Greetings folks!
As you're all busy getting ready for the holiday season, I'd like to introduce you another Christmas gift idea for a "VMM geek". :-)
My colleagues, Michael Michael and Hector Linares, just finished writing a new book "Mastering Virtual Machine Manager 2008 R2", and it's available for order now at Amazon.com: http://www.amazon.com/Mastering-Virtual-Machine-Manager-2008/dp/0470463325/ref=sr_1_1?ie=UTF8&s=books&qid=1260507554&sr=8-1-catcorr#noop. I also helped write one of the chapters in the book. :-) Michael and Hector put a lot of time in writing the book, and they spent time in putting in tons of tips, best practices, and samples to make sure the book be a useful tool for every VMM administrator. So, I highly recommend giving it a read, if you are an VMM user or planning to deploy VMM.
Here are the words quoted directly from the publisher:
"This book shows you how to use Microsoft's System Center Virtual Machine Manager to effectively manage both the virtual and physical assets of your enterprise. Learn from two virtualization insiders at Microsoft how to install, configure, deploy, monitor, and troubleshoot VMM; handle backup and recovery; and much more. Going well beyond the basics, this book provides the technical know-how, best practices, and actual code you'll need to tailor a VMM deployment and keep things running smoothly.
Coverage includes:
- Understanding the big picture, including Hyper-VTM 2.0 and Operations Manager 2007
- Thoroughly examining all features, capabilities, and architecture you'll need for a successful deployment
- Interacting with VMware's vCenterTM for management of ESXTM hosts
- Deploying virtual machines to Hyper-V hosts
- Building rich automation through Windows PowerShellTM and extending the capability of your VMM
- Using the Performance and Resource Optimization (PRO) infrastructure to create new PRO packs and dynamic IT
- Backing up and planning for recovery of the VMM server; also backup and recovery of Hyper-V hosts using Hyper-V VSS Writer "
Thanks for reading and happy holidays!
Cheng
Greetings, folks!
I'm pleased to let you all know that our documentation team has just published the doanloadable version of SCVMM 2008 R2 documents at here: http://go.microsoft.com/fwlink/?LinkId=162764
Available documents for download are:
· Deployment Guide
· Guide to Operations Manager Integration
· Security Guide
· Operations Guide
· Scripting Guide
· Cmdlet Reference
· Building PRO-Enabled Management Packs
Go check them out today, download them onto your favorite device, print them out or just read them wherever / however you want.
Feedback on these? Please send it to:
scvmfdbk@microsoft.com.
Cheers!
Cheng
Greetings folks!
This is one of the very exciting mements that I have to drop whatever I'm doing and tell you about this. :-)
I've been busy on a few things. So sorry for not able to post much information lately. And I'll tell you about what I was working on in a few months. We're baking something big. :-)
Unlike last time when we released VMM 2008 (which was a few months after Hyper-V RTM), we're tying our VMM 2008 R2 release schedule right together with Windows Server 2008 R2. And it comes with a big load of goodies (Live Migration support, CSV support;Storage Migration; Rapid Provisioning; Host Compatibility Check; Support for 3rd party CSF; Support for Veritas Volume Manager; Integration with Visual Studio Lab Manager; etc.).
Go download a trial and give it a try, go get it now, and unleash the virtualization power that Microsoft brings to you.
Here are more information on this exciting RTM announcement:
http://blogs.technet.com/systemcenter/archive/2009/08/24/system-center-virtual-machine-manager-vmm-2008-r2-rtms.aspx
Cheers!
Cheng
As part of the VMM 2008 R2 launch, I'm inviting my colleague, Kerim, to provide you some information on how you can upgrade your existing VMM 2008 / VMM 2008 R2 RC versions to the VMM 2008 R2 RTM version. Here comes Kerim:
===================
Hi everyone,
My name is Kerim Hanif. I am a program manager here at VMM product team, today I want to explain the paths you can upgrade to VMM 2008 R2 RTM. The purpose of this blog is to give you a general idea on how the upgrade works, for more detailed information please see the VMM 2008 R2 Deployment Guide in VMM TechNet http://go.microsoft.com/fwlink/?LinkID=139191
Upgrading from VMM 2008 RTM to VMM 2008 R2 RTM
This is an in-place upgrade, you don’t need any extra tools, it is build right in the product.
One caveat for this upgrade - You can’t restart any of the prior jobs after the upgrade, after upgrading all jobs that were run prior to the upgrade will appear in the job history; however, those jobs cannot be restarted. It is recommended that you allow all jobs to complete before upgrading the VMM server. Jobs that are canceled during the upgrade cannot be restarted after the upgrade is completed.
Pre-upgrade tasks;
1. Perform a full backup your VMM 2008 RTM database, this way in an unlikely case that something goes wrong you can always reinstall VMM 2008 RTM using this database.
Upgrade tasks;
1. Start the VMM 2008 R2 RTM setup (with elevated privileges) on a machine that contains a VMM 2008 RTM component and select any one of the components from the splash screen that comes up.
2. Setup will detect that you have a VMM 2008 RTM bits installed and will automatically start the “upgrade wizard”
3. In the wizard we will show you which components are installed on the box the setup is currently running and ask you to confirm that we will go ahead and upgrade all of these components. Note: You may ask what happens if I select a component from splash screen that is not installed on the box. Let’s say you have admin console and server installed on this box and you have selected Self-Service Portal. In this case the behavior is that we will first upgrade all the components (admin console and server for this example) and then start the installation of Self-Service portal.
Post upgrade tasks;
1. You will need to perform this procedure above on all computers that has a VMM 2008 RTM component installed (admin console or SSP)
2. Refresh all hosts and library servers from the admin console.
1. Go to hosts view (also Library view), select machines and select refresh from the actions pane. We are doing this manually so that we don’t have to wait for the host refresher to run. By doing this all the agents on these machines will find out that the db version has changes and they will go to “needs attention” state.
3. Now you will need to go to the “managed computers view” in admin console and right click all the agents (both on hosts and library servers) that are in “needs attention” state and select “update agent”. Note: You can multi select here but do these in batches of 10-25.
Upgrading from VMM 2008 R2 RC to VMM 2008 R2 RTM
This upgrade will require the “UpgradeVMMR2RC.exe” tool (this tool is available on the Microsoft Connect site under VMM 2008 R2 connection - http://connect.microsoft.com/Downloads/Downloads.aspx?SiteID=960 );
Pre-upgrade tasks;
1. Perform a full back up your VMM 2008 R2 RC database, this way in an unlikely case that something goes wrong you can always reinstall VMM 2008 R2 RC using this database.
Upgrade tasks;
1. Uninstall VMM 2008 R2 RC with “retain db” option
2. Open a command prompt with elevated privileges and run “UpgradeVMMR2RC.exe” tool against the “retained” db in the previous process.
a. Command usage: UpgradeVMMR2RC.exe –server <computername[\instancename]> -database <database>
i. E.g. UpgradeVMMR2RC.exe –server VMMDB01\MICROSOFT$VMM$ -database VirtualManagerDB
3. Install VMM 2008 R2 RTM using this upgraded db above.
Post upgrade tasks;
1. You will need to uninstall all components with RC code and install new components with RTM code (admin console, SSP)
2. Refresh all hosts and library servers from the admin console.
a. Go to hosts view (also Library view), select machines and select refresh from the actions pane. We are doing this manually so that we don’t have to wait for the host refresher to run. By doing this all the agents on these machines will find out that the db version has changes and they will go to “needs attention” state.
3. Now you will need to go to the “managed computers view” in admin console and right click all the agents (both on hosts and library servers) that are in “needs attention” state and select “update agent”. Note: You can multi select here but do these in batches of 10-25.
a. If you have machines that are in ‘access denied’ state, you will need to ‘reassociate’ these first before upgrading the agents; so right click those machines, select reaccociate then when it is complete right click again and select “update agent”
You may also have clustered hosts, you may still be on VMM 2007, created PRO configuration (OM integration) with VMM 2008 RTM and wondering how to migrate, for these topics please see VMM 2008 R2 Deployment Guide in VMM TechNet http://go.microsoft.com/fwlink/?LinkID=139191 there are great step-by-step guidance provided in that document.
Thank you and I hope this information helps you in your migration.
Kerim Hanif
Greetings, folks!
Hope you had a good Mother's Day weekend (if you celebrate that holiday)!
Since VMM R2 Beta was released, the team has been working hard in incorporating feedback from customers. Here is a nice blog from Vishwa that explains the new set of features we’ve added in the upcoming VMM R2 RC release:
· Storage Migration
· Queuing of Live Migration
· Rapid Provisioning
· Host Compatibility Checks
· Support for 3rd Party CFS
· Support for Veritas Volume Manager
Enjoy your reading,
Cheng
Hello there!
Today I got a guest poster, my colleague, David Armour. David is a senior program manager responsible for SCVMM 2008's Networking feature. Based on the questions he has seen on the Technet SCVMM forum, he wanted to post this information out to help clarify the concepts and usage of Network Location and Network Tag in SCVMM.
Here is the post in David's words:
=============================================
When you specify a template or VM’s network connection requirements, you can supply a Network Location and a Network Tag. You have undoubtedly seen this screen:
What do these things mean and how are they used?
Network Location and Network Tag are used when placing a VM on the host - the VM's connection requirements are checked against the networking capabilities provided by the host. This helps you place the VM onto a host that can provide the network connection requirements of the VM. When you set the requirements in the VM, you select from a list network locations and tags which the hosts provide. So for example if your VM should be in your DMZ, you can select the DMZ network as the network location.
In most cases, the Network Location is determined on the host using the Windows Network Location Awareness (NLA) feature. Windows determines a name for the network based on the DNS settings for the network. You can learn more about how the Windows Network Location Awareness (NLA) feature works here: http://msdn.microsoft.com/en-us/library/ms740558(VS.85).aspx.
Sometimes VMM cannot determine the Network Location from NLA. This happens with loopback adapters since they are not participating in a network and on ESX servers since OS on these hosts does not have the NLA feature. In these cases you can manually add the network location. You can do this by going to the host properties. On the Hardware tab, find the loopback adapter. Check the "Override discovered network location" checkbox and type a name for the network location.
We just covered Network Location, now let’s look at the Network Tag.
The Network Tag provides you with another property to set up applicability when placing a VM on a host. You can use the network tag on the Hosts’ virtual networks to differentiate networks on some other criteria than just network location, such as on the VLAN or network throughput or security (IPSec for example). This is a custom tag that you create. The network tag is set on the host’s Virtual Network and the VM/Template can then select this tag in its network connection requirements. To set the Network Tag on a Host’s Virtual Network, go to the host properties. On the networking tab, find your Virtual Network. You will find the Network Tag under the Virtual Network name.
Once you have set up the Network Location and Network Tags on your hosts, each unique Network Tag and Network Location will show up in the combo boxes under the VM/Template's connection requirements.
Thanks,
David
=============================================
Hope this helps and thanks for reading!
Cheng
Greetings, folks!
Hope you had a great Easter on last Sunday, if you celebrate that holiday! My kids certainly enjoyed hunting eggs in a typical Seattle drizzling Saturday morning. J
This blog entry is for folks who use or plan to use VMM to manage VMware ESX hosts.
If this is your first time adding your ESX host to VMM, and your ESX hosts are added into VMM by using DNS name (instead of IP address), and your network environment with Internet proxy is not made aware of VMware host DNS names, you may see error similar to below:
Error (2891)
VMM cannot complete the …. action on the vmm-esx1.scvmm.contoso.com server because of the error: The remote server returned an error: (502) Bad Gateway.
(Unknown error (0x194))
This issue may occur when:
· To turn your ESX host from “OK(Limited)” state to “OK” state (to get your ESX host in full management mode), you are providing root user credentials and attempting to retrieve the certificate and SSH key from the ESX host to approve.
· You may also run into the same error when attempting to perform a live migration (VMotion) for a VM hosted by an ESX host from VMM admin console.
The cause of this issue is due to the DNS resolution (or proxy configuration) on your VMM server:
· VMM uses web services to communicate to VMware Virtual Center and ESX hosts.
· Proxies are generally configured to permit pass-through of local DNS names.
· In some cases, when the proxy is not configured for a DNS name, the web service connection may fail.
Following are some simple options to resolve this issue:
· SOLUTION 1: Include VMWare host DNS names in the internet proxy configuration.
· SOLUTION 2: Add dns hosts to the proxy configuration of Internet Explorer
· SOLUTION 3: Create a file "vmmservice.exe.config" in the same location as vmmservice.exe (by default, it’s installed under this directory: %ProgramFiles%\Program Files\Microsoft System Center Virtual Machine Manager 2008\bin\) with contents similar to the following. Note: you will need to bounce the VMM server service (restart “Virtual Machine Manager” service from services.mcs) for it to pick up the new proxy configuration).
<configuration>
<system.net>
<defaultProxy>
<bypasslist>
<add address="[a-z]+\.contoso\.com" />
</bypasslist>
</defaultProxy>
</system.net>
</configuration>
On the extreme side, you could also completely turn off the proxy on your VMM server by applying the following config file:
<configuration>
<system.net>
<defaultProxy enabled="false">
</defaultProxy>
</system.net>
</configuration>
Hope this helps and thanks for reading!
Cheers,
Cheng
Hello folks,
As you can see from the news, we’ve released our beta for SCVMM 2008 R2, which offers support to Windows Server 2008 R2 (live migration, etc.) and a bunch of exciting new features.
Today, I wanted to introduce to you our new VMM Maintenance Mode feature in VMM R2.
What is maintenance mode?
· In Virtual Machine Manager (VMM) 2008 R2, you can start maintenance mode for a virtual machine host anytime that you need to perform maintenance tasks on the physical host, such as applying security updates or replacing hardware on the physical host computer.
· We support start / stop maintenance mode for Hyper-V hosts, Virtual Server hosts, as well as VMWare ESX hosts.
How does it work “under the hood”?
· To start or stop maintenance mode on a host,
o In the VMM Administrator Console, in Hosts view, click a host, and then in the Actions pane, click either Start maintenance mode or Stop maintenance mode.
o Or from a PowerShell window, use cmdlet “disable-VMHost” to put a host into maintenance mode, and use cmdlet “enable-VMHost” to take the host out of maintenance mode.
· Entering maintenance mode
o This action can be applied to all host and host clusters.
o For Windows-based virtualization hosts
§ If they are Win7 clusters (capable of live migration), two options would be presented on the UI:
· The default option is to live migrate all running HA VMs, save-state all non-HA running VMs and put the host in maintenance mode.
· The other option is to simply save-state all running VMs (no migration), and put the host in maintenance mode.
§ If they are standalone VM hosts or Win6 clusters (incapable of live migration), you would only see one option on the UI
· Save-state of all running VMs and put the host in maintenance mode.
o What about VMWare ESX hosts?
§ When you start maintenance mode on an ESX Server host, VMM sends an “Enter maintenance mode” request to the VMware VirtualCenter Server.
§ The system behavior of the virtual machines on the selected ESX Server host is determined by the configuration of the VMware VirtualCenter Server.
· If the VMware Distributed Resources Scheduler is not configured, all virtual machines on the host must be either manually shut down or moved to another host to successfully start maintenance mode on an ESX Server host.
o What about those stopped VMs?
§ We do not touch stopped VMs.
§ Even for saved-state VMs, we’re not migrating them either. They will remain on the host.
· In maintenance mode
o When host is in maintenance mode, here are the changes to the system behaviors on hosts:
§ Host state is not updated (the state will remain as “In Maintenance Mode” regardless of the agent status or virtualization service status);
§ No VM creation is allowed on the host;
§ No VM can be moved into this host;
§ Host is excluded from any placement (hence, self-service portal users or PRO auto-implementation won’t be able to pick this host).
o What can users do?
§ Users actually are not blocked from most actions (except New-VM and Move-VM into this host).
§ However, please be aware that the results of the requests are all depending on the state of the host and its agent. And because the host state is no longer updated once the host is in maintenance mode, you may have a “in maintenance mode” host that is completely down but you just may not see the state change on our UI.
· Request to remove (or force remove) the host;
· Request to start or stop VMs on the host;
· Request to change properties of the host;
· Request to move VM out of the host; etc.
· Exit maintenance mode
o When host is taken out of maintenance mode, here is the system behavior:
§ The next host refresher will update the host state to its current state;
§ The host is now available for placement;
§ Blocks for VM creation or migration are removed from the host.
o What about the VMs that were migrated out?
§ They are remain at their current hosts.
§ VMM does not auto-migrate-back the VMs that were migrated out.
§ Users need to evaluate and decide if there is a need to rebalance the workloads again with the resources on this host becoming available again.
Got any comments / feedbacks?
· Give it a try by downloading our beta from here.
· Send me your feedback.
Hope this is helpful and thanks for reading!
Cheng
Greetings folks!
I’m pleased to announce that the public Beta of SCVMM 2008 R2 is now available for download at our connect site. Since shipping SCVMM 2008 in last October, our team has been busy working on an update that supports Windows 2008 R2, takes advantage of the new features in the platform, and addresses key customers asks. This release coming within a few months of the SCVMM 2008 RTM (including the holiday season!) delivers several exciting new features and enables a few important functionalities requested by our customers.
Here are the highlights of the new features in this Beta release:
· Live Migration support
o Windows 2008 R2 supports Live migration, and now so does SCVMM 2008 R2.
· Clustered Shared Volumes (CSV) support
o Ability to place multiple VMs on a single LUN is a key customer request.
· SAN enhancements:
o SAN migration in and out of clusters (taking advantages of your SAN infrastructure to achieve a faster migration experience)
o Multiple LUNs per single iSCSI target which provides support for iSCSI products from Network Appliance and EMC.
· Networking enhancements:
o Support for VMQ & Chimney
o Support for MAC spoofing
o Support for reusable port groups in VMWare VirtualCenter.
· Maintenance mode support
o Maintenance mode is supported across all platforms: Hyper-V, VS and VMWare ESX hosts
o Putting a host in maintenance mode, triggers evacuation of all VMs on the host via live migration on Windows 2008 R2 and VMWare.
o PRO migrations to the host are disabled.
· Disjoint domains support
o With proper permission configuration, now with VMM 2008 R2, you can easily add hosts in a disjoint domain into VMM.
For more complete description of the R2 Beta release, check out the blog post from Rakesh.
Join our connect site and download our VMM R2 Beta now!
Cheers,
Cheng
Greeting folks!
Hot off press – Our content team has worked hard to produce a set of documents around how to secure your VMM 2008 environment, which includes interesting topics:
· Basics of VMM security
· Hardening VMM components (from VMM Server to the VM hosts, from your DB server to your library server)
· Security around PRO (OpsMgr integration)
· We even offer you the security guidance on how to configure a more secure VMware environment by using VMM
This set of documents offer both security guidelines as well as some best practices in tightening up the security in your VMM environment. Some of the documents extend their ways into explaining how VMM works “under the hood”, so that the readers understand what and why they should decide to implement. I hope you’ll find it as useful, refreshing and informative as I did.
It’s available for download here:
http://technet.microsoft.com/en-us/library/cc764247.aspx
Enjoy your reading!
Cheng
Greetings folks,
NIC Teaming, also called “Load Balancing and Fail-Over” (LBFO) or “Link Aggregation” or “IEEE 802.1AX-2008”, groups multiple interfaces to provide fault tolerance and load balancing for Network Interface Cards (NIC) connecting Windows Server to the network. This aggregation combines the individual capacity of multiple interface cards to form a high performance virtual link so the failure of an individual port or adapter does not cause a loss of connectivity. Below is a picture from Wikipedia.org on how a typical NIC teaming looks like:
The Microsoft support position on NIC teaming for Windows Server 2008 (deployed either in a physical environment or virtualized environment with Hyper-V) is that hardware and driver support is provided by the hardware manufacturer as outlined in KB Article 254101.
Alex, one of our test engineers, spent some time researching Broadcom Advanced Control Suite (BACS) version 11.6.10 with Broadcom Advanced Server Program (BASP) NICs, and found out that he could actually make NIC teaming work with his Hyper-V hosts and have VMM manage the BASP NICs.
Here is the blog he posted for what he has experimented and his step-by-step notes on how he made it work for him.
http://blogs.technet.com/apb/archive/2009/02/25/using-vmm-to-manage-you-hyper-v-nic-teams-created-with-bacs.aspx
Hope this is useful information for you!
Enjoy your reading,
Cheng
Greetings folks!
Hope you all had a good Valentine weekend last week!
If you noticed, during your VMM Server installation, there is an option of allowing you to select a different account to run VMM Server service (VMMService) from the default computer account.
“When should I consider using this non-default option?”, you may ask.
You may have other reasons / policies to run VMMService by using a domain account. However, based on some of our recent CSS reports, choosing your own domain account to run VMMService should be a preferred option for customers who are running a more restrictive AD environment. Here is why:
· With default install option, VMMService is run under the VMM Server local system / computer account.
· When adding trusted domain-joined VM hosts (whose domain has two-way trusts with the domain VMM Server is in), VMM Server adds its computer account (the account it uses to run VMMService) into the local administrator group of the target VM hosts, as part of the Add-VMHost process.
· In a more restrictive AD environment, we find it common for customers to have a “Restricted Groups” group policy that disallows machine accounts to be part of the local administrators group. Hence, when the GP is in effect, the machine account will be removed by this GP.
· And when this happens, the affected VM Hosts will show up in VMM console as “Needs Attention” (and the agent status will be “Not Responding”), since the VMM Server will no longer be able to authenticate with the hosts. Here is error message that you will see from the failed host refresher job (BTW, we’ll be updating this error message in our vNext):
Error (2927)
A Hardware Management error has occurred trying to contact server servername.domainname.com.
(Unknown error (0x80338104))
Recommended Action
Check that WinRM is installed and running on server servername.domainname.com. For more information use the command "winrm helpmsg hresult".
When users get into this situation, there are a few options they can do to fix this issue:
1. Check with your IT security group and see if it’s possible to disable the “Restricted Groups” group policy in your Active Directory environment; or
2. Check with your IT security group and see if it’s possible to modify the group policy to allow the VMM machine account in the Local Administrators group; or
3. Check to see if it’s possible to move the VMM Server machine account to its own organizational unit (OU) and block the group policy from being applied to that OU; or
4. If making changes to your group policy (or negotiating with your IT security group J) is next-to-impossible, the only option left is to reinstall the VMM server and choose the option to run the VMM service by using a domain account with admin privilege on your VMM Server computer (in this case, you will need to remove and re-add all your VM hosts, or choose to reinstall your VMM Server without retaining data).
Hence, I highly recommend users to evaluate your IT security (AD) policies before deploying your VMM server into production environment, as those factors do directly affect how VMM performs operations within that environment. And, if you do have a more restrictive AD environment, I suggest you to use a domain account to run VMM Server service. Also, if you have a disjoint namespace environment, it's also recommended to use a domain account to run your VMM Server service.
Before I close on this subject, there is one restriction that I think folks should be aware when using a domain account to run your VMM Server service:
· Users cannot use the same domain user account to add or remove hosts.
o Say, you configured VMM Server to use account “foo\bar” to run VMM Server service.
o And it also happens to be part of the local admin group for a host “MyNewHost” that you want to add to VMM.
o When we go through AddHost wizard (or through our cmdlet), you will be asked about a credential with admin privilege for us to install agent.
o At this point, it’s disallowed to use the same user account “foo\bar” to add the host. And yes, we actually block you from doing such operation.
o The same is true for host removal, it’s disallowed to use the same account “foo\bar” to remove the host.
· Why do we not allow this?
o During host addition, we add the service account to the local admin group on the host. When removing the host, we need to remove the account from the local admin group.
§ If we remove the account first, we won't be able to talk to the agent.
§ If we remove the agent first, we leave the account behind.
§ Thus, users need to use a different account for host removal.
o During host addition, we add the service account to the local admin group on the host.
§ In case of failure during the agent install process as part of the AddHost task, we need to be able to roll back and successfully remove the agent.
§ To do that, we need the same requirement.
· So, the proper process is that if you use “foo\bar” to run your VMM Server service, you will need to use a different account with admin privilege to add or remove your host.
Hope this helps and thanks for reading!
Thanks,
Cheng
The Hyper-V Security Guide can help you elevate the security of virtualized Windows Server environments to meet your business-critical needs. This accelerator provides IT professionals like you with recommendations to address your key security concerns around server virtualization. The guide provides authoritative guidance that relates to the following strategies for securing virtualized environments:
· Hardening Hyper-V. The guide provides prescriptive guidance for hardening the Hyper-V server role, including several best practices for installing and configuring Hyper-V with a focus on security. These best practices include measures for reducing the attack surface of Hyper-V as well as recommendations for properly configuring secure virtual networks and storage devices on a Hyper-V host server.
· Delegating Virtual machine management . The ability to safely and securely delegate administrative access to virtual machine resources within an organization is essential. The guide highlights several available methods to administer different aspects of a virtual machine infrastructure and ways to control administrative access to different servers and at different levels.
· Protecting virtual machines. The guide also provides prescriptive guidance for securing virtual machine resources, including best practices and detailed steps for protecting virtual machines by using a combination of file system permissions, encryption, and auditing.
The Beta release is available now for your review through March 4, 2009. After joining the Beta review program [live ID required], bookmark this link to the program site to get the latest information about project details.
Thanks for reading!
Cheng
Greetings,
My colleague, Alan Goodman, has published a blog entry about the release of VMM 2008 MP, which consists of the following exciting reports:
· Virtualization Candidates - Helps identify physical computers that are good candidates for conversion to VM.
· VM utilization - Provides information about your virtual machines.
· Host Utilization - Shows the number of virtual machines running per host.
· Host Utilization Growth - Shows the percentage growth of host resources and number of VMs.
· VM Allocation - Useful data for VM chargeback calculation.
For details, visit here.
Thanks for reading!
Cheng
Greetings folks and Happy Chinese New Year to you if you celebrate that cultural tradition!
Today, I wanted to talk about a topic that many of our TAP customers have requested support for during our VMM 2008 release development phase. We’ve seen customers with distributed and geographically dispersed regional offices or storefronts tend to have a disjoint namespace environment.
In that environment, where the FQDN of a Windows server in AD does not match the FQDN of the same server in DNS, you will not be able to search the host’s DNS FQDN through VMM Add Host wizard, as it searches against your AD. More importantly, even if you selected “Skip AD query” option on the admin console, the regular “Add Host” job would still fail if required AD operation step is not taken. The root cause of the job failure is due to the fact that we need to use the DNS host name to connect to the host via WS-MAN, but the following authentication fails when we try to authenticate the host’s DNS FQDN against AD.
Hence, in order for hosts in this environment to be successfully added and managed by VMM, the instructions below should be followed:
· We recommend users to setup/install their VMM Server by making the VMM service running under a domain account (instead of the default server machine account);
· If you’re adding your host in disjoint namespace from Admin Console, at the 2nd page of the AddHosts wizard, you will need to check the option “Skip Active Directory name verification”;
· The SPNs of the DNS host FQDNs must be added to AD;
· For clusters, you will need to add the hosts by using the “Add-VMHost” cmdlet (see sample code below).
PS C:\> $Credential = Get-Credential
PS C:\> Get-VMMServer -ComputerName "VMMServer.Contoso.com"
PS C:\> $VMHostGroup = Get-VMHostGroup | where {$_.Path -eq "All Hosts"}
PS C:\> Add-VMHostCluster -Name "VMHostCluster.Contoso.com" -VMHostGroup $VMHostGroup -RemoteConnectEnabled $TRUE -RemoteConnectPort 5900 -Credential $Credential
In VMM 2008 release, we require users to manually add the SPNs (use command “setspn –a” with appropriate AD privilege). Here is a reference Technet article with information on how to create SPNs. For a large environment, you may want to consult with your AD administrator to run a script to add the SPNs.
For VMM vNext, we’re working on a better solution, if the VMM server service account has AD privilege to add SPN, our AddHost logic will attempt to add the host’s DNS FQDN SPN when the authentication fails. With this new feature, if customers configure their AD properly, it will eliminate a lot of manual and tedious AD operations. Here is a KB article that talks about how to create AD permissions to allow a service account to add SPNs.
Hope this helps.
Thanks for reading!
Cheng
