David Ziembicki on Infrastructure Architecture

Recently there has been some healthy debate around the validity of “private clouds” and whether such a construct is new or just a different name for virtualization and automated provisioning, i.e. a marketecture. In this corner for the anti-Private Cloud sentiment, we have the 2009 Prediction – Rise and Fall of the Private Cloud which argues there is really no such thing as a private cloud and the concept will die quickly as everyone moves to the public cloud. There are some excellent points in this article, I’ll address several below. Take a quick read and come back, I’ll wait… In the other corner, we have Christofer Hoff from Cisco and his response. Finally, Reuven Cohen hits the nail on the head with his post A Public Cloud by Any Other Name is Private which basically states that this is all basically definitional dancing where people argue about concepts without defining any of the underpinning terms.

People’s opinions on this topic seem to correlate most with whether they believe the defining attributes of cloud computing are financial (only paying for capacity utilized, no capex, etc) or whether they believe the defining attributes are technical (shared infrastructure, scale-out architectures, dynamic provisioning). The folks who focus on the financial side tend to believe either there cannot be private clouds because all costs are still incurred by the organization or that there is no way a single organization will be able to drive costs as low as the large cloud providers can with economies of scale.

The folks who see cloud computing as more of an architecture pattern for applications and an infrastructure/operational model tend to believe that the approach is just as relevant for a public cloud provider as it is for a large internal IT organization.

I am firmly in the camp of those who believe private clouds are going to be an important part of IT for at least the next decade. I come to this view using my definition of a cloud which is: an infrastructure architecture, application development model, and operations management discipline that dynamically provide necessary  services whenever and wherever they are needed while sharing costs between all users.  

Using that definition, all manner of clouds including public, private, hybrid, etc. will exist. Will there be certain economies of scale that a Microsoft or Amazon with hundreds of thousands of servers will be able to achieve that a single business won’t? Of course. But there will also be a degree of customization and agility that private clouds will be able to achieve that large providers won’t.

The reason I believe that private clouds as a concept are something new is that this is the first time that all of IT (infrastructure, development, and operations) are being looked at holistically. This is much more than just being able to sling VMs about the datacenter. This about providing a cost effective infrastructure where code that addresses user needs, be it an app, a VM, or a service can be developed rapidly by using foundational services, deployed near real-time, scale as needed, and then be retired at the end of its useful life.

I’m excited by Microsoft’s opportunities along the full spectrum of the cloud. Azure is a very forward looking vision of the public cloud that I still don’t think most people are grasping yet. Likewise, Microsoft’s traditional on premise solutions are evolving very quickly toward both private cloud and public cloud implementations. To me the most important question that will determine our long term success is how well we are able to provide a seamless continuum between the Azure platform and our Server and Tools solutions as they evolve toward cloud services. I think we are targeting an end game that no one else is really going after from on-premise, through private cloud, to public cloud.

The Virtual Hard Disk Getting Started Guide is 61 pages of great info outlining all the relevant scenarios, configurations, and options for using VHD files. This was release about 3 weeks ago but I missed it at the time due to training and TechReady9. The guide outlines basic scenarios like booting Windows 7 or Server 2008 R2 from VHD as well as more advanced scenarios like migrating at VHD between physical and virtual environments, etc. If nothing else this is worth a quick read of the table of contents because you will likely see things in there that you didn’t realize you could do with VHDs.

Here is the official description of the doc:

“Windows Server® 2008 R2 and Windows® 7 is the first version of Windows to provide native support for virtual hard disks (VHDs). This guide describes the scenarios that guided the development of this feature, detailed steps about how to employ the functionality (including image creation, deployment, and maintenance), and the associated tools, scripts, and APIs.”

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=d2afacbb-5af6-45c2-b275-932116e27b0b

In a blog posting earlier this week, the Azure team announced that they would be moving all Azure applications out of our “USA – Northwest” datacenter. I was fascinated by this given that the stated reason for this move is a change in local tax law which presumably make it less financially attractive to offer the services from that area. Mike Manos published a great blog post on the topic this morning called “The Cloud Politic – How Regulation, Taxes, and National Borders are shaping the infrastructure of the cloud”. Definitely worth reading and considering the implications.

So where will cloud infrastructure form? Consider the real thing in nature and substitute taxes for atmospheric pressure. Below is a paraphrased description from NOAA:

Wind is simply the air in motion … Pressure gradient is the difference in pressure between high and low pressure areas … What happens to the converging winds near a low? … It has to go somewhere so it is forced to rise. As it rises it cools. When air cools it can hold less water vapor so some of the invisible vapor condenses, forming clouds and precipitation … What about the diverging air near a high? … As air warms it can hold more water vapor, which means that clouds will tend to evaporate.

Bottom line, cloud infrastructure will tend to emerge in low tax, low energy cost, high connectivity areas. This much is obvious and has been a key part of data center site selection methodologies as Manos alluded to. To date these have mostly dealt with “where do we plant these multi-hundred million dollar facilities to exist for at least 10 years”. As the move by the Azure team demonstrates however, what runs in these datacenters can be moved around at will. Is it running internal applications and thus maybe not taxable activity? Or is it running a revenue generating activity that may be taxed? If so, does the datacenter in the next state provide a lower tax environment? If yes, move the workload there, and so on.

With an ever growing percentage of computing likely to migrate toward the large cloud providers, small percent differences in the tax rate, cost of power, etc. can have a large impact on the profitability of providing cloud services. You see this today with certain localities actively shaping public policy around attracting datacenter construction.

Over time I think this will lead to several architectural trends. The first is that an ever increasing number of input parameters (tax rate, power cost, bandwidth, etc) will be utilized by cloud infrastructure software to determine where best to run customer workloads. Where today this occurs mostly during site selection, this will rapidly evolve to the point where it is near real-time and workloads will transparently migrate to follow low cost off-peak power, regions with lower taxes, etc. While workloads are easier to move than entire datacenters, even that is very likely to change given the numbers at stake. Most people have heard of Microsoft’s Chicago datacenter where the first floor is comprised of shipping containers and totals hundreds of thousands of servers. This capacity is obviously mobile but requires supporting facility infrastructure which to date is in fixed locations only. If you look at Microsoft’s Gen4 datacenter vision, you’ll see that eventually even most of the supporting infrastructure will be modular and mobile as well.

These trends will make for some very interesting infrastructure architecture challenges. The clouds will form near low pressure areas…

Day 4 and 5 of TechReady were action packed, I didn’t even have time to post yesterday. I skipped the first session timeslot on Thurs to prepare for the double session I was presenting with Citrix. The double session format basically allocates two sessions (3 hours) to one topic letting you get into a lot more detail. The session went very well and the feedback surveys so far have been very positive. We spent the first half of the session describing the Microsoft+Citrix VDI solution and its components. The second half was filled with demos of the solution with different types of clients accessing VDI sessions and walkthroughs of the administrator consoles.

After my session and some internal meetings, I attended a session on Microsoft’s Dynamic Datacenter Toolkit. I haven’t had much time to explore this yet but will be focusing on that a lot in the next couple months. For an example of a hosting partner using this solution, check out MaximumASP.com and their MaxV solution.

Finally on Day 4 I attended a session on the Remote Desktop Services (RDS) improvements in Windows Server 2008 R2, particularly the built-in VDI solution. I’ve been so focused on the Microsoft+Citrix solution that I haven’t had time to dig into the Microsoft in-box solution. This is being positioned toward branch and or lower complexity environments while the Microsoft+Citrix solution is targeted toward large or higher complexity implementations. The improvements to RDP and Hyper-V are the real enablers for the VDI scenarios in R2.

Day 5 opened with multiple demos of Office 2010 and Office Web Applications which are really going to open up completely new scenarios for rich collaboration. Next was a keynote from my favorite Microsoft executive, Bob Muglia, head of the Server and Tools Business. Bob covered improvements in Windows, Hyper-V, SharePoint, SQL. The thing TechReady is best for is stepping back and seeing the scope of this release of software we are going to have this year and the solid advancement in capability and features on almost all fronts simultaneously.

After taking care of some logistical items, I attended a session on Hyper-V security. Not much new info in that one, basically there is good security guidance for Hyper-V in the Windows Server 2008 Security Guide as well as the Hyper-V Resource kit. Finally, I attended a session on Windows 7 and Windows Server 2008 R2 branch office infrastructure. This covered the new Branch Cache feature which can substantially reduce bandwidth utilization in branches by caching content as well as other new features and improvements to SMB, DFS, etc.

All in all, TechReady9 was a great time. I’ve still got a list of sessions that I want to see that is longer than the list of sessions that I actually saw! I’m glad they were all recorded…

Tomorrow and Sunday I’ll be teaching a 2-day VDI class along with some MCS and Citrix colleagues. Should be a good class, the students will learn about and set up the entire Microsoft+Citrix VDI solution over the course of the two days. Then finally on Monday I will head home after almost two and half weeks on the mothership!

Day 3 kicked off with a keynote by Ray Ozzie and several very cool demos on UI futures, what’s coming across some of the Bing features, and some stuff MSR is working on. There was also a good discussion of how concepts move from MSR, to Labs, then into the product groups.

Next up was a very entertaining session with Jeff Woolsey, the Hyper-V program manager and president of the “virtualization nation”. This session dealt point by point with the FUD put out there by the competition. Aside from the entertainment, it was actually quite valuable because we get hit with some of these outlandish claims by customers all the time who’ve drank the cool-aid of the other guys.

Next up was a session on Terminal Services, which is being re-branded as Remote Desktop Services (RDS). Most of the new features in R2 were discussed (RDP 7, multi-monitor support, VDI) with some cool demos. One showed a six monitor setup over RDP with full multi-monitor support (I use three at home…)

After lunch was a session on the next version of OCS. Voice and PBX replacement are the key themes of this release, beyond that I can’t say much about the content.

In the afternoon I attended a session on VDI using the Microsoft and Citrix solution. This was an intro session to the deep dive that I’m doing today with the RDS PM and some Citrix colleagues. Good session, some good demos of the combined functionality that the two companies provide and how the solution is more fully featured and less expensive than the competition.

The day wrapped up in the evening with “Ask the Experts” which is an event where all the presenters and product group folks are stationed at tables in main dining area and the Techready attendees can come in and ask questions, network, etc. It’s a great opportunity to meet folks from the product groups as well as others you may not have seen in a while. Every year I bump into people I haven’t seen in years or who have recently joined Microsoft that I worked with before. This year was no different.

Day 4 should be action packed, I present during the 10:15 timeslot on VDI.

Day 2 at TechReady was packed with technical sessions, no keynotes. In the morning I attended a session on model driven development. Not yet an infrastructure architecture related technology but as I mentioned yesterday regarding System Center, Microsoft is investing in a big way in modeling. The “Oslo” set of technologies is the foundation for developers and architects.

My next session was a special, invite only, session with a very senior Microsoft executive. It was an NDA session so I can’t discuss the content but in general the session was a very frank Q&A where the senior folks invited to the session were able to ask any question on any topic. I think people would be surprised how down to earth and still very technical some of the Microsoft senior execs are. Additionally, I don’t think most people realize the scope, scale, and challenge of managing the huge engineering teams for the big products.

Next up was a session with my Server Virtualization with Advanced Management (SVAM) colleagues. SVAM is a service offering from Microsoft Consulting Services (MCS) and partners focusing on several virtualization scenarios such as server consolidation, dynamic management, VDI, etc. This session provided an overview of the next version of the offering which adds several new content modules including the VDI module I worked on earlier this year around the Microsoft+Citrix VDI solution.

The final two sessions I attended were with the Microsoft Online group (Exchange Online, SharePoint Online, etc). The first was with the operations team of MS Online and the second was with the engineering team. Lots of info about their current offerings and even more about where they were going. The general theme is leveraging the new versions of the underlying products and bringing to the cloud a greater percentage of the features of the on-premise versions.

That’s it for Day 2. Day 3 will bring a keynote from Ray Ozzie, more technical sessions through the day, then Ask the Experts tonight.

TechReady is always motivating and day one of TechReady 9 was no different as thousands of folks from Microsoft’s field organization (Consulting, Support, Sales, etc) take over the Washington State Conference & Trade Center in Seattle. The day one keynote was headlined by Microsoft’s COO Kevin Turner who reviewed last year’s challenging environment and our successes then pumped up the crowd for FY10. Despite the tough economy its a pretty exciting time at Microsoft with the huge wave of products coming to market over the next 12 months.

After the keynote I attended the general session for System Center. This was very interesting, but  unfortunately most of it hasn’t been announced yet so I can’t detail it. The general themes of user centricity, virtualization, and modeling that were discussed at MMS are core to where System Center is going. The new System Center Service Manager product coming to market next year is also going to be very important. I look forward to the more detailed sessions on these topics this week. 

Next I attended the Microsoft Services general session. This was more internally focused on our Services organization and business topics so wouldn’t be of much interest to readers.

In the afternoon I attended a double session, 3 hours total on Hyper-V and advanced storage scenarios. This was an excellent session with several presenters from the product group and some of my colleagues in Microsoft Consulting Services. They covered storage improvements in R2 across iSCSI, FibreChannel, Cluster Shared Volumes, etc. A good bit of time was spent on MPIO which provides multipathing and highly available storage connectivity. Some new whitepapers on that will be published in the next couple weeks which I’ll link to as they become available.

Finally, in the afternoon I attended another System Center session which I can’t really give any details about.

As with every TechReady, particularly for an infrastructure architect like myself and most readers of this blog interested in a range of technologies, at each timeslot there are at least 3 – 5 sessions I want to attend. Fortunately all of these are being recorded so I can view the other ones over time. Looking forward to Day 2!

Last week I came out to Redmond for 5 days of training on the Forefront Protection Suite, formerly Forefront codenamed “Stirling”. The final name was announced at the Worldwide Partner Conference:

Forefront codename “Stirling” - the next generation of the Forefront Security Suite for integrated,  comprehensive protection across endpoints, servers and the edge – will be officially known as Forefront Protection Suite (FPS).

FPS will include the products in the current suite, plus the Forefront Protection Manager (formerly known as the “Stirling” management console) and the Forefront Threat Management Gateway Web Security Service.

The training was pretty interesting. We covered most of the components of the suite, the console, and the integration between all the components. That integration is going to be the real differentiator. Client, Server, and Edge security can all be tightly integrated as well as Network Access Protection (NAP). The solution is built on top of PowerShell so there are significant automation capabilities even beyond the in box solutions.

With very capable component pieces and many integration points, there are a huge number of implementation scenarios and options. This can be very powerful but also a bit daunting until you gain experience with the products. The suite leverages the System Center infrastructure, particularly Operations Manager.

I came away from the 5 days pretty impressed with the suite and the scenarios it enables but also with a healthy respect for the effort required to implement the solution. If the appropriate time and resources are allocated, the end result can be a very robust security infrastructure and most importantly a single console providing situational awareness and reporting across the entire security infrastructure.

If you want to take a look at the suite yourself, the Beta2 release is available here both in installable form and in a pre-configured virtual machine.

Sean Olson has a fantastic post called “What I Wish I Knew at 21”. Take five minutes and read it, I guarantee you’ll find it useful and thought provoking.

As mentioned here and in a few other posts, I’ve been using Friendfeed and Twitter quite a bit over the last couple months. I’ve been extremely impressed with Friendfeed in particular. I’ve created two Friendfeed groups that I’ve been posting content to in addition to my main feed. The groups are:

Microsoft Virtualization

Cloud Infrastructure

Their focus is self explanatory but consist of posts, comments, etc. from a variety of sources that I find relevant to each of those topics. The feeds also include posts from the relevant categories from this blog. Please join these groups if you have interest in these areas.

While these feeds are available over on the Friendfeed website, I’m also leveraging a feature they just rolled out around real-time search. If you scroll down the sidebar in my blog, you will see links to two new pages I’ve added:

Virtualization

http://blogs.technet.com/davidzi/pages/virtualization.aspx

Cloud Infrastructure

http://blogs.technet.com/davidzi/pages/cloud-infrastructure.aspx

These pages embed Friendfeed real-time searches scoped to the groups I created and will therefore update in real-time whenever I post or share new content to the group. If you want a wider scope in your results, take out the group: tag and put in any keyword you want such as “virtualization” and you will get updating results each time someone posts something to Friendfeed with that term.

For folks with similar interests, I think these feeds will be valuable as my goal is to highlight the top couple of articles, posts, etc that I come across each day out of the 50 – 100 that I read. Enjoy!

A new Security section has been added to the government site on Microsoft.com. The site consolidates a number of relevant tools, solutions, case studies, and links relevant to Public Sector organizations. Several of the solutions call for specific mentions here:

Federal Desktop Core Configuration (FDCC)

Federal Server Core Configuration (FSCC)

Infrastructure Optimization (IO)

Server Virtualization

The site also includes a brief interview with a colleague of mine in the Federal practice, Bill Billings, the Chief Security Officer of Microsoft Federal. In the video Bill discusses some of the cyber security priorities of the Obama administration and the areas Microsoft is working with the administration.

There’s a good technical post over on Chris Adam’s blog about how to dynamically provision customized virtual machines by using System Center Virtual Machine Manager and unattend.xml. The unattend.xml file is used in combination with a sysprep’d image and applies customization (things like computer name, installed roles, etc) that are specified in the XML file. Chris’s post explains how this can be done very easily in VMM.

This post was timely as I have been working on some unattended installations and other automation for a customer I am working with. With all the focus on the back and forth with competitors at the virtualization layer, it almost seems like the workload and configuration inside the VM is “getting no respect”.

In any event, the unattended installation realm can be intimidating at first. There are multiple ways of accomplishing most tasks, there is an enormous amount of things in Windows that can be customized, etc. Microsoft makes a large number of resources available such as the Windows Automated Installation Kit, Microsoft Deployment Toolkit, etc. There are beta updates to these for Win7, R2, etc. that can be found on Bing.com.

For a very detailed treatment on all of these topics, check out the Deploying Vista series over on WindowsNetworking.com Most of the content is the same for Windows 2008 servers as well. This article on Technet is quick and direct step-by-step guide for a basic automated installation. Between the info Chris provided and some of these resources, you’ll be well on your way to dynamic VM provisioning.

Here’s an interesting and slightly amusing mock debate between Brandon Shell and Jason Conger on Citrix’s Workflow Studio vs PowerShell for automation. If you aren’t familiar with it, here is the description of what Workflow Studio is:

“Citrix Workflow Studio™ is an infrastructure process automation platform that enables you to transform your datacenter into a dynamic delivery center.”

“Built on top of Windows PowerShell™ and Windows Workflow Foundation, Workflow Studio provides an easy-to-use, graphical interface for workflow composition that virtually eliminates scripting. Workflow Studio acts as the glue across the IT infrastructure allowing administrators to easily tie technology components together via workflows.”

The debate is amusing because in reality both guys understand that each has its place, one is a foundational component of the other, and the combination of the two can be extremely powerful. The core of the “debate” is one’s definition of automation: execution of atomic tasks with as little effort/code as possible (basic PowerShell) or event/workflow driven execution of multiple tasks with associated logic (advanced PowerShell and/or Workflow Studio). The first is an enabler for the latter.

It’s been my opinion since Exchange 2007 and Virtual Machine Manager 2007 committed entirely to PowerShell and with the PowerShell team’s continued focus on simplicity and consistency, that this was the tipping point that was going to enable real automation and orchestration of IT infrastructures. Now with partners (Citrix) and competitors (VMware) alike building on and/or leveraging PowerShell, we’re going to see significant advancements in the state of the art this year. 

Over on the Solution Accelerators Security Blog is a post and link to the IT Infrastructure Threat Modeling Guide.

From the guide:

The IT Infrastructure Threat Modeling Guide provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security. This guide describes and considers the extensive methodology that exists for Microsoft Security Development Lifecycle (SDL) threat modeling and uses it to establish a threat modeling process for IT infrastructure.

This is one example of what I think will be a growing trend where the lines between infrastructure and development will be blurred. This is a positive as there are a substantial number of best practices in both disciplines that can be shared. A structured approach to threat modeling is a prime example.

The Hypervisor Functional Specification v2.0 for Windows Server 2008 R2 has been posted to the web and can be found here. The original v1.0 version for Windows Server 2008 RTM was described in this post.

Here is the overview of the v2.0 version:

This document is the top-level functional specification (TLFS) of the second-generation Microsoft hypervisor. It specifies the externally visible behavior of the Microsoft hypervisor, a component of Microsoft Windows Server 2008 R2 Windows Server virtualization. The document assumes familiarity with the goals of the project and the high-level hypervisor architecture. This specification is provided under the Microsoft Open Specification Promise. For further details on the Microsoft Open Specification Promise, please refer to: http://www.microsoft.com/interop/osp/default.mspx. The Hypervisor Functional Specifications document specifies the externally visible behavior of the Microsoft hypervisor, a component of Microsoft Windows Server 2008 R2 Windows Server virtualization. The specifications can be used to understand the functions of the hypervisor and implement a compatible solution.