If, like me, you're intending to rebuild your test/dev environment and you are thinking of enabling Hyper-V, what's the best way to ensure you have all the latest, correct bits, installed in the right order? Well, here's the order that's being recommended to do things in:
Should you then have any virtual machines, either pre-built from the Hyper-V beta, or VMs you are intending to build from scratch, you need to do the following:
Being able to enable the Integration Components within XP XP3 and Vista SP1 machines means that not only will your mouse no longer get captured (much annoyance) but the guest OS's will also be able to take advantage of the synthetic driver model, providing a much more optimal level of hardware access and performance for the guests. Windows Server 2003 SP2 already had integration components, but I'd advise you to install the latest integration components if you are bringing these VMs from the Hyper-V beta build.
Video: NAP Video Blog: NAP Forefront Client Security
Jeff Sigman, Senior Program Manager for Network Access Protection in Corp, US, has recorded a really cool video of integrating NAP with Vista & Forefront Client Security. Now you could say, well, surely the integration is the same for Forefront Client Security as it is for any Anti-Virus vendor? If it works with the Security Center in Vista, it can report it's health to NAP, and it'll be seen as compliant or non-compliant, so how's that any different with Forefront?
The answer is that the Forefront guys have built a specific Forefront Security Health Agent / Validator for NAP, which has specific granular checks for the different elements of Forefront Client Security, rather than just the standard 'is it on, or is it off?'. You could, as an administrator on the client machine, turn off a certain option actually within the Forefront Client application, yet this still shows that the AV engine is 'switched on' and 'compliant' within the Security Center, yet this little service is no longer running. This Forefront SHV handles this, by checking for not only whether the AV engine is running, but what sub services and settings are running too.
If you're new to NAP, or experienced with it, this video is likely to be for you, so enjoy.
You can read all about this, and more on Jeff's NAP blog.
We've just announced a couple of 2-day training sessions for the upcoming Microsoft hypervisor-based virtualisation solution, Hyper-V.
Agenda Day 1:
09:15 Module 1 – Virtualisation Concepts
09:45 Module 2 – Hyper-V Architecture
11:00 Module 3 – Identifying Virtualisation Opportunities
11:45 Module 4 – Deploying Hyper-V Parent Partitions
12:30 Lunch Break
13:30 Lab 1 – Windows Server 2008 Hyper-V Installation
14:30 Module 5 – Deploying Hyper-V Child Partitions
15:45 Lab 2 – Utilising Hyper-V
16:45 Day 1 End
Agenda Day 2:
09:00 Module 6 – High Availability with Hyper-V
09:45 Lab 3 – Failover Clustering and Hyper-V
11:00 Module 7 – Managing Virtualised Workloads
11:45 Lab 4 – Automating Child Partitions with Scripts
13:30 Module 8 – Migrating to Hyper-V
14:15 Lab 5 – Migrating to Hyper-V
15:30 Module 9 – Common Virtualisation Scenarios
16:15 Module 10 – Implementation Planning
16:45 Workshop Review & Close
As of today, 20th March, the 1st event is full, but you can register for the waiting list. The other 2 sessions still have seats available.
You can get all the details, and register, here:
Well, there's a poll that's been carried out by Netuitive that suggests a high proportion of IT Pro's out there are.
Now, I'm not going to jump on the 'VMware-bashing' bandwagon here - it's just interesting reading to see, that in general, management is seen as one of, if not the most important feature of a strong virtual infrastructure....
""There has been a lot of talk around the value of virtualization and we can't argue that this area of technology opens up a whole new realm in terms of flexibility, cost savings and agility," said Daniel Heimlich, vice president at Netuitive. "The problem is that organizations started implementing VMs without first thinking about how they'll be able to manage them. Now we're starting to see a lot of questions being asked about how to do just that.""
I think Daniel has hit the nail on the head there. Organisations implement 'virtualisation' very quickly, as by many, it's seen as a quick and fairly painless silver bullet. They see the opportunity to quickly consolidate workloads onto fewer machines, providing near-instant savings in energy bills as one positive, and then many start rapidly exploring how they can do even more with virtualisation, with more virtual machines, migrating all over the place. Virtual server sprawl has even more of a chance of going out of control than physical server sprawl!
"As virtualization deployments grow, substandard performance management prevents organizations from realizing their full potential. Without good performance management, there is no certainty into how applications will behave, or whether SLAs can be met. All of this stops organizations from expanding their virtual deployments, maximizing resource utilization, and achieving virtualization goals," said Mann. "A new approach is needed - one that uses sophisticated, real time analytics to reduce the massive manual effort of managing VM complexity and ultimately creates confidence and restores performance predictability to managing VMs.""
I couldn't leave without explaining how Microsoft differentiates itself in this respect.
Microsoft has a number of virtualisation offerings, be it around Server, Presentation, Desktop or Application Virtualisation. What brings them all together, acting almost like the glue between the parts? System Center, our management platform. If you need to deploy applications, patches, updates, AV definitions and more, SC Configuration Manager 2007 handles it. If you need to monitor your servers, your clients, your specific applications and server apps, SC Operations Manager 2007 handles it. If you need to back up, intelligently, SharePoint farms, SQL Databases, File Servers, Exchange Mailboxes and configurations, and Virtual Servers, Data Protection Manager 2007 handles it, regardless of whether you want to back up to disk, or to tape. The great thing about these 3 platforms are, its the same set of tools to manage your physical, as your virtual environment. The final tool in the arsenal of System Center products, is SC Virtual Machine Manager 2007, which integrates straight it will the other tools, and at the same time allows you to manage your physical estate, and the virtual machines running on top. It also provides functionality around snapshots, P2V conversions, V2V and also integrates strongly with Group Policy. You can read a great review here: http://reviews.zdnet.co.uk/software/enterpriseapplications/0,1000001814,39352978,00.htm?r=3
You can also take a look at the complete System Center offering, here: http://www.microsoft.com/systemcenter/products/default.mspx
OK, so this is the sequel (not SQL) to my previous post, Windows Essential Server Solutions: Part I, and this time, were taking a look at the bigger, more powerful, slightly older brother of Small Business Server 2008; Windows Essential Business Server 2008.
So, what is Windows Essential Business Server, or, (W) EBS for short? Well, let's start with the rationale. In the past, should a small business have grown beyond the supportable number of Small Business Server 2003, which was around 50 users, realistically, the next level up was Windows Server Standard, which, for a large number of smaller businesses, was quite an expensive jump up in costs, bearing in mind you'd then need to obtain the relevant licenses for your other functions and applications you wanted to run on top, such as Exchange, or SQL. Taking this into account, Microsoft have decided to fill the gap between where SBS finishes (i.e. 50 users) and Server Standard typically starts (i.e. 250 users) with a new server offering; EBS, which follows in the footsteps of SBS by incorporating multiple OS's and applications into one single package, making it a great solution for up to 250 users.
So, what does EBS have in it that's worth shouting about?
"Windows Essential Business Server 2008 is an all-in-one integrated multi-server solution designed and priced specifically for midsize businesses. Windows Essential Business Server provides the essential technology needed for a highly secure and reliable infrastructure.
Powered by Windows Server 2008 technology, it combines software for management, messaging, and security features into one integrated server solution that is designed to dramatically reduce IT complexity and improve efficiency across the business, putting IT in control.
Windows Essential Business Server is an integrated and predictable platform designed to transform businesses by helping save time and money and significantly increase productivity"
But what actually made it into the 'suite' that is EBS?
As you can see, in the Standard Edition, it's a 3 server setup. One of these is your dedicated management server. I like this, a lot. This is one of the areas that was a little lacking in the SBS 2008 piece I touched on a few days back. Don't get me wrong, I'm not referring to the actual management of the SBS/EBS suite, I mean the actual management of other servers and clients within the infrastructure. SBS 2008 doesn't really have a solution for this. Sure, SBS 2008 provides AD, and also a patch deployment solution, in the form of WSUS 3.0 SP1, but in System Center Essentials, you're getting a lot more for your money. If you haven't seen SCE in action before, I'd strongly suggest you take a look. It can be purchased standalone, outside of EBS, and is aimed at managing up to 500 clients and 30 servers. When I say manage, I mean, patch, deploy, update, configure and so on. Basically, Essentials 2007 takes the best bits of Operations Manager and Configuration Manager, and wraps them up in a package of SMB loveliness.
You can read all about SCE 2007 on its own, here: http://www.microsoft.com/systemcenter/essentials/evaluation/features.mspx
So, that's your management server. You also have your messaging server, which will need to be x64, running another Domain Controller, for redundancy - makes sense, and Exchange 2007 will also be on this box, along with Forefront for Exchange, to ensure that box is locked down. You then have your security server, again, x64, and again, another instance of Exchange, which, I'm presuming, will be clustered with the first, to ensure high availability. You'll also have protection at the edge, with the next version of ISA.
Your final server, and this is only available with the Premium edition, is your database server. Pretty self explanatory really! You'd probably run your LOB app's on here too.
Again, as I mentioned in the post on SBS 2008, I'm not 100% sure where Virtualisation will fit into all of this, so I guess it's a 'watch this space' on that one too. Just to wrap up, the key pillars of EBS 2008 are:
Read more on that, and have a look at some screenshots, here: http://www.microsoft.com/windowsserver/essential/ebs/overview.mspx and you can get all the current information on EBS 2008 here: http://www.microsoft.com/windowsserver/essential/ebs/default.mspx
Now, I'll be honest here, I've been out of the office a hell of a lot recently, and haven't even had chance to upgrade my Hyper-V box from the beta to the Release Candidate that shipped last week! I intend to get this done w/c 7th April, after a short holiday break!
One of the other things that I'll certainly be doing is installing the Hyper-V MMC on my Vista SP1 machine. This will mean that I won't need to carry around a monitor with me to my presentations! I'll be able to fire up the Hyper-V MMC direct from my laptop! Happy days!
What is the Hyper-V MMC? Well, I'm sure you're familiar with the Microsoft Management Console, with the latest version being version 3.0. The Microsoft Management Console and it's relevant snap-ins are useful for managing different elements of your local, or remote systems. In this case, the specific snap-in that you can install and enable is to remotely manage Hyper-V boxes. Take note - it needs Vista SP1 - regular Vista just won't cut it. You can, however, choose between x86 and x64 versions of Vista SP1.
Personally, I'll find this really useful, as it will save me lugging a monitor all over the place (although I will need to buy a X-over cable!) but, before the version of System Center Virtual Machine Manager ships with support for Hyper-V, this is going to be the best remote Hyper-V management solution for me right now.
Jeff, from the Microsoft Virtualisation blog, has already posted more information about this, and you can check out the full post here. If you want to get straight into the action and download the MMC's, you can pick them up from here:
Once installed, open the MMC, click on 'Connect to Server' on the right hand side, and type in the name of your Hyper-V server, and you're good to go.
There's some great examples on the web around how Microsoft is reaping the benefits of implementing Windows Server 2008, and I thought it would be worth sharing.
Microsoft IT’s Top Five Management and Operations Features in Window Server 2008
Microsoft IT manages one of the largest network infrastructures in the world in addition to being the first and best customer of Microsoft. Being an early adopter of Windows Server 2008 has provided Microsoft IT the opportunity to learn firsthand how some of the new and enhanced features have made significant impacts in its day-to-day operations.
Read the full article here
Microsoft IT's Benefits of a Server Core Installation of Windows Server 2008
Server Core is a minimal installation option for the Windows Server® 2008 operating system that does not provide a fully integrated graphical user interface (GUI) or other components and applications that are not required for supported server roles and features. A Server Core installation helps reduce the attack surface and allows for easier installation and configuration management.
How MSIT Uses Terminal Services as a Scalable Remote Access Solution
Like many large organizations, Microsoft has a geographically dispersed work force. With more than 78,000 employees in 78 countries worldwide, Microsoft faces continual challenges with making corporate information easily available to workers from remote locations and with ensuring that important internal company information is as secure as possible.
Microsoft IT wanted to test the scalability and performance of Windows Server 2008 Terminal Services. This deployment was so successful that the pilot project was rolled into the production environment at Microsoft IT. This environment acts as an SSL-based remote access solution.
I'd strongly recommend reading this one - there's a great deal of information not only on TS, but also the components that make up a strong TS solution, such as the Session Broker, RemoteApp, Easy Print, and the Terminal Services Gateway. The article, at the end, also highlights best practices for Enterprise deployments, including:
Limit computer-based NLB implementations to TS Gateway deployments that experience 1,500 or fewer simultaneous connections. The team calculated that Windows NLB would work best with a maximum of approximately 1,500 simultaneous connections. Adding more load-balancing servers would not appreciably increase the number of connections that the TS Gateway farm can host. For TS Gateway farms that experience more than 1,500 simultaneous connections, using a third-party load-balancing device is the best approach.
Deploy three or more NLB nodes to support TS Gateway in an NLB cluster. The maximum number of connections that a single NLB cluster node can support is limited by the CPU resources of that node. Depending on the CPU speed and other hardware resources of each cluster node, the team determined that three or more cluster nodes may be required in an NLB environment with a maximum of 1,500 connections for the whole NLB cluster.
Install TS Session Broker on a separate computer. The team found that to have the most flexibility in a load-balanced terminal server farm, the TS Session Broker component should run on a separate server. This type of installation enabled the team to take any terminal server offline for maintenance or upgrade purposes without affecting the availability of the terminal server farm. The team found that the hardware resources that the TS Session Broker computer requires are very light. Therefore, the team determined that the TS Session Broker role could be installed on a less capable computer, or the role could be combined with other roles in the organization.
Watch the webcast here
There are also a number of other useful webcasts doing the rounds:
How Microsoft Does IT: Enhancing High Availability with Server Core in Windows Server 2008
In this webcast, we explain why Microsoft Windows Server 2008 is the next generation of the Windows Server operating system that helps information technology (IT) professionals maximize control over their infrastructure while providing unprecedented availability and management capabilities, leading to a significantly more secure, reliable and robust server environment than ever before
How Microsoft IT Managed Windows Server 2008 Network Security
Discover the networking advancements and policy-driven network security features in Windows Server 2008. In this webcast, Microsoft IT explains the next generation of networking features in Windows Server 2008 and describes the network security solution scenarios these features enable
How Microsoft IT Deploys Windows 2008 Clusters for File Services
Join this webcast to find out how Microsoft IT leverages clustering included in Windows 2008 Server to support users worldwide. The solution is easy to plan, deploy and migrate from previous releases of Microsoft Cluster Server to Windows 2008 clustering technologies, leveraging built-in migration tools to quickly and simply upgrade. The result is a set of Windows 2008 clusters deployed worldwide that support more users through increased reliability and features.
One of the many interesting case studies floating around the web features the University of California, Berkeley, and how they used Windows Server 2008, among other technologies, to tackle their management and security concerns in their complex IT environment.
"The central IT division at The University of California, Berkeley faced significant management and security challenges in supporting a large and diverse user base and technology environment. Most users needed corporate-level IT resources and centrally based management, while others needed technologies capable of supporting world-leading research endeavours and self-management. Security challenges were compounded by the open environment required of a world-class academic environment. In response, IT executives used the Server Manager feature in the Windows Server® 2008 operating system to simplify account and security management, cutting application downtime by half and reducing security-setting management by 10 hours monthly. Executives also will take advantage of powerful Windows Server 2008 security capabilities to minimize the vulnerability to attack and simplify patch management"
Business Situation - UCB IT executives face a daunting challenge in managing and supporting a large and diverse group of academic departments and users, scientific researchers, and students both on and off campus.
Solution - UCB deployed the Windows Server® 2008 operating system to 18 servers and implemented the Active Directory® service to manage tens of thousands of accounts.
Seems like improvements in AD, Kerberos Authentication, BitLocker and Server Core were the order of the day here!
Read the full article here.
One of the things that more and more people I speak to, find really interesting in Terminal Services 2008, is the Terminal Services Gateway - new in Windows Server 2008.
"Svenska Cellulosa Aktiebolaget (SCA) manufactures and sells paper products and consumer goods to companies in more than 90 countries. With 51,000 employees spread across 600 sites, SCA relies on Windows Server® 2003 Terminal Services to give employees and business partners access to IT resources over a virtual private network (VPN). End users often struggle with slow system-response times. In addition, the need for a VPN client sometimes prevents employees from accessing the network. In 2007, SCA chose to deploy the 64-bit Windows Server 2008 Enterprise operating system to take advantage of new capabilities in Terminal Services and features such as the Read-Only Domain Controller. As a result, SCA expects to increase employees’ mobility, cut costs, boost security, and speed application deployment and data access."
The removal, in many scenarios, on the requirement for VPN, is a great benefit for many organisations, who are used to having to sit through a slow and sometimes painful process of authentication to access internal resources from outside of their corporate walls. This is assuming that users can connect from a client that has the relevant VPN client installed. What about a mobile user situated at another customer's site? Or from an Internet Cafe? Or a home PC? Terminal Services Gateway can really help with this. Best of all, it ties in nicely with NAP, or Network Access Protection, featured by Jeff, in this post.
Business Situation - SCA sought a solution that could accelerate access to remote network resources, allow for greater mobility of employees, and minimize security risks posed by unsecured domain controllers.
Solution - After SCA evaluated competitive solutions, it chose to deploy Windows Server® 2008, which offers new features that address the company’s issues without third-party components.
You can read the full article here, and more about how Microsoft IT have deployed TS internally, along with how you can get more users on a TS box with 2008.
Virtualisation: Selling to the Technical Decision Maker
Microsoft provides a comprehensive set of virtualisation products, tools, and services that span from the datacenter to the desktop. Our offerings cover server virtualisation with Hyper-V, application virtualisation with Terminal Services, presentation virtualisation with Softgrid, and desktop virtualisation with Virtual PC and VECD. This webcast will address how to present the virtualisation story to create a buying and deployment vision for the Technology Decision Maker (TDM) using Core IO and create momentum behind sales opportunities. In this webcast, Eddie Hanif and Dai Vu will help you understand the expanded role for virtualisation as a key enabler of Microsoft’s Dynamic IT vision and outline the strategy for accelerating broad adoption of virtualisation.
This webcast will help identify virtualisation sales opportunities and map Microsoft’s virtualisation solutions to customer requirements. We will address how to create a buying vision for the Technology Decision Maker (TDM) and how to move sales opportunities to the next level.