Monthly Archives: April 2014

VMCE study guide

Now for those working with Veeam, a hot topic these days is the VMCE (Veeam Certified Engineer) certification. In order to take this exam you first need to attend a 3-day technical course which covers the syllabus, then you are allowed to take the exam.

The exam consists of 50 random questions which are multiple choice, and you need 70% to pass the exam.

Now as an Veeam instructor I get questions regarding where can I find more info about the different subjects and a bit more regarding best practice regarding each subject ?

Therefore I created this study guide which consists of links to each module in the syllabus. First of you need to take the course, get yourself familiarized with the GUI and where options are stored in the GUI. Know the different components, where they can be placed and how traffic flows between the different components and look at some sample scenarios for instance which are listed in the evaluators guide.

Sample guides:
Support for Hypervisors:

Best-practice for backup and replication deployment:

Best-practice for HP storage and Veeam:

Evaluators guide for VMware:


Backup Methods

Changed Block Tracking (CBT)

Compression and Deduplication

Retention Policy

Auto Discovery of Backup and Virtual Infrastructure

Business Categorization

Pre-Defined Alerting

Agentless data gathering

Hyper-V specific features

Veeam One Deployment

Deployment Scenarios

Upgrading Veeam Backup & Replication

Adding Servers

Adding a VMware Backup Proxy

Adding a Hyper-V Offhost Backup Proxy

Adding Backup Repositories

Performing Configuration Backup and Restore

Creating Backup Jobs

Creating VM Copy Jobs

Instant VM Recovery

Insight into Replication

Insight into Failover

Insight into Failback

SureBackup Recovery Verification


Restoring Microsoft Exchange and SharePoint objects

Working with Veeam Backup & Replication Utilities

3-2-1 rule

Working with Tape Media

Wan Accelerator

Offsite Backup Copy Job

Delegate file and VM restores with Veeam Backup Enterprise Manager

Veeam Backup Enterprise Manager RESTful API

HP StoreVirtual VSA

Product Editions Comparison

Load balancing RDS gateway 2012 R2 with Netscaler

With 2012 R2 and RDS Microsoft has gotten better at devilering remote terminal server sessions. And since the cost of RDS is quite low compared to other platforms such as Vmware or Citrix.

RDS Gateway is a feature which allow us to tunnel RDP traffic inside HTTP packets or HTTPS to be exact and it can be used as an gateway to other servers, which makes it a suitble server to place in the DMZ.

Borrowed from technet:

The problem with is that you do not have any high-availability functions on it, whcih makes it a bit hazzle to setup in a larger deployment. Sure we can use a farm but this is not a fully highly availble solution

With server 2012, Microsoft also added the use of UDP protocol to deliver the graphical while TCP is more used to maintain a session and control actions and such. It is also possible to disable UDP but you get a more sluggish experience.

Connection when UDP is enabled


So basically a RDS Gateway in 2012 R2 is a service which responds to TCP HTTPS (443) and UDP (3391)
Now how could this look like with a Netscaler in front, used to load balace between different RDS gateway servers ?

NOTE: This guide is going to assume that we are going to load balance 443 and 3391.
First we need to go into the Netscaler and add the different back-end servers which run the RDS gateway feature.


Next we need to attach a service to the back-end servers. Now since the RDS Gateway feature uses more then one port (and services in Netscaler is typically 1 Protocol 1 Port binding) we need to use the ANY protocol and we need to enther * in the port field. (We are going to use ACLs later to lock down the system) since this in general means that Netscaler will load balace any protocol and all ports.


Now we can use a https monitor against the backend servers since https:443 is used to establish the connection. The problem is that since we entered * in the port field the built-in https monitor will fail since it does not know which port to prope. Therefore you should create a custom https monitor where you enter the specific port nr 443.


Which then again should be bound to the service. After you have created a service for each backend server (or service group) we need to create a load balanced service which is bound to Protocol ANY and Port ANY


Now the ANY protocol acts like a bridge so you do not need to put any certificates on this vServer but use it as an regular extension on the all-ready in place deployment Smilefjes

After you have created the service remember that you need to put ACLs in place for UDP 3391 and TCP 443 since the Netscaler will now by default load balance any requests to any back-end servers.

Also you should use persistency based upon how long you want the user to be able to use the same session on the gateway.

Customizing Web portal for Dell vWorkspace

In all cases when you are having planned downtime or doing maintance work to a service you want to be able to inform all potential users that they are aware of the downtime. vWorkspace has an excellent way to easily change the content and implement different banners directly into the web portal.

So to look a bit back to my previous post 

So for instance if we were to add a custom banner on the vWorkspace web access portal. Go into the management console, web access and choose the web site.


Right-click on it and choose Properties. From here we get a menu list where we can do tons of changes directly. From here we can for instance integrate it with a secure gateway solution or custom rules for how the web portal should provision connection files (For instance if it is behind a firewall)


We also have the option to define mutliple AD domains so that a user can choose when they login, and SSO using Kerberos and or two-factor using RADIUS.

Now the setting we are interested in is under Messages section. Here we can enter what text we want shown out to the users in different scenarioes. And we have something called the Message Center which is not shown by default.


So by entereing information here and crossing of for “Show the message center” and choose OK. Then choose update website


After the website is then updated we can reopen the browser to the web site and see the message box.


Now if I am not happy with the layout of the web site or want to customize it with my own company logo or something else. I can also easily do this from the same menu under themes.

I can change logo / color / theme directly from this menu


Now even thou I can define configuration here I can also define it manually using XML. When I do a change to the web access site it does the configuration changes in a file called websettings.xml

Which is stored under C:inetpubwwwrootnameofwebsiteConfig. The file is pure XML but as the variables are easy to interpet.


For instance if we wanted to script a message center, we can change the <ShowMessageCenter>false</ShowMessageCenter> to true instead. And change the <InfoMessage> tag as well.

Netscaler command center 5.2 beta

I was just acccepted into the Netscaler command beta and already took it for a test drive. So for those who are not familier with Commad Center it is a product from Citrix which allows for easy management / monitoring of Netscaler products (including Netscaler VPX/MPX/SDX and Netscaler gateway and cloudbridge products.

The product is not like Insight or Netscaler which runs as an virtual appliance, this is a java based software which needs to run on top of Windows Server (It does not support yet) and it stores data in a mySQL database.

Now im not going to show the setup, but how the admin console looks like (Since the setup is really straight forward)
The admin GUI is available using https://ip:8443 (using the default ports) and username root and password public


After login I am shown an overview pane which shows the status of the devices which I have added to the Command Center


Now before I show how to add a device, there is some cool stuff here which is quite useful and that is configuration part here!

Now i can schedule a software update to automatically stop a ha node and change node and do update, reboot and then change the node. I can do certificate management and have a central repostiory I can also do deployment automation


Now adding a device here is quite simple, choose Citrix Network –> Add Device. Firstly you need to create a device profile which contains user credentials and SNMP info


And for what product you are going to use these credentials against. It will then do a discovery using NITRO API and SNMP against the device/s. After that I can see that the device is showing as operational. If I click on the name here it will automatically connect to the device using the management IP.


So if I now do a change on a device which is added to the Command Center it will show SNMP traps for every change that I do.


Now if I go into the monitoring pane, it will list out all services which are setup on a device. Both regular load balanced services and Netscaler gateways. image

I can also setup integration with an SMTP server to allow command center to send out alerts on email if a critical event has happend.

So if you have more then two Netscaler nodes I suggest implementing Command Center since it allows for ease of management and reporting. One issue I still have with it is that it does not support Windows Server 2012 but this is still beta 2 and im guessing it will show up later on.

Introduction to Dell vWorkspace

Lately there has been alot of fuzz regarding Vmware and their release with Horizon 6 suite with terminal server based solution, and if we rewind one month back in time we also have the latest XenDesktop release from Citrix which contains Hybrid cloud provisioning features.

Now both Citrix and VMware are both good options and of course Microsoft themselves are becoming more focused regarding delivering apps and desktops to users, with the latest release and with of course remote clients for Apple and Android.

There is also other products within this segment, one of them which I find interesting in particular is Dell vWorkspace.

vWorkspace is part of the formerly known Quest Software portfolio which is now part of Dell. vWorkspace has much of the same features such as any other VDI/RDSH product but it has some interesting features as well, such as

* Support for Linux VMs
* EOP protocol (Which is built on-top of RDP like HDX/ICA is on Citrix)
* Supports vSphere, SCVMM, Paralells

ill get more into the different features in a bit. As I thought I would go trough a basic deployment of vWorkspace just to show the difference between some of the different products. Now the latest version of vWorkspace is version 8 MR 1 (Which has support for 2012 R2 and Windows 8.1)

vWorkspace can be downloaded from Dell here –>


Now when installing vWorkspace we have to different setup options


If we choose advanced we have the option to choose what roles a server should have installed.


NOTE: If you want to installed the RD session host role (You need to have it installed the windows feature RDSH first) If we choose Web Access Role as well we need to enter a site name (Which will be the IIS path)


Also the setup requires a database where the configuration will be stored, luckily it has the option to install a SQL express edition


Now important to note that vWorkspace uses sa user to connect to SQL database, and therefore remember what username and password you use here


(NOTE when pressing next here it will take some time before the install continues since it is silently installing SQL)

Now other then that, the installation took like 1 min and the architecture is quite flexible since I can choose what roles a server should have.

First of after a quick reboot and starting the management console we are presented with a licensing pop-up


After we have entered a license or just clicked next we are presented with a quick wizard guide which shows us some options we have to provision desktops


If we close this we get to the main console which gives us an overview of the solution


I can go down into single objects and see session hosts, connected users, processes directly from the console


I also have the option to provision a group of new hosts directly from the console. Now first we can do is add the previosly created website to the solution by going down into web access.

Choose Action –> New website and choose import (If you have installed the web access role on the same server type in localhost and choose OK, the wizard will get all locally installed web access sites then choose validate.

Then you will get a wizard which allows you to configure the website behaviour( default apps, and so on)

Now in my case I can now connect to the website using my regular Windows client.
NOTE: I added a default domain using the web access wizard ( I can also add other domains which makes it easy for users to choose what domain they come from)


Now since I haven’t added a application or desktop yet I will get the following error mssage when connecting to the site


So let us publish a full desktop connection to my one session host

Choose applications in the console and press the plus sign.


Again we get a wizard which shows the options



So after we have finished the wizard and published the application we can head back to the client and try entering again.

And now we get the desktop icon and if we go into the downloads pane we get the option to download the vWorkspace connector


Now by clicking on the application will either download a *.pit file (If using Chrome) and with Internet Explorer it will automatic start the application (since it contains a quick url plugin)

Now when we have an active connection we can see that is uses the regular RDP port 3389

vWorkspace also has an quick tray plugin which allows to see active connections to a farm. (Which is shown in the screenshot above)

Now we have done a basic setup using vWorkspace. Some notes herethou.

* The web access site is quite customizable (from within the management console) and react quite snappy!

* There are connectors for mobile devices as well

* vWorkspace is equipped with EoP which has redirection features such as Print, USB, media and so on.

* It has profile customization and application delivery using App-V and MSI

* You can integrate it with Foglight monitoring for desktops

Now Dell vWorkspace for Linux connector supports

Rhel 5.9 and 6.4

CentOS 5.9 and 6.4

Ubuntu 12.04 and 13.04

and with support for Hyper-V and it can make a very benefical VDI solution as well. For instance if you are using Hyper-V server (Which is free when you are running non-windows virtual machines) you can use vWorkspace to provision Linux virtual machines for no-cost.

my 2 cents as of now Smilefjes

Tranferring ICA Proxy Sessions Between Devices

Short post!
So this is a new feature which popped up in the previous enhancement builds to Netscaler Gateway Enhancement Build 123.1100.e
It it also available in Netscaler VPX since it is the same build and everything.

The feature is ICA Proxy Session Migration which allow us to migrate sessions between users. For instance if a user has an active ICA connection from his computer and forgets to log out and then starts a new connection from his home laptop or iPad, Netscaler would then migrate the existing ICA session to that user.

This feature can be found under Netscaler Gateway vServer


So this only works if the vServer is set to basic mode, and will not function if the vServer is set in SmartAccess mode (even thou you do not get any error message if you do the switch.
You can of course do this switch in the CLI as well.

set vpn vserver x.x.x.x -icaProxySessionMigration ON

I can also mention that the 10.5 Netscaler beta is available from citrix to download (This requires special access since this in a locked beta at the moment.

Netscaler news and codename Tagma and Integration with Nexus Fabric

Today I got a news from a birdie about a new Netscaler release which is coming that has the codename Tagma. The new build which is coming that has loads of different new features and the Java GUI is almost dead.

The rumor is that Beta 1 of the release is coming soon… Im guessing Synergy release.

Another news is that Citrix and Cisco’s partnership has gone to the next level, with integration of the Netscaler in the Cisco Nexus Fabric. (This makes the CCNA Data Center certification even more relevant!)

The integration gives numerous benefits such as easier setup, reduced downtime because of dynamic route updates, and with the integration of RISE gives better visibility into the datacenter by elimnating the need to hide source IP addresses through full proxy ADC services.

You can read more about it here –>

and when I know more about the Tagma release I will let you know! Smilefjes

Azure vs On-premise solution and Amazon EC2

note that this is an old post which I have updated to reflect the new prices from Azure and Amazon.

Have several customers come to me in the last couple of months asking me “How can Azure be more affordable then an on-premise solution?” “I mean a virtual machine in Azure costs more then I can run in our datacenter”. So I have always said back to the customer “have you thought about the SAN? The Power Usage ? Internet Connection? Hardware failure? Licensing ? Rental of datacenter etc and so on ? I also see alot of forums posts regarding the same thing, so therefore I thought I would write a post how to do a price comparison with an on-premise solution and running IaaS on Azure.

Now in my research I had to set some prerequisites.

* A new company that needs to setup a datacenter start with renting some rack space at a colocation center.
* The pricing has been based upon some norwegian company prices.
* This new company needs to setup a new IaaS based solution based upon Hyper-V and failover clustering
* This new company is basing their hardware on Dell hardware (both virtualization hosts and networking and storage) With the regular support of 3 years. So in the extreme cases they would need to replace their hardware every 3 years.
* The company will also need a good internet access to this private cloud for the end-users running applications against it.
* The operating system mostly used will be Windows Server 2012 (Therefore im going to base it on Windows 2012 Datacenter Server)
* One person will have to be in-charge of the hardware part-time or this can be out-sourced to the colocation company.
* The datacenter needs to have good physical security measures inplace. So let us start with Azure. The pricing here is based upon the calculator and since this is a company that knows how many vm we need we will setup a pre-paid 12 month plan.

Lets start with something small. Our company has to host some applications on a web servere running on 20 different servers these will be running on a medium VM in Azure (a medium VM consists of 2 shared cores and 3,5 GB of RAM. (Total of 40 shared cores and 70 GB of RAM) You can read more about the different options here –>  (This makes up to $2,678.40 a month) And inside that number there are a couple of factors that are included. This makes up to $32140 a year for 20 Virtual machines running non stop in Azure.

UPDATE: 01/04/2014 Since Microsoft has reduced the cost on VM since last time this article was updated the price has now been lowered for from 32140$ to 20184$ a year for 20 VMs running non-stop. 

* All the hardware is managed by Microsoft (This means UPS, Power, networking, storage, )
* Phyiscal Security is controlled by Microsoft * Internet Access is included
* The Windows Server 2012 license and CALs are included as part of the pay-per-hour fee.
* Highly-available (The data is being replicated three times inside the same datacenter and Azure hold controll of VM’s being available) So how much would this cost on-premise for a company ?
* Renting rack space for instance in my case I found a colocation company that has the ability to offer colocation So lets say I wanted to reck an entire rack (that would cost me around 1137$ a month this gives me UPS, physical security, own internet access to the rack but not including power. (so for the rack renting space would be $1137. Hardware (I would atleast need 2 physical servers setup with a failover cluster and .

The cluster would be setup with an iSCSI based SAN solution. Now for some Dell Servers R720 (With both 40 GB of ram and 2x Intel Xeon with 8 cores each costs about $6000 each (which then includes 3 year support) so for two servers that’s 12000$ for one year. As for the SAN I cannot get any prices from Dell since I need to be a dell partner to get that I can only estimate around  $4000 there as well, since iSCSI runs over regular ethernet I need a managed switch where I can configure VLANs so I found a managed gigabit switch from Dell which costs around 1500$ so in total for the hardware (not including cables etc) is around $8000 + $4000 + $1500 = $17500 for one year.

(NOTE: that this cost can be divided by 3 since the support lasts for 3 years and there will be no more investments in hardware in that timeframe) And for the power I have found that the regular kw/hour is around 0,05$ here in Norway (In June) so for the Dell R710 under heavy load uses about 258 Watts/hour and the switch uses 30 watt under load. 546W and if this infrastrucure runs 24/7 this equals to 13KWh a day (so for one year) which is a total of 365 days in a year) with 13 KWh we get around $237 for the Power Usage. (When it is under full load of course) source: * Software costs for licensing. (In this case since we have 20 virtual machines running in a cluster we could either use 10 standard licenses or two datacenter licenses. Now I have to use standard licenses from OPEN lisenses Now a datacenter 2 Proc license costs $4,810.00 w/o SA. So in case we would need 2 licenses (one for each host) so that totals of $9620 (Now when a new release comes out I would need to buy the new license or I can buy a license with SA then I would get the new release)

UPDATE: 01/04/14 Since Microsoft has raised the price for Windows Server 2012 R2 the Datacenter lisense goes up from $4810 to $6156 w/o SA User CALs are the same so they do not require an update. Totalt in licses for three years $15712

 And this software that the buisness i running requires users to authenticate to AD (Which requires CALs) Im going with user CAls (they cost around $34 each) so for 100 users they come to $3400 as well. So licenses in total = $13020 Now one part missing and that is that we need someone to manage this infrastructure (Both hardware, hypervisor level and the failover cluster) Since this is just a small installation im guessing we need a regular employee doing this 10% of his full time job. Im taking a regular year salary from the norwegian market. So for an IT consultant they get an average of $71178 a year so for 10% that equals to $7117 a year. So in total over a total over 3 years (With an on-premise solution) * Renting rack space, network connection externally, physical location, fire guard etc) $1137 a month (13644 for one year) 40932 for three years. * Power Usage $237 a year ($711 for three years) * Hardware $17500 for three years * Licenses $13020 for three years * Man hours $7117 a year (21351 for three years)

Total: $96206 for three years for an on-premise solution. For Azure Total for three years: $60552 Update: 01/04/14 This makes out a difference of 35654$ Another factor to think about here is that if you are academic or educational you get the license cost reduced for about 90% but still Azure would be a cheaper option.

 Now some factors I did not consider.

* Azure replicates data three times inside the same datacenter to ensure High-availability, this is not included in the on-premise solution I used (Which would make the on-premise solution alot more expensive, either by having a cold-rack server with replicated VMs)
* Azure includes VPN solutions which I can setup either Site-to-site or Point-to-site this would require me to buy a hardware based VPN solution or use a windows server as an VPN server and require a public IP-address and require firewall configuration on the on-premise solution
* The pricing used for the SAN is not really accurate (Would really much like to get some input here! Smilefjes )
* Licensing OS (The calculations I based it upon are on OPEN and there are some discounts and rebate offerings im not aware of. For instance SPLA and EDU have a bigger discount programs and get therefore lower licensing costs. (EDU can subtract around 70% of the license cost)
* Azure gives a better IOPS pr / virtual machine then the on-premise solution based on the SAN we choose. (Therefore better end-user experience)
* Azure can also offer a load balancing capabilities
* On-premise solution requires additional man-power to start up (setting up and deploying servers, installing hypervisor and patching etc) start-up cost
* The ability to scale up on demand is easy just to click of a button on Azure. In case you no don’t need 20 virtual machines running you can just stop the machines and you will no longer be charged for them.
* In your on-premise datacenter you might still have enough capaticy to have more multiple machines then 20 (and you have already covered the cost of them) but in Azure you will need to pay for each extra machine. *
* Both options would need someone to manage AD, IIS and backend solutions. So even thou there is about 20.000$ difference in the case I just described, Azure will ultimately give you a easier and cheaper deployment. Azure also has advanced capabilities, like replication, HA, LB and VPN which always cost extra to implement on-prem.

But I would really like your feedback on this article, anything I’ve missed ?

UPDATE: I also did a comparison between Azure and Amazon EC2 instances as well to see if there was a major difference between the two. I did a comparison between Windows Virtual Machines.

Amazon EC2 instance m3.medium 1 virtual core 3 GHZ, 3,7 GB RAM SSD 1x 4 Where we are running 20 instances fulltime.
Azure Medium Virtual Machines which as 2 x 1,6 GHZ, 3,5 GB of RAM Where we are running 20 instances fulltime

The calculation looks like this. For Windows virtual machines.
 Azure: 20256$ (Both includes 100GB bandwidth)
Amazon: 25836$ (Both includes 100GB bandwidth)

 The calculation for Linux virtual machines.
Azure:  13488$
Amazon: 15012$

 NOTE: that in Azure I choose a 12 month pre-paid plan and therefore got a good rebate. This was not an option that I found in the Amazon Price calculator.

Microsoft Virtual Machine Converter 2.0

So this is such a great update I have to blog about it, I have been in many projects involving migrating from VMware to Hyper-V and there of course many options to choose from there. Alas Microsoft had its own Virtual Machine Converter but didn’t have support for the latest version.

Microsoft today released a new version of Virtual MAchine Converter which contains the following updates:

With the release today, you will be able to access many updated features including:

  • Added support for vCenter & ESX(i) 5.5
  • VMware virtual hardware version 4 – 10 support
  • Linux Guest OS migration support including CentOS, Debian, Oracle, Red Hat Enterprise, SuSE enterprise and Ubuntu.

We have also added two great new features:

  • On-Premises VM to Azure VM conversion: You can now migrate your VMware virtual machines straight to Azure. Ease your migration process and take advantage of Microsoft’s cloud infrastructure with a simple wizard driven experience.
  • PowerShell interface for scripting and automation support: Automate your migration via workflow tools including System Center Orchestrator and more. Hook MVMC 2.0 into greater processes including candidate identification and migration activities.


So alot of great new features which should make it even easier to convert Virtual Machines. Also another important factor here is this.

At this time, we are also announcing the expected availability of MVMC 3.0 in fall of 2014. In that release we will be providing physical to virtual (P2V) machine conversion for supported versions of Windows.

Since Microsoft removed this option from SCVMM in R2 release its great that it is coming back. You can download the tool from here –>