Can you say “FAST”?


    I knew you could. 

    “But, can you give me an example?  Can you show me how they compare?”

    The best example I can give you is Jeff Woolsey’s demonstration he did for the TechEd 2013 North America keynote this past June. 

    Click this link to watch his demo (at 1:56:15) : TechEd 2013 North America Keynote Video – Jeff Woolsey’s Live Migration Demo

    Click to watch Jeff Woolsey's demo.

    And for a more detailed description of Live Migration and the improvements made, check out this page: Virtual Machine Live Migration Overview

    Questions?  Comments?  Make sure you add them to the comments at the bottom of this post!  And try it out yourself by downloading the evaluations of either Windows Server 2012 R2 or Hyper-V Server 2012 R2


    **That’s a ‘vMotion’ for those of you who are more familiar with the VMware terminology.

  • The “Replica Replica” in Hyper-V

    In today’s article in the “Why Windows Server 2012 R2” series, I’d like to show off a new feature in Hyper-V; something I like to call the “Replica Replica”.


    ReplicationAs many of you know, Microsoft introduced a new, powerful tool for your disaster recover (DR) tool belt called Hyper-V Replica back in Windows Server 2012 Hyper-V and Hyper-V Server 2012.  For those of you who are not yet familiar with it, a Hyper-V Replica is an easily created and up-to-date offline copy of a virtual machine.  On some other host – either in your local or in some remote datacenter – you have a copy of a virtual machine that can be available in case of disaster.  If something bad happens to the production machine, you can failover to the replica virtual machine very quickly. 

    For a most-excellent description of Hyper-V Replica is and how to set it up in Hyper-V in Windows Server 2012 Hyper-V, check out this blog post from the series “31 Days of our Favorite Things” -

    Windows Server 2012 and Hyper-V Replica (Part 5 of 31) 

    “So, what’s new in R2?  What’s this ‘Replica Replica’ you talk about?”

    We’ve added the ability to create yet another replica.  It’s a replica of the replica.  It’s an additional offline copy of a virtual machine and its configuration, made available, synchronized and automatically kept up-to-date on yet another Hyper-V host.  Interestingly the request was from our many hosting providers, and it makes a great deal of sense in their scenario, where they are the ones hosting a replica on behalf of their customers.  It only makes sense that they would love to have a backup of the replica they’re hosting.. so why not make it a replica of the replica?


    Yeah, I thought so, too.

    “How does it work?”

    It’s very simple.  After you’ve created the first replica, you right-click on the replica machine and select “Extend Replication…”.  In my example, I have already set up a replica of my domain controller, and I’m going to extend the replication and put a replica of the replica on my Hyper-V Server named HVSR2-1


    The wizard looks and works very much like setting up the initial replication does.  Once you get past the Before You Begin screen…


    …you choose or browse to the server you want to put the replica on (the Replica server)…


    You pick the type of authentication you want to use (based on what has been enabled in the Replication Settings on the Hyper-V Host settings)…


    You pick a replication frequency. 


    NOTICE that I have two choices here, because I had selected the primary replica as sending changes every 5 minutes.  Your choices will depend upon what you selected for the first replica frequency. 

    You may not know this (yet), but Hyper-V Replica in Server 2012 R2 allows for more than just the 5 minute intervals that were in the original Hyper-V Replica in Server 2012.  You can have replication send changes every 30 seconds, 5 minutes, or 15 minutes for the first replica.  For the extended replica, you must replicate at an interval that is less-or-equally-frequent to the first replica; with the exception being that you cannot replicate the to the extended replica at the 30 second interval. 

    Here’s a quick chart that shows the extended replication interval options available based on the first replica interval selected:

    Primary Replica interval selected Extended Replica intervals available
    30 seconds 5 minutes
    15 minutes
    5 minutes 5 minutes
    15 minutes
    15 minutes 15 minutes

    Getting back to our wizard; now we select how many recovery points we want to maintain of the extended replica…


    We select an initial replication method, plus when to launch the initial replication if requested…


    Check the summary…


    And Finish.  We’re done.  And the first extended replication is now going over the wire.


    Pretty cool, huh?

    “Pretty cool.  So now I can failover to either of my two replicas?”

    That’s right!

    Now, if I right-click on the first replica…


    I see that I have similar options to what I had back in Hyper-V 2012.  But now I have an additional “Pause Extended Replication” option as well. 

    Here’s a failover scenario for you…

    Let’s say I have a virtual machine “DukeN” running on Host A, with replica on Host B and extended replica on Host C.

    Host A goes down.  So I right-click on the “DukeN” machine and select Failover…, and DukeN fires up and is now running on Host B.

    If I right click the newly running VM and look at the Replication options I have now on the failover machine, it’s pretty interesting…


    I can “Reverse Replication”, which means I can now treat this running (but still considered a replica) machine as the primary machine, and begin replication back to what was the primary location.  Note: if you do this, it essential "orphans” the old extended replica.  You’ll have to re-extend the replication if you want to.

    I can “Remove Recovery Points..”, which does cleanup of this replica of any other points still saved.

    I can “Cancel Failover”, which will shut this replica down and assumes that the original machine is now available and can be started.

    I can “Resume Extended Replication”.  This one is interesting to me.  It assumes that Host C (containing the extended replica) is still available.  When selected from Host B, then Host B becomes the main VM and the copy on Host C becomes the first replica.  Once a synchronization process is completed, you can then go to the VM on Host C and Extend Replication to another host (Host D?). 


    Good stuff?  Try it out yourself by downloading the evaluations of either Windows Server 2012 R2 or Hyper-V Server 2012 R2.  And let me know if you have any comments or questions by posting them in the comments section.

  • A New Blog Series: Why Windows Server 2012 R2

    Why Windows Server 2012 R2

    Yes, it’s been a few weeks since our last series wrapped up (“VMware or Microsoft?”), so it’s about time we started a brand new series of blog articles.

    “Who’s ‘we’?”

    A fair question.  The ‘we’ I’m talking about is the 11 Microsoft US DPE IT Pro Evangelists in these here 48 contiguous United States.  The series runs to the end of November (just before Thanksgiving here in the U.S.), and is all about answering in as many useful ways as possible, the magical question: Why?

    • Why should I care about Windows Server 2012 R2?
    • What does it do that I can’t already do with older versions of Windows Server or other operating systems?
    • What do I need to do to take advantage of it?
    • Where can I go to get more detailed information on a particular subject?

    …and so on.

    My friend Dan Stolts is the organizer of the series, and owner of the official landing page: “Why Windows Server 2012 R2

    Keep watching his landing page and the complete list of articles and their anticipated dates of publication. 

    RECOMMENDED: To follow along with the dozens of examples we’re going to be writing about, we highly recommend that you download and install the following newly-available R2-version evaluation software:

  • Windows Azure IaaS and File Security (So many questions. So little time. Part 53.)

    In the context of Windows Azure Infrastructure Services and our IT Camp in Saint Louis a few weeks ago, Lettie asked this question:

    Sign up for the Azure trial“If we had one large storage pool and added individual user folders, do we have the ability to setup file security access to each individual user folder? Is there the ability to limit a user’s folder size? We need a better backup solution for our 800+ remote users.”

    In order to answer this one, I have to make an assumption about the specific topic it relates to.  So I’ll answer this question in two ways.

    If you’re wondering (and I think you are) about whether or not ACLs can be assigned to or sizes restricted for containers within Windows Azure storage accounts, the answer is no. 

    But another thing to remember is that a network of virtual machines in Windows Azure can be treated as just another subnet in your corporate network.  And if your users connect via VPN or Direct Access to your network, they’ll have access to the servers “in the cloud”.  Those servers “in the cloud” can be hosting file services, with Storage Spaces storage pools and virtual disks containing user documents.  As long as those file servers are domain joined, you can easily add ACLs to those folders. 

    I’m only giving you one of what could likely be dozens of solutions out there.  If you’re reading this and have other recommendations for Lettie and her company, please share them in the comments.

  • FREE Virtualization IT Camps coming to a town near you

  • Can Windows Azure Backup support a bare-metal restore? (So many questions. So little time. Part 52.)

    Recently we’ve been showing off a capability (currently in preview) called “Windows Azure Backup”, which is a simple file system backup and restore to/from Windows Azure storage. 

    At our IT Camp in Saint Louis a few weeks back, David asked:

    Sign up for the Azure trial“Can Windows Azure Backup do a bare metal restore in the event of total failure of a physical server?”

    Short answer: no.

    Longer answer: Not directly, no.  But consider this…

    You have other tools such as Windows Server Backup and System Center 2012 SP1 Data Protection Manager that can do a full system, system state, or even bare-metal image restore of a backed up machine. 

    With Window Server Backup, you could use a two-step process of additionally saving the WSB-created image up to Windows Azure storage using Windows Azure Backup.  And the restore would be to retrieve the image using WAB and then recover it.

    With Data Protection Manager, the new functionality to store your backup data into Windows Azure already exists as of System Center 2012.

    “So I can just put my image backup into Azure, right?”

    No.  DPM only supports Volume, SQL DB, and Hyper-V Guest backups to Azure.  So, in the same two-step process we discussed for Windows Server Backup, you could do your bare metal backup to a file share and then use DPM to protect that share to Windows Azure.

  • TechNet Radio: Building Clouds - An Inside Look at Virtual Machine Migration Tools

    In this episode I welcome “Migration Mark” from the Building Clouds blog series on TechNet to discuss best practices for migrating your virtual machines to Microsoft Hyper-V as well as some free virtual machine migration tools that are available. Check out this great discussion on MAP 8.5, MVMC and the Migration Automation Toolkit (MAT) .


    Experience Microsoft's latest products with these FREE downloads!
    clip_image002Build Your Lab! Download  Windows Server 2012System Center 2012 and  Hyper-V Server 2012 and get the best virtualization platform and private cloud management solution on the market. Try it FREE now!

    clip_image004Don't Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines. Try Windows Azure for free with no cost or obligations, and use any OS, language, database or tool. FREE Trial


    If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:

    Websites & Blogs:



    clip_image005Follow the conversation @MS_ITPro
    clip_image006Become a Fan @

     Follow @KevinRemde
     Become a Fan @

    clip_image008Subscribe to our podcast via iTunes, Stitcher, or RSS


  • How should I backup my Windows Azure VMs? (So many questions. So little time. Part 51.)

    This excellent question was asked by Ralph at our IT Camp in Saint Louis a few weeks ago:

    Sign up for the Azure trial“One of the questions asked by our VP relates to Azure backups protecting from user error rather than hardware failure or disaster recovery.  What is the Microsoft guidance on backing up VMs in the cloud?”

    How do you protect the data on your servers today?  The quick answer to this question is that you need to protect OS and application configuration and business data the same way on your physical virtual machines; no matter where they reside.  A benefit of putting any storage (which includes your virtual machines) in Windows Azure is that it is all kept highly-available and geo-redundantly replicated; and that’s just automatic.  But beyond that, you are responsible for any machine or data backups or archiving that you may feel is needed.

    “Okay.. but what about Azure storage BLOB snapshots?”

    Well.. yes, Windows Azure actually does have the ability to take and maintain BLOB snapshots through the REST APIs.  And a few vendors have created solutions to use this as a way to keep point-in-time copies of virtual machine disks, and then restore machines from those snapshots.  But using BLOB snapshots for Virtual Machines in Windows Azure is currently not supported by Microsoft.

    I repeat: As of October 11, 2013, using BLOB snapshots for VMs in Windows Azure is not supported by Microsoft

    That said, Chris Clayton has a script that you can use to backup and restore Azure VMs using BLOB snapshots.  But: “This is a demonstration and should not be used for production scenarios”…”This should not be used to replace your current backup and restore strategy.”

    Companies like Cerebrata (Cloud Storage Studio and Azure Management Cmdlets) and ClumsyLeaf (CloudXplorer) and others also have tools and operations for taking and restoring Azure storage BLOB snapshots, but the process of restoring a snapshot currently involves saving a copy of the VM configuration, deleting the VM, deleting the original disks, restoring the snapshots, and then re-restoring the machine configuration.  It’s still cumbersome, and prone to error. 

    And if you don’t do it right, you can end up with a corrupted VM. (Trust me.. I know from experience.)

    “Will we have a supported way to do this in the future?”

    I don’t know.  Personally, I hope so. 

    In the meantime, treat your machines the same as you would any other machine.  Backup their configuration and data according to your policies as required. 

    “Okay.. so what if I just want to make offline copies of my VMs?  Can I do that?”

    Absolutely.  For the backup, what you’ll want to do is:

    1. Shutdown the VM
    2. Save the VM configuration
    3. Make a copy of the VM’s disks (maybe with a date-stamped disk name for easy retrieval)
    4. Optionally download the disks to local storage and delete them from Azure storage

    And then for the restore:

    1. If not already in storage, copy the disks into Azure BLOB storage and designate them as “disks”
    2. Build an Azure VM from the saved configuration, but referring to the new disks
    3. Start the restored VM

    EXTRA CREDIT: Someone who has more time than I do today – build us two PowerShell scripts for doing this! 

  • How safe is my Windows Azure virtual machine? (So many questions. So little time. Part 50.)

    In Saint Louis a couple of weeks ago at our Windows Azure IT Camp, Joe asked me this question:

    Sign up for the Azure trial“When dealing with virtual machines and cloud for R&D. If during the process of researching you happen to download a contaminated file, can that file do harm to the actual machine that you are running? Wouldn't that file be saved on the parent machine in order to be accessed on the virtual machine?”

    What Joe was concerned about was whether or not the virtualization host is vulnerable from something bad happening in the virtual machine.  If a virtual machine gets compromised and some harmful or malicious (likely both) files get saved on the virtual machine’s hard disk, isn’t that file also a threat to the virtualization host on which it’s running?

    The short answer: No.

    The longer answer: Not really, no

    Remember that, when using virtualization, whether it’s vSphere, Hyper-V, or some other solution, typically a virtual machine’s operating system disk is really just a file as far as the host hypervisor and operating system is concerned.  That .vmdk or .vhd file is sitting in storage, and its contents are only being used by the virtual machine.  So even if that VM installs something bad, the host on which it is running won’t ordinarily know or care about it.

    Can the host operating system get at the files within the VM’s disk?  Yes, there are ways to do that when you’re running your own virtualization.  But you have to go out of your way to do that, and only when the virtual machine isn’t currently using the disk. 

    The same holds true for any interactions between the VM and other computers; virtual or physical.  You treat the VM as just another machine that needs to be networked and protected. 

    If the malicious file gets saved on an SMB file share, or some other networked storage that is shared, then of course other machines may be exposed to it.  Here is where Windows Azure actually gives you better protection of the platform.  While a local virtualization host might also share access to that same compromised storage, in Windows Azure there is no way for the virtualization hosts to interact with a virtual machine’s data in any way.  Period.

    For the security minded among us, I highly recommend you bookmark this page: The Windows Azure Trust Center.  This is where you’ll find our documented security practices, privacy rules, compliance standards, and so on.

  • Can I use an ACL to protect my Azure SQL Server VM? (So many question. So little time. Part 49.)

    Sign up for the Azure trialAt our IT Camp in Saint Louis a few weeks ago, Todd had a great question on protecting his cloud-based SQL Server:


    Not sure this question was asked at the Azure IT boot camp but is there any future plans to segregate or ACL off the subnets in Azure?  Most of our web front ends are in our DMZ, in a lower security zone, and our SQL servers are in a higher protected zone.  The ACL allows communication between the two but I did not see that in the Azure portal.  So as it stands I could stand up a WFE and it could be talking directly to the SQL server and get compromised? 

    Is it the position of Microsoft to use Windows firewall between the servers? 

    I didn’t cover it in too much detail in our event, and it’s not something that is (yet) exposed in the Windows Azure Portal, but you do have the ability through PowerShell to assign complex network ACLs to a Windows Azure virtual machine. 

    From the article “About Network Access Control Lists (ACLs)”:

    Using Network ACLs, you can do the following:

    • Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint.
    • Blacklist IP addresses
    • Create multiple rules per virtual machine endpoint
    • Specify up to 50 ACL rules per virtual machine endpoint
    • Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest)
    • Specify an ACL for a specific remote subnet IPv4 address.

    The most simple example of an ACL is the fact that a VM created running Windows likely has a public endpoint that maps to a private 3389 endpoint for the sake of remote desktop connections.  Without that endpoint definition, the default is to just block everything.  As you see from the previous list, we can be even more selective than just opening or closing ports. 

    For the complete description of what ACLs are, read “About Network Access Control Lists (ACLs)”

    To learn how to manage and use them in Windows Azure, read “Managing Access Control Lists (ACLs) for Endpoints”

    $200 worth of Windows Azure for a free month!

  • Why doesn’t remote desktop to my Windows Azure VM work? (So many questions. So little time. Part 48.)

    Sign up for the Azure trialAn attendee at our IT Camp in Saint Louis a few weeks ago had an problem that is understandable:

    “Thanks for training session, I have a question.  Tried to RDP one of my VM’s at work and I can’t connect.  Possible firewall port issue?  I am going to try and connect from home tonight.”

    You're already onto the issue.  It’s important to remember that the port that you’re using for RDP is not the traditional 3389. 

    “It’s not?  How does that work?”

    Let’s step back for a second and consider what you see when you first create a virtual machine in Windows Azure and you get to the screen where “endpoints” are defined.  By default, it looks something like this…

    Virtual Machine Configuration

    …Notice that, even though the operating system is going to have Remote Desktop enabled and will be listening on the traditional port 3389, the external “public port” value that will be redirected to the “private port” 3389 is going to be something different.


    Security.  We take the extra precaution of randomizing this port so that tools that are scanning for open 3389 ports out there won’t find those machines and then start attempting to log in.

    So the answer to your question: Yes, it’s a firewall issue.  And I bet it worked from home later that night.


    Let’s go one step further here and propose a couple of solutions to this, in case you also run into this problem.

    Solution #1: Open up the proper outbound firewall ports

    In the properties of your virtual machine, you can find what “public port” was assigned to the VM under the endpoints tab…

    VM Properties - Endpoints tab

    So this web server of mine is answering to my RDP requests via my ability to connect to it’s service URL and port 56537.  Since I am not restricting outbound ports, this isn’t a problem for me.  But knowing what this port is can help you understand what needs to be opened for a particular machine.

    “Is there a range of ports that I need to have open outbound?”

    The port that will be assigned automatically is going to come from the “ephemeral port range” for dynamic or private ports (as defined by the Internet Assigned Numbers Authority) of 49152 to 65535.  So if you simply enable outbound connections through that range, the defaults should work well for you.

    Solution #2: Modify the VM End Points

    You’ll note on the above picture that there is an “edit” option.  You have the ability to edit and assign whatever port you want for the public port value.  For example, I could do this…


    …and just use port 3389 directly.  Of course, this would defeat the purpose for using a random, non-standard port for remote desktop connections.  But it could be done. 

    Solution #3: Use some other remote desktop-esque tool over some other port.

    The server you’re running as a VM in Windows Azure is your machine, so there’s no reason you couldn’t install some other tool of choice for doing management or connecting to a remote desktop type of connection.  Understand the application, what port needs to be enabled on the firewall of the server, and then add that port as an endpoint; either directly mapped with the same public/private port or using some other public port.  It  is entirely configurable and flexible.  And as long as you’ve enabled the public port value as a port you’re allowing outbound from your workplace, you’re golden.

    Solution #4: Use a Remote Desktop Gateway

    How about instead of connecting to machines directly, you do something more secured, manageable, and along the same lines of what you would consider for allowing secured access into your own datacenter remote desktop session hosts: Configure one server as the gateway for access to the others.  In this way you have the added benefits of just one open port; and that port is SSL (443).  You’re very likely already allowing out port 443 for anyone doing secured browsing (HTTPS://…), so the firewall won’t get in the way.


    I hope you found this useful!  Don’t hesitate to ask questions in the comments if you’d like me to clarify anything, or share your ideas if you have other solutions I haven’t yet considered.


    Still haven’t tried Windows Azure yet?  We’ll give you $200-worth of Azure in a one-month free trial.

  • NEW: Virtualization IT Camps!

    No cost, hands-on, expert training designed for VMware IT Professionals

    Yes!  We’re coming back to a classroom near you (I hope) for an intense, full-day of training and hands-on with Windows Server 2012, Hyper-V, and System Center

    If you’re using virtualization

    “What do you mean, ‘if’?”

    Yeah, good point.  The modern datacenter is already virtualizing, and likely virtualizing using VMware vSphere, vCenter, and so on.  That’s why we think it’s time to help you – the VMware IT Professional – learn about and get familiar with all that Hyper-V in Windows Server 2012 can do; and in terms that you’ll understand.

    Here’s the full class description from the registration page:

    Want to gain an edge in your technical career? Industry insiders suggest that over 70% of businesses now run at least two virtualization platforms in their IT environment. That’s why IT pros who understand multiple platforms are invaluable to their companies and clients.

    Here’s your chance to upgrade your Microsoft Virtualization skills for FREE! We’re hosting an interactive, one-day technical workshop specifically for VMware IT professionals. Seasoned experts will demonstrate key scenarios and technologies from Microsoft and VMware. You’ll also complete hands-on labs and leave ready to build your own test and evaluation environment.

    You’ll learn:

    • The basics (and beyond) in Microsoft virtualization technology
    • How your current VMware skills apply to a Microsoft environment
    • The differences between key Microsoft and VMware technologies
    • How to use Microsoft tools to help manage a VMware environment
    • The latest on upcoming Windows Server 2012 R2 and System Center 2012 R2 releases

    At a high level, as part of this course, you’ll learn about the following topics:

    • Hyper-V Configuration, Clustering & Resiliency
    • Virtual Machine Mobility, Backup & Replication
    • Managing Hyper-V with Virtual Machine Manager
    • A look at System Center 2012 R2 Preview
    • VMware: Management, Integration, and Migration

    Session Requirements:
    In order to participate in the labs, please bring a modern laptop that can run the following technical prerequisites.
    Click HERE for more detailed system specs.

    • Supported Operating Systems include all editions of Windows Vista, Windows 7, Windows 8, Windows Server 2008, 2008 R2 and 2012.
    • Browsers supported include Microsoft Internet Explorer 7.0 or later. Other browsers are supported conditionally.
    • Microsoft .NET 3.5 will be required to complete the labs.

    All participants registering for the event should download Microsoft Hyper-V 2012 R2 Preview.


    “Looks good, Kevin!  Where are you going to be?”

    I’ll be covering the events in my usual main locations: Minneapolis, Omaha, Kansas City, and Saint Louis. 
    Click below to register for them.  See you there!

  • Windows Azure and SmartCards? (So many questions. So little time. Part 47)

    It’s been over a year now since I posted my last in the series “So many questions. So little time.”

    August 20, 2012 to be exact.”

    Yes indeed.  And now that I’m again giving my IT Camp attendees the ability to submit their questions to me in writing, their questions become a really good source of content for the blog.

    For example, at our Saint Louis IT Camp a couple of weeks ago, Ron asked:

    “Azure can be locked down with certificates.  Can that be incorporated with smart cards to further secure access?”

    The short answer: Yes.

    The longer answer.  Absolutely, yes.

    First, and quite simply, I know this to be true because this is how I authenticate every day into my Microsoft Full-time Employee-granted Windows Azure subscription.  It’s the difference between a typical LiveID/Microsoft Account login and what is known as an “Organizational Account” login, similar to what businesses are enabling for single-signon in products such as Office 365.  When I attempt to get into the Azure portal and I enter my Microsoft e-mail address, I’m redirected to a page that has this on it:

    My Microsoft Organizational Account Login

    Notice that I can use my Smart Card (which is my employee badge) to authenticate.

    Making this work requires using Active Directory and ADFS, where ADFS acts as the Security Token Service (STS), and Windows Azure is the Relying Party (RP).

    Remote Access by Devices testing as health

    “The RP requests a collection of claims routed by an application (for example, the Web browser) on the user device to one or more STSes. The user authenticates to the STS with whatever credential has been provided: password, smart card and so on.”

    That drawing and quote come from an excellent explanation of how the parts relate to one another, written by Dan Griffin and Tom Jones.  Read the full article here: Windows Azure: Authenticate Windows Azure with ADFS

  • VMware or Microsoft?–Does VMware get it?

    How much would you pay for 99.95% uptime?Does VMware understand the value of Infrastructure-as-a-Service (IaaS) and have the ability to support your “Hybrid Cloud”?  And can they back up their service with a solid Service-Level Agreement comparable to Microsoft’s?

    Of course they can.  At least I think they can.  Do you think so?  Does Keith

    In today’s final article of our 6-week-long series, “VMware or Microsoft?", my friend and teammate Keith Mayer answers these very important questions:

    • What Level of Availability is Guaranteed?
    • How is "Availability" Measured?
    • What is Excluded from SLA Guarantees?


    And in case you missed any of the full series, you can always return to the full list here:

    Tell your friends!


  • BREAKING NEWS: If you’re going to use Oracle, it’s in Windows Azure

    And we’ll support you!


    Today Microsoft and Oracle announce the availability of Oracle virtual machine images on Windows Azure.  As you may recall, on June 24 of this year (which happens to be my birthday every year), we announced..

    “…a partnership that will enable customers to run Oracle software on Windows Server Hyper-V and in Windows Azure. Customers will be able to deploy Oracle software — including Java, Oracle Database and Oracle WebLogic Server — on Windows Server Hyper-V or in Windows Azure and receive full support from Oracle.”

    In Windows Azure, try creating a new virtual machine.  In the gallery of VM images, you’ll notice the new additions…

    Oracle Platform Images

    Oracle Platform Images

    (HINT: If you don’t already have a Windows Azure subscription, you can try $200 of it for a month for free.)

    If you want some instructions on how to create and use these images, check out the MSDN page: Oracle Virtual Machine Images for Windows Azure

    And here’s the blog post in our “In the Cloud” blog: Oracle OpenWorld 2013: Oracle’s Mission-critical Software and Microsoft’s Enterprise-grade Cloud

    The Oracle images are currently “in preview”, which means they’re not (yet) intended for production use.  Click HERE for pricing and licensing details, including the “license mobility” that Oracle provides.

  • BREAKING NEWS: A new “memory intensive” VM size in Windows Azure

    In case you haven’t noticed, Microsoft has added a new virtual machine size available in Windows Azure.  To go along with our really big “A6” and “A7” sizes, there is now an “A5” machine size…

    Memory-hogger size

    So, if don’t have a need for so many processors, but need a bigger chunk of RAM, you’re in luck.

    For more information, please refer to the Cloud Services or Virtual Machines sections of the Pricing Details webpages.

  • VMware or Microsoft?–How robust is your availability?

    Disclaimer: facts and figures in this article are based on the state of the technology as it exists at the date of its publication. 

    Our article today in our “VMware or Microsoft?” series is about availability. 

    When I say “availability”, I mean “high availability”. 

    And when I say “robust high availability”, I mean a solution such as Windows Failover Clustering that provides high availability and scalability of server workloads.

    I argue that Microsoft’s solution is robust and solid, but VMware has argued differently.  In a currently available document that VMware provides comparing vSphere 5 to the as-of-then beta of what is now Hyper-V in Windows Server 2012, VMware makes the claim that they have “robust high availability” with a “single click, [that] withstands multiple host failures”, whereas Microsoft’s Failover Clustering is “based on legacy quorum model, complex and brittle”. 

    Really?  They haven’t been watching how far clustering has come in Windows Server lately.  In fact, at best, VMware’s document might be referring to how failover clustering used to work back in 2008.  More specifically, they are referring to the quorum model of how a cluster needs a majority vote to determine whether or not a node is actually unavailable, so that the resources it was managing can fail over to other nodes.  To ever have a solid majority, the number of voting members needs to be an odd number.  All nodes get a vote, and so if you have an even number of nodes, you need something else to break the tie.  So to make that work, you need some other “cluster witness”; which is either a “witness disk” or a “witness file share”. 

    From this document on Windows Server 2008 failover clustering:

    In a cluster with an even number of nodes and a quorum configuration that includes a witness, when the witness remains online, the cluster can continue sustain failures of half the nodes. If the witness goes offline, the same cluster can sustain failures of half the nodes minus one.

    Well then, please allow me to introduce you to…

    The Dynamic Quorum

    “Batman and Robin?”

    Tell me you didn't LOVE this show as a kid.No.. that was the “dynamic duo”.  I’m talking about the ability of all nodes in a Windows Failover Cluster to have a vote, and for the number of voting members to adjust dynamically as nodes fail; so that there is never any confusion (lack of a quorum) by having an even number of voting members.

    Is this diagram…

    Node & Disk Majority

    …we see a healthy 4 node cluster, each running 2 VMs, or any other clustered roles.  (Windows Failover Clustering is not just for virtualization, you know.)  The quorum is maintained because we have a disk witness to break the tie in case two nodes say “one node is down!” and the other two say “no, he’s not!”.

    If one of the nodes in our cluster goes away…

    Simple Node Majority

    …depending upon whether that removal was planned or a complete surprise, the clustered roles are able to failover or restart on other nodes.  AND, because the cluster now only has three active nodes, then that in itself becomes a quorum of voting members.

    “When a node shuts down or crashes, the node loses its quorum vote.  When a node successfully rejoins the cluster, it regains its quorum vote.  By dynamically adjusting the assignment of quorum votes, the cluster can increase or decrease the number of quorum votes that are required to keep running. This enables the cluster to maintain availability during sequential node failures or shutdowns.”

    Later, if either the node is re-added, it again gets a vote. 

    Robust.  But wait… there’s more…

    The Dynamic Witness

    The story gets even better In Windows Server 2012 R2.  R2 improves with something called the “Dynamic Witness”:

    “If the cluster is configured to use dynamic quorum (the default), the witness vote is also dynamically adjusted based on the number of voting nodes in current cluster membership. If there are an odd number of votes, the quorum witness does not have a vote. If there is an even number of votes, the quorum witness has a vote.

    The quorum witness vote is also dynamically adjusted based on the state of the witness resource. If the witness resource is offline or failed, the cluster sets the witness vote to ‘0’.”

    The benefit of this is for the rare case of a witness failure.  If that happens, the vote simply goes away and is assumed to not be there.  A huge benefit of all of this is that you never really have to worry about whether or not to count your nodes and the to configure a quorum witness or not. Just do it (as recommended), and let the dynamic nature of our failover clustering take care of it.

    Guest Clustering Without Limits

    Microsoft has a distinct advantage over VMware when it comes to guest clustering.  With Hyper-V and with virtual servers running Windows Server 2012 or 2012 R2, clusters of virtual machines can be created that use iSCSI, Fibre Channel, and even .VHDX files (in R2) as the location for their shared storage in either a Clustered Shared Volume (CSV) or just a server file share (SMB Share – file based storage). 

    So here are a couple of the new, flexible choices you have for guest clustered VM shared storage in Windows Server 2012 R2…

    Flexible choices for placement of Shared VHDX

    Try doing that on NFS. 

    While we’re on the subject of scale…

    Does Size Matter?

    VMware requires Essentials Plus or better for HA, and unless something else changed in vSphere 5.5 that they haven't yet said much about, I do believe they still can only support up to 4000 VMs in a 32 node cluster.  (Correct me in the comments and point me to documentation that proves me wrong, please.  I sincerely thought they would up their game here.) 

    You can cluster up to 8,000 virtual machines in up to a 64 node cluster with Windows Server 2012 and Windows Failover Clustering.  And you can do it for no additional cost


    “Holy robust high availability, Batman!”

    I’m glad you like it.  But if not, or if you have any questions, let me know in the comments.

    And for more details on what’s newer than what VMware would have you believe in the world of robust high-availability, check out these two TechNet documents:

    What's New in Failover Clustering in Windows Server 2012

    What's New in Failover Clustering in Windows Server 2012 R2