Monthly Archives: September 2012

New Exams for SharePoint, Lync and Exchange 2013 coming

Microsoft has published some information regarding the new certifications coming for Wave 15 deployment, this is regarding SharePoint, Lync and Exchange 2013.
This exams follow the new(old) MSCE certification tracks.

Exchange:
70-341 & 70-342 = MSCE Messaging
http://www.microsoft.com/learning/en/us/certification/cert-exchange-server.aspx

Lync:
70-336 & 70-337 = MSCE Communication
http://www.microsoft.com/learning/en/us/certification/cert-lync-server.aspx

SharePoint
70-331 & 70-332 = MSCE SharePoint
http://www.microsoft.com/learning/en/us/certification/cert-sharepoint-server.aspx

I’m guessing most of them will be available from next year, since all of these products are still in preview. Even thou Lync exams states they will be available from November this year (perhaps this a typo? Im guessing all these products are going to be released at the same time, and will follow like System Center release.

Stay tuned for more!

F5 Coming with a Network Virtualization Gateway for SCVMM

As a part of WS2012 and System Center 2012 SP1, Microsoft are introducing their network virtualization feature. You can read more about it here –>
http://technet.microsoft.com/en-us/library/jj134174.aspx In terms of virtualization it allows to run multiple virtual networks on a physical network.
As a part of Microsoft’s investment to this solution, F5 is coming with a Gateway solution that can work in conjunction with Network Virtualization.
You can read more about it here –> http://rcpmag.com/articles/2012/09/25/f5-microsoft-network-virtualization-gateway.aspx The gateway is used to connect the virtualized network to the non-virtualized network.

F5 Has already been good at developing solution which has support for System Center (Own integration packs for Orchestrator, MP for SCOM, LB profile for SCVMM) and now this, it will be interesting to see how this works out, and if Citrix is working on a solution like this as well, since this will be a core component for a future Windows infrastructure.

SCOM 2012 Setup error

When installing SCOM 2012 w/webconsole you might the this error message during installation.
image

 

The ISAPI and CGI Restrictions are disabled or missing: Web Console cannot operate properly because the ISAPI and CI Restrictions in Internet Information Services (IIS) are disabled or missing for ASP.NET 4.0.

ASP.NET 4.0 Registration Check: The ASP.NET 4.0 handler is not registered with IIS.

you must open a Command prompt as Administrator and run the following command which registers ASP.NET 4.0 with
IIS:%WINDIR%Microsoft.NETFramework64v4.0.30319aspnet_regiis.exe –r

You should receive the following output:

Start installing ASP.NET (4.0.30319) and changing IIS configuration to use this version of ASP.NET.

Finished installing ASP.NET (4.0.30319) and changing IIS configuration to use this version of ASP.NET.

Secondly, run Internet Information Services (IIS) Manager, open ISAPI and CGI Restrictions properties of the web site, select ASP.NET v4.0.30319, and then click Allow.

NOTE: ISAPI and CGI Restrictions in IIS for ASP.NET 4 are not enabled by default so this step is also applicable in case if you have installed IIS before installing .NET Framework 4.

image

image

Might be that you need to restart the setup in order for the prerequisites to register properly Smile

Citrix Receiver and auth parameters

So with the latest version of Citrix Receiver you need to enter a URL with the prefix of https when setting up an connection.
For a lab environment you won’t normally have an certificate installed for the service, so then you need to change some keys in the registry to allow the receiver to connect via http

1. Navigate to HKEY_LOCAL_MACHINESOFTWARECitrixAuthManager (for 64-bit machines, navigate to HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixAuthManager)
2. Create a new String value called ConnectionSecurityMode.
3. Set the value to Any.
4. Navigate to HKEY_LOCAL_MACHINESOFTWARECitrixDazzle (for 64-bit machines, navigate to HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixDazzleB)
5. Modify the String value called AllowAddStore to A. same for Modify “AllowSavePwd” value to “a” This allows the receiver to store account password

NOTE: I Would never recommend these settings for a production environment!

You could also script this with the installer, you can see more info about it here –>
http://support.citrix.com/proddocs/topic/receiver-31a-windows/ica-configure-command-line.html

SCCM 2012 and High Availability

Short post!
What is important when planning your SCCM deployment ? Plan for High Availability! (among other things)
SCCM can span from a simple to a very complex solution And it can also be in a complex hierarchy as well. So it is important to know “where do I need to deploy multiple servers in order to have HA” in SCCM?

* ConfigMgr clients can use any of the available servers. If you have multiple Management Points the clients will try to contact one of them, if the one they try to contact is offline they will try the other one. If both servers are offline, the client will cache the data until a MP server is back up. Same goes for distribution points (If the content the client is looking for is located on that DP.
If a client fails to submit data, the site can generate an alert in the console.

* ConfigMgr Database use an SQL cluster for the primary site or at the CAS (IF you have one) Secondary sites does not support SQL clusters, to recover that you would need to reinstall the secondary site. You also do need to remember that you can setup a maintance task to take a backup of the ConfigMgr Site.

* ConfigMgr Sites you can use CAS(Central Administration site) with Primary child sites  (This can provide you with fault tolerance if you have an deployment that requires a CAS) But DO not deploy a CAS server if you aren’t sure that you need it.

* ConfMgr Roles you can install multiple instances of roles such as (management points and distribution points) to provide redundancy for the clients.  Remember that if you deploy multiple distribution points that if you want a client to failover to the other distribution points that the are within the boundary group.

* Active Directory if you are using AD publishing(and most are), remember that the client will query AD to find its MP and site, so remember that you will need multiple domain controllers (not only to load balance the queries but to provide HA) This goes for DNS as well, unless you are running another DNS server like bind.

* PKI ConfigMgr is very much reliant on certificates for securing traffic, remember that you should have 2 subordinate CA’s that can issue certificates.

Just some last notes, if you are using ConfigMgr you should have OpsMgr as well, use it to monitor your ConfigMgr, AD and ADCS solution!
There is a management pack available to monitor ConfigMgr within OpsMgr you can find it here –>
http://systemcenter.pinpoint.microsoft.com/en-US/applications/monitoring-pack-for-system-center-2012-configuration-manager-12884938509

NOTE: There are some roles that aren’t meant for HA, this includes:
Endpoint Protection Point
Site Server
Asset Intelligence synchronization point
Enrollment point & Enrollment point proxy
Fallback status point
Out of band service point

Virtual Machine Manager 2012 SP1 Beta Network Fabric

With the latest release of Beta of SP1, there is a lot of new functionality that needs to get tested Smile
VMM comes with some new and exciting features.

  • Improved Support for Network Virtualization
  • Extend the VMM console with Add-ins
  • Support for Windows Standards-Based Storage Management Service, thin provisioning of logical units and discovery of SAS storage
  • Ability to convert VHD to VHDX, use VHDX as base Operating System image

Requirements:
It requires Windows Server 2012, with ADK for Window 8 installed.

SP1 will also come with support for Windows Server 2012 and therefore it supports the Hyper-V extensible switch, so its allows for NDIS filter drivers (Known as extensions)
Diagram illustrating the synthetic device data paths with SR-IOV

So far I know of 3 vendors that are coming with their own extensions
Cisco, NEC and Broadcom.
So now we have a lot more options when defining our infrastructure fabric.
If you open the VMM console now you can see there is a lot more options to choose from.
Now if you compare the old VMM console to the new one you see the difference
(old)
image
(new)
image

So if you aren’t familiar with the network fabric in VMM im going to show you.
First of we have Logical Networks

Logical Network is a way of representing networks in your datacenter that have the same connectivity properties (DMZ, public network, Intranet , management). The Network Admin needs to tell SCVMM what VLAN ID belong to each Logical Network so the hosts can be configured to indicate the networks they are connected to. so for instance you could have a logical network for VLAN 791. Or you could add more network sites (For instance Oslo Backend is a Logical Network that has 2 Network sites attached to it VLAN 790, 791)

Mac Address Pools is just a pool of Mac addresses that will be automatic be generated for VM’s, VMM manages the pool so you wouldn’t end up with two identical MAC addresses.

Load Balancers lists up all the installed extensions for load balancers, by default NLB is installed as an extension you can also install one for other vendors such as Citrix or BIG-IP

VIP Templates here you defined load balancing templates (which port, monitor, load balancing methods) For instance you could use a HTTP monitor, which uses HTTP get to see if the web server is alive and you can use least connections as a LB method) Now if you have installed an lb extension VMM can automatically propagate this VIP template to the LB.

Switch Extension Managers here you will list up all the installed extensions for the extensible switch.

Logical Switches is a virtual switch, here you define properties such as extensions, SRV-IO, Uplink ports and Virtual Port profile.

Native Port Profiles consists of two profiles
         * Native Uplink Port Profile (Which is attached to a logical network) A native port profile for uplink adapters specifies the settings that must be available on any physical network adapter that the switch is connected to, such as the logical network definitions.
         * Virtual Adapter Profile (Which can be attached to a virtual machine or a host) A native port profile for virtual network adapters specifies the settings for the other ports in the switch that virtual machines are connected to, such as I/O bandwidth.

Port Classifications provide a global name for identifying different types of virtual network adapter port profiles

Gateways a network virtualization gateway provides access into and out of a VM network that uses network virtualization. A network virtualization gateway operates in one of the following modes:

  • Local network routing   The network virtualization gateway routes traffic directly between the VM network and a physical network in the data center.
  • Remote network routing   The network virtualization gateway first establishes a VPN connection to another endpoint of a site-to-site VPN and then routes traffic in to and out of the VM network through the VPN tunnel.


So how does this all add up ?

Lets start by defining a logical network (which consist of two network sites)

BACKEND

BACKEND – Oslo

  • Scoped to the Oslo host group
  • Associated subnet and VLAN: 10.0.0.0/24 VLAN 10

BACKEND – Oslo 2

  • Scoped to the Oslo 2 host group
  • Associated subnet and VLAN: 172.16.0.0/24 VLAN 11

Next we assign that Logical network to a physical network adapter on a host (or hosts)
Next we assign a logical switch to a host (or hosts) which has an Uplink Port Profile which will attach itself to a Logical Network.
But a picture says more then a thousand words so maybe it will be easier to understand Smile

(Not my best Visio but hopefully you understand Smile Here I have one Hyper-V host which is part of Host-group.
I have 2 Logical Switches ( Virtual Switches) which has each one uplink port profile for a VLAN.

image

Im going to create a new post for more complex architecture and when we add network virtualization to the mix.

Microsoft Assessment and Planning (MAP) Toolkit 7.0

For people that don’t know about MAP it is an free solution accelerator from Microsoft, it offers
an inventory and assessment of your infrastructure. You can download it for free from here –>
http://technet.microsoft.com/en-us/solutionaccelerators/dd537566.aspx
You can use this data to see if you meet the requirements(software wise and hardware)  needed to migrate, to for instance Windows 8. And you can generate reports based on the data it collects. And as part of the installation it installed MSSQL Express where it stores its data.
So as you can see on this list, there is a lot of products it can inventory and assess
image

NOTE:  IF you for instance run the Windows 8 Readiness assessment the results you get a based on what Microsoft considers to be a requirement, I ran this assessment on my laptop which is actually running Windows 8 and according to MAP it wasn’t Windows 8 ready and if you choose generate report, if will give you a more detailed info regarding WHY

image

But in my case it was only because I was low on disk space Smile

image

But we can also discover how many users we have in the domain, how many Lync & Exchange users we have (and what roles we have installed )
So we can start the inventory wizard we can choose what kind of products we have in our environment, ( in my case I have AD, Windows Computers and SQL servers.)

image

image

Next we choose how we want MAP to discover these services within our infrastructure, I’m going to choose AD DS, next we enter a credential for the user

image

Click next and next
Now we have to enter a user that has access to the different services, for instance if you have a client administrator account you would enter that with WMI access and you typically have another one for SQL access in my case I have it easy with 1 user Smile
image

You can also specify credential order in case you have more then one account that can access for instance SQL service, (so if account 1 can’t access that service, MAP will use account 2)
After that click finish, and MAP will start discover. This will fetch Software information from the clients as well so it might take some time for it to finish.
And remember that you have to have open from WMI in the firewall if you want MAP to be able to connect.

Now for instance I get a nice view of what kind of servers I have in my infrastructure –>
image

And if you go to the Active Directory pane you can see how many active users you have in the domain
image
So it makes licensing a lot easier to see how many CAL licenses you need.
And how many for instance Exchange users you have and how many Exchange licenses you need.

Microsoft Message Analyzer

Microsoft did today actually release a beta of the new Message Analyzer.
This is actually the new Network Monitor, so its build up from scratch and includes more features.
image

As you can see it no longer primarily focused on network monitoring, but actually analyze everything!
From USB connection, RPC, LAN, WLAN, SMB shares and you have the same options to do filters as you did in Netmon.
And you can of course open pcap files and do analyzing afterwards.
NOTE: I had some issue with this release, it was consuming extremely amount of ram. Now this was happening when I was monitoring my WLAN on my laptop.
image

When you see the packets, Message Analyzer will also give analysis of errors that happen. And you can filter based on these events.
image

It can also create a dashboard view of what kind of protocols where used,

image

And you can download it from http://connect.microsoft.com and sign up for the beta.
http://t.co/PZXH5WDk

Windows Server 2012 Hyper-v And Vsphere 5.1

A lot of fuzz is going on regarding virtualization these days, and the primary topic is Hyper-V vs VMware vSphere.
And of course there going to be some arguments regarding which one is better, and which of them has the more features and who is the most enterprise ready so on and so forth.
Just last week VMware released version 5.1 of vSphere which included some new functionality and improvements in  scalability, and Windows Server 2012 was released the 4th of September. So therefore like many before me I’m going to compare the two of them. I have read many blogs lately where people claim that one of the products are better then the other, and a lot of them compare features in the wrong way (For instance if Product 1 has feature 1 and Product 2 has feature 2 even thou they do the same the use different names and therefore aren’t compared). I’m not here to write down a conclusion of which one is better, I’m just going to lay down the facts so you can decide what you think is the better option.  And I’m not going to debate vCenter and System Center comparison, because that is another different story Smile

Windows and virtualization:
Microsoft first came out with its hyper-v virtualization platform in 2008 (With Windows Server 2008) Before that Microsoft has a product which was named Virtual Server, many people claim that Microsoft is pretty fresh in the server virtualization marked but actually Microsoft has been in the marked since 2004 (When the first release of Virtual Server was released) But was again later superseded by Hyper-V. Now the latest version of Hyper is called V 3.0 comes with Windows Server 2012.
You also have the free version of Hyper-V which is called Hyper-V server 2012. http://www.microsoft.com/en-us/server-cloud/hyper-v-server/ (This product only contains the hypervisor, Windows Server driver model, virtualization capabilities, and supporting components such as failover clustering but does not contain the rest of the features and roles in Windows Server. Therefore you get a small footprint on the host. But other then that the versions of Server 2012 that contains Hyper-V is Windows Server 2012 Standard and Windows Server 2012 Datacenter.
The difference licensing between the two is the following.

Standard edition = allows you to run 2 virtual machines $882 for a 2 physical CPU server
Datacenter edition = allows you to run unlimited virtual machines $4,809 for a 2 physical CPU server

Some examples;
1 server: 2 CPU and 4 virtual machines = You could either have 2 standard edition licenses or 1 datacenter edition license
1 server: 6 CPU and 8 virtual machines= You could either have 4 standard edition licensers or 3 datacenter edition licenses.
And in both scenarios you wouldn’t need a license for the VM because the license is for physical hosts!

In Windows Server 2012 Hyper-V 3.0 Windows has the following workloads and the following features.

Host max
Logical processors on hardware 320
Physical memory  4 TB
Virtual processors per host 2,048

Virtual machine max
Virtual processors per virtual machine 64
Memory per virtual machine  1 TB
Active virtual machines per server 1,024

Cluster max
Nodes 64
Virtual machines 8,000

Network
Quality of Service (QoS)
SR-IOV
Network Virtualization (Using GRE or IP rewrite) Link to the IEEE draft =
http://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-00
PVLAN support
Dynamic Virtual Machine Queue (D-VMQ) (allows the host’s network adapter to pass DMA packets directly into individual virtual machine memory stacks)
Receive Side Scaling (RSS spreads monitoring interrupts over multiple processors, so a single processor isn’t required to handle all I/O interrupts,)
Receive Segment Coalescing (RSC improves the scalability of the servers by reducing the overhead for processing a large amount of network I/O traffic.)
DHCP Guard (DHCP guard drops server messages from unauthorized virtual machines that are acting as DHCP servers.)
Router Guard (Router guard drops router advertisement and redirection messages from unauthorized virtual machines that are acting as routers.)
Port mirroring (not promiscuous mode, does a forward of all the packet to a VM to another destination)
Virtual Port ACLs
Trunk mode using 802.1q
IPsec Task offload
Integrated Network Adapter Teaming
Hyper-V Extensible Switch
Data Center Bridging (DCB)
Resource metering (Measure usage of CPU, Memory, Network and disk for a virtual machine)
NIC Teaming (Allows for LACP in the native OS, before this needed to be done by a third party product like Broadcom)

Management
PowerShell
SCVMM 2012 SP1 (You can use CTP release for Windows Server 2012 but official support comes with Service Pack 1 which is in Beta now)
Server Manager
Cluster Manager
Hyper-V Manager
Cluster Aware updating
IPAM

Storage
New Virtual Disk format (VHDX supports up to 64 TB Virtual Disks)
Offloaded Data Transfer – ODX (Is a feature of a SAN, allows the file transfer/copying between hosts on the SAN to be done by the SAN instead of the regular network transfer)
Live merging of VHDs and Snapshots
RDMA (IS a direct memory access from the memory of one computer into another without involving either’s OS.
SMB 3.0 (Allows to use regular network fileservers instead of expensive SAN solution)
Native 4 KB sector disks support (But for compability sake it allows for an 512-byte emulation called 512e )
Data De-duplication
Virtual Fibre Channel inside the Virtual Machines
VM boot from SAN
Storage Spaces (Software like RAID solution)
New File system ReFS (Luckily most of the system filters which a written for NTFS will work for ReFS, and it has improvements to resilience, reliability)
Bitlocker on CSV (Allows you to encrypt an CSV volume)
SMI-S (Is a storage standard by the SNIA which allows for management functions via HTTP)
Encrypt VHD files with Bitlocker Network Boot(Gives you an ability to encrypt an VHD file, so if it reboot it will contact a wds server and get the decryption keys and continue to boot)

Migration
Improved Live Migration
Unlimited Simultaneous live migrations
Live Storage Migration
Shared-Nothing Live Migration
Hyper-V Replica
Failover Prioritization

VMware and virtualization:
VMware started its life with VMware workstation which was released in 1999 (Yes its really that old!) And has since then been living on virtualization technology, the first release of vSphere came in 2001. They have also created an VDI product called VMware View, and in 2010 they acquired the open-source groupware solution Zimbra from Yahoo.  So they are expanding their horizon when relating to software products but their primary focus has always been virtualization. Now last week (
VMware released their newest version of vSphere, version 5.1 http://www.vmware.com/files/pdf/products/vsphere/vmware-what-is-new-vsphere51.pdf and VMware has also just recently killed of the vRAM memory tax, in order to compete with Windows.

VMware pricing and editions:

VMware vSphere 5.1 is licensed on a per- physical processor basis

Standard edition = $1144 (Is a bit more stripped version of the hypervisor)
Enterprise edition = $3308 (Is also a bit stripped version of the full version)
Enterprise plus edition = $4024 (Contains all of the features and has the full workload)
NOTE:These prices are fetched from VMware’s site which is usually listed as EURO not US$

Some examples;
1 Server = 1 CPU 4 Virtual Machines (IF you want all the features you need 1 Enterprise plus licenses)
1 Server = 2 CPU 4 Virtual Machines (IF you want all the features you need 2 Enterprise plus licenses)
So in both cases you would need a WS2012 Datacenter License in addition to the Vmware license (IF you wish to use Windows Server 2012 VM’s on that host)

VMware and vSphere 5.1 has the following workloads and the following features.(Enterprice plus edition)

Host max
Logical processors on hardware 256
Physical memory  2TB
Virtual CPU per host 2,048


Virtual machine max

Virtual processors per virtual machine 64
Memory per virtual machine  1 TB
Active virtual machines per server 1,024

Network
Netflow 10 (IPFIX)
Port Mirroring (RSPAN and ERSPAN)
LLDP
QOS (Network I/O)
SRV-IO
VXLAN
PVLAN
DCB (Data Center Bridging) refers to a set of enhancements to Ethernet local area networks for use in data center environments.
Receive Side Scaling (RSS spreads monitoring interrupts over multiple processors, so a single processor isn’t required to handle all I/O interrupts,)
TCP Segment Offload
Distributed Virtual Switch
LACP (Link Aggregation Control Protocol)

Management
vSphere webclient
Powershell via PowerCLI
vCenter
vCloud
SCVMM (Eventually will come with support, with SP1 you have support for up to vSphere 5.0)

Storage
vMotion enchancements ( similar to shared-nothing live migration)
Boot from Software FCoE
16Gb HBA Support
iSCSI jumbo frames
SSD Monitoring
VMFS-5 enchancements

So there is  a lot happening in both camps nowadays.
For higher workloads Windows seems to be the good option ,and you don’t think that anyone is actually going to max out those numbers? I’ve actually spoken to a service provider in the US which was a bit annoyed with the max VM per cluster since each server can hold 1,024 virtual machines and in a cluster with 32 nodes you can “only” have 4,000 virtual machines.  But another question, how is the performance ? There is no use having a 150HK engine if another car with 110HK can go right past you.
VMware actually has a performance document stating that each VM was performing about 18,9% on VMware 5. (This document is 2008R2 Hyper-v vs. VMware) http://www.vmware.com/files/pdf/products/vsphere/VMware-vSphere-vs-Hyper-V.pdf
Again this is for the old version, it is going to be interesting too see how the performance is going to impact with WS2012.

Microsoft is working hard these days with SP1 for System Center, since for enterprise deployment you are going to need SCVMM (Since full support for Server 2012 comes with SP1). VMware already has the management solution for its new hypervisor available so Microsoft better hurry up Smile
And Microsoft is also working with Service Provider foundation. For hosters that wish to deliver IaaS this is going to be big news! V1 of this is going to be avaliable with SP1 for System Center, if you don’t want to use this
Citrix has a Control Panel solution which integrates to SCVMM to deliver IaaS, Paas & SaaS called Cloudportal Services Manager (which does not use the Service Provieder Foundation API)
ExtendASP which also is a control panel solution for hosters have full support for Windows Server 2012, so it allows for hosters to easy deploy solutions for their customers.
VMware already has their IaaS solution in place with vCloud director so its going to be interesting to see how they compete in functionality and features.

Links:
(VMware comparison set of Hyper-V VS VMware) http://www.vmware.com/files/pdf/getthefacts/vmw-vSphere-5-vs-Hyper-V-3-Beta.pdf
(Microsoft comparison set of Hyper-V VS VMware)http://download.microsoft.com/download/5/A/0/5A0AAE2E-EB20-4E20-829D-131A768717D2/Competitive%20Advantages%20of%20Windows%20Server%202012%20RC%20Hyper-V%20over%20VMware%20vSphere%205%200%20V1%200.pdf
Vmware vSphere 5.1 http://www.vmware.com/pdf/vsphere5/r51/vsphere-51-configuration-maximums.pdf
What’s new in vSphere 5.1 Networking http://blogs.vmware.com/vsphere/2012/09/whats-new-in-vsphere-5-1-networking.html
What’s new in vsPhere 5.1 Storage http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Storage-Technical-Whitepaper.pdf
http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Performance-Technical-Whitepaper.pdf

Now this post is still in the making since there are still a lot of new facts and updates that appear each week.

Changes to Forefront Product

Today Microsoft released the following news,

The following Forefront products are being discontinued

◦Forefront Protection 2010 for Exchange Server (FPE)
◦Forefront Protection 2010 for SharePoint (FPSP)
◦Forefront Security for Office Communications Server (FSOCS)
◦Forefront Threat Management Gateway 2010 (TMG)
◦Forefront Threat Management Gateway Web Protection Services (TMG WPS)

You can read more about it here –> http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx