The Windows Storage Solutions team that manages DPM 2007 is very excited to announce that the ‘Rollup Update’ for System Center Data Protection Manager 2007 is now available for download. The biggest new workload that DPM now has supported protection for is, of course, Windows Server 2008.
While DPM2007 has actually been protecting “Longhorn” since Beta 3, this update makes Windows Server 2008 a supported protect-able workload.
Specific new capabilities for Windows Server 2008 include:
Protect Windows Server 2008 systems, including those running Core Protect Windows Server 2008 System State Ability to run the DPM2007 Server on a Windows Server 2008 platform
Protect Windows Server 2008 systems, including those running Core
Protect Windows Server 2008 System State
Ability to run the DPM2007 Server on a Windows Server 2008 platform
Some of the other enhancements in the rollup update include:
Protection for SQL Server 2008 Protection of Virtual Server 2005 R2 clustered hosts Tape Library Sharing - so that multiple DPM servers can share a single enterprise tape library silo
Protection for SQL Server 2008
Protection of Virtual Server 2005 R2 clustered hosts
Tape Library Sharing - so that multiple DPM servers can share a single enterprise tape library silo
For more details on what is included in the DPM 2007 “Rollup Update” or in the upcoming Service Pack 1, please check out:
TechNet webcast on “What is coming next for DPM 2007” from April 23, 2008
The DPM 2007 Rollup Update is now available via Microsoft Update, if your DPM server has opt’ed in for updates … or it is downloadable from:
System Center Data Protection Manager 2007 - Rollup Update - x86 System Center Data Protection Manager 2007 - Rollup Update - x64
System Center Data Protection Manager 2007 - Rollup Update - x86
System Center Data Protection Manager 2007 - Rollup Update - x64
Microsoft is committed to continuing to make DPM2007 an ideal solution for protecting and recovering your Windows infrastructure. So, stay tuned as we get ready to launch the beta for DPM 2007 Service Pack 1 later this Summer – including the updates listed above, PLUS:
Protection for Hyper-V More capabilities around SQL Server databases New features for protecting SharePoint farms And some other features that we are keeping a surprise for now.
Protection for Hyper-V
More capabilities around SQL Server databases
New features for protecting SharePoint farms
And some other features that we are keeping a surprise for now.
For more news and updates on DPM 2007, be sure to also check out the DPM BLOG.
-- Jason Buffington / Windows Storage Solutions
Hi—I am Rob Emanuel, a Technology Architect on the Microsoft.com Operations team focusing on virtualization. I wanted to share the great progress we have made rolling out Hyper-V since my first blog a month ago. In that blog I discussed our success with fully virtualizing the web front ends for MSDN and TechNet on Hyper-V RC0. I also highlighted an article our team wrote about how we approached those virtualizations and hopefully conveyed how truly successful we found Hyper-V to be as a web platform.
Microsoft.com Powered by Hyper-V
One of our more challenging systems from a server subsystem utilization perspective is www.microsoft.com. The site handles 15,000 requests per second, 1.2 billion page views per month, and 280M worldwide unique users per month as well as supporting ~5000 content contributors from within the company. This site has close to 300GB of content consisting of some seven million individual files on each server. Due to this scale and the variety of applications hosted, the site heavily exercises all of the major subsystems - memory, CPU, network, and file I/O – on each server. Based on the load characteristics and the fact that this site is a testing ground for early adoption of Microsoft technology, we expected the production load of www.microsoft.com to provide a great test for Hyper-V.
On June 5th our Operations Team turned up a full sixteen VM cluster hosting www.microsoft.com on Hyper-V. That cluster is handling 25% of the production traffic load and can scale past that to support data center redundancy goals. We have not encountered any performance, stability or availability issues on the virtualized cluster.
The Deployment
We began our deployment on the www.microsoft.com site with a single server back in March running on Hyper-V Beta. We continued with live load testing and artificial stress load similar to our approach with the MSDN deployment. This single VM was as stable, reliable and performed better with live internet load as compared to the older physical servers in the cluster. With the success of the first VM running www.microsoft.com we decided to expand to an entire cluster of servers. This was also a great opportunity to leverage SCVMM 2008 beta for the first time in production.
At the time the SCVMM 2008 beta required Hyper-V RC0 so in order to use SCVMM and Hyper-V together, RC0 was utilized through the deployment phase. Once the deployment was complete, the servers were all upgraded to Hyper-V RC1.
Using SCVMM we created a “golden” web server image for www.microsoft.com including both the server and content to improve deployment speed as well as configuration control. Previously a new deployment of www.microsoft.com involved 12 hours to sync the 7 million small content files over the network. Utilizing a single content VHD cut this time down to 4 hours.
We had limited test hardware available for this first phase so, were only able to deploy one VM per physical server. Clearly this is not an optimal strategy for long term virtualization given that each server has 8 processors, but it did allow us to move quickly with the hardware we had available. The next stage of our www.microsoft.com virtualization will take place on a SAN based infrastructure allowing us to run multiple VMs per server head.
Current www.microsoft.com Virtualized Environment
Component
Description
Hardware
Dual socket Quad-Core Intel processors32GB RAM4x146GB disk drives
Virtual machines
4 Virtual processors 30GB RAM50GB dynamic VHD – OS
385GB dynamic VHD – Data\Logs
Operating system – Parent
Windows Server 2008 Hyper-V RC1 Enterprise versionReserved 4GB RAM from 32GB total
Operating system – VMs
Windows Server 2008 Enterprise version Internet Information Services (IIS) 7.0
Availability
One of our primary goals is maintaining high availability regardless of where we are in the technology lifecycle. We measure availability in a variety of ways, but one of the baseline tests we use is a 3rd party provided HTTP request from 45 worldwide agents against the www.microsoft.com hosting platform – currently Windows Server 2008, IIS7 and now Hyper-V. The average availability of the platform prior to our Hyper-V based deployment was 99.94% and is running at an average of 99.95% since the deployment of the first cluster. Since this particular measure is an Internet based test, meeting or exceeding previous results means we’ve hit our goal.
Platform availability before and after Hyper-V Deployed to handle 25% of traffic
Performance
We have been very encouraged by the stability, scalability and performance of Hyper-V on the www.microsoft.com site. In terms of performance for this site, overall the results are in-line with previously observed measures while virtualizing MSDN and TechNet. As with those sites we completed comparison testing of the VMs against both the current and new physical servers. The outcome of the current physical servers vs. new VM comparison helped us determine how many VMs running www.microsoft.com we would need to match the current physical server capacity as well as handle projected growth. Given the VM performance on the new servers we’ll consolidate down from 80 physical servers to 64 VMs. Those VMs will initially be deployed onto a total of 40 new physical servers.
Our initial performance testing showed a 10% CPU overhead in running www.microsoft.com in a virtual machine. This testing was based on sustained live traffic using matching hardware for the VM host and the physical server. Both the physical server and the VM were configured with four processors, 30GB RAM and included matching disk and network subsystems to provide for an accurate comparison.
Based on these results we are ready to fully host www.microsoft.com web servers on Hyper-V and we’re targeting end of June for 50% of the load. As soon as we complete deployment of our new hardware infrastructure in diverse data centers, we’ll complete the full virtualization.
If you would like to see me try to speak to all of this, and about our team’s overall adoption success with Hyper-V in under five minutes you can find a short video noted below.
Also check out our TechCenter for further information about our group’s technology adoption efforts.
I hope you enjoy virtualizing on Hyper-V as much as we have.
-Rob
With summer in Redmond just around the corner, I know a number of teachers that like to take trips or do odd jobs around the house while school is out. However the teachers in California’s Manteca Unified School District still have access to classroom applications at home (or anywhere they have internet access) because of Windows Server 2008.
The school district is a prime example of success that can be had with the Terminal Services RemoteApp feature of WS08.
One of the initial goals of their WS08 deployment was to move away from establishing a dedicated virtual private network (VPN) for their 30 schools and 4,000 staff members to access information. With Terminal Services, teachers are now able to securely access the same information available in their classrooms, using their home PC. Due to its success, the district also plans to install Terminal Services on nine more servers before the 2008-2009 school year begins.
We continue to hear great feedback on the actual deployment time of WS08 as well. Manteca’s deployment of WS08 was pretty quick—IT staff was able to deploy all applications to one server, rather than 5,500 times to individual desktop computers.
If you are looking for more information on Terminal Services, check out the Terminal Services Team Blog.
-Michael
Microsoft published a Security Advisory today providing information for developers and Web administrators on ways in which they can mitigate and prevent SQL injection attacks. As you might have seen, there was a spate of such attacks in late April and it caused quite a few headaches for administrators. Remember that SQL injection attacks target Web application code, not Web server code, so they can only be avoided by making sure that any Web application that accepts user input, which is then used to query a database, follows best practices to ensure that the input does not contain malicious code or syntax that might compromise the database, Web site, or even the whole server.
So the advisory today is not a security bulletin - there are no patches for IIS or SQL Server or ASP.NET to download. However, we are making available some tools that can help mitigate these attacks while the underlying Web application code is being fixed to follow security best practices for protecting against SQL injection in ASP and ASP.NET. There is a tool from HP that tests sites to help identify pages that might be susceptible to SQL injection attacks, and also a Microsoft Source Code Analyzer from our SQL Server team that actually parses ASP code for data access commands that might be vulnerable to SQL injection.
But the one that I'm most excited about is UrlScan 3.0 Beta. As you may remember, UrlScan originally released with the IIS Lockdown Tool to help mitigate security vulnerabilities that affected IIS 5.0 in Windows 2000 Server. It's an ISAPI filter that examines HTTP requests to check that URLs and other headers are not being padded with overlong strings or unusual characters as a way to conduct a buffer overflow attack. We haven't updated this tool since we released UrlScan Version 2.5 alongside IIS 6.0, because most of the functionality is now available in IIS 7.0 as the Request Filtering module. But as of today, you can download 32-bit and 64-bit versions of UrlScan 3.0 Beta, which extends the functionality to also examine the querystring part of the URL (i.e. the part that comes after a "?" in a URL - typically name/value pairs or other parameters that are passed to a script or application). This can therefore help prevent SQL injection attacks while the underlying Web application code is fixed.
Over on the IIS.net site, you can find a full walkthrough of the tool, as well as some great articles by Wade Hilmo (the guy who wrote UrlScan) and Nazim Lala, another member of our IIS security team. They have full details on the tool and other security guidance you can follow to help protect your Web servers and applications.
David.
TechEd 2008 IT Professional was a blast! It was great to meet and talk with many of you IT Pros. An opportunity came my way to discuss some of the lesser known features of Windows Server 2008, especially with relation to Active Directory. Take a look, this is a 2 part video. RODC, Auditing, Password Policies, and Domain Controller location (this is the biggie) are all discussed. Hopefully this gives some insight into the little things. Enjoy!
Justin Graham