Aidan Finn

I’m happy enough now with our W2008 R2 Hyper-V cluster that I’m putting it into production tomorrow night.  We’ll be migrating some of our production machines from the old W2008 cluster to the new cluster.  Today I deployed OpsMgr agents onto the hosts and did some more testing.

OpsMgr and VMM don’t synchronise their maintenance modes.  I submitted feedback suggesting that this would be good.  I also noticed that even if both System Center products had a node in maintenance mode, the VMM management pack would alert when that node rebooted.  Ouch.  That’s a bit painful.  I also submitted feedback on that.

So far, I haven’t had any problems with CSV or Live Migration.  Everything has worked fine.  One tip I’ve picked up on is to set a static MAC on Linux guests.  SUSE 10 SP2 binds the IP configuration to the MAC address and a change due to any sort of VMM/Hyper-V migration can screw it up – I’ve seen this with an export/import.

So 11PM tomorrow, the first production machine moves over, followed by the second at midnight.  Hopefully there won’t be any calls on Saturday morning!

Last year I blogged about this.  I had difficulties getting this working so I fired a question to MS on the subject.  For any MS person reading, the case number was case#SRX081210600013.  The PSS engineer said this was not possible.  I would have to continue the time and space consuming process of copying the ISO files over.  That sucked.

I’d since read on one of the MS blogs that sharing an ISO or DVD image over the network from Virtual Machine Manager was actually possible.  The required configuration was blogged by Jose Barreto.  What you need to do is edit the properties of the AD computer account object of every Hyper-V server managed by VMM.  Edit the delegation and configure constrained delegation.  Add the names of the VMM library server(s) and add them with the CIFS (file sharing) protocol.  To be save I did a reboot of the hosts (live migration rocks!).

I finally had an opportunity to deploy this configuration.  I tested and I was then able to share an ISO over the network.

You’ll note that Jose didn’t actually do this for VMM.  His example was where he was using the Hyper-V console to access file server resources, e.g. VHD (not supported in production) or ISO’s.

EDIT #1

Make sure that either the computer account of the Hyper-V host or EVERYONE has at least read access to the library share(s).

Ben Armstrong has posted an article on this subject.  There is a complicated TechNet method and there is a simpler tool you can use.  Running Windows Server from USB is completely unsupported.  This is intended only for Hyper-V Server 2008 R2.  If using portable USB then beware that you really shouldn’t go from machine to machine with this – it isn’t supported and it messes up virtual switches. 

I’ve previously talked about the process of going from a W2008 to a W2008 R2 Hyper-V cluster.  Today, I’ve tested the process out from end to end.  I set up a VM on the W2008 cluster and made sure the integration components were updated by VMM 2008 R2.  I then went through this process:

• I shut down the VM in VMM 2008 R2.
• I used a network migration to move the VM from the old cluster to the CSV in the new cluster.
• The job exported the VM configuration, used BITS to transfer the files and imported the VM configuration.  It wrapped up the job by updating the IC’s and starting the VM.
• I logged into the VM and tested everything.  All was good.

I then did some more testing to complete things:

• I RDP’d into the VM and fired up a ping –t to the default gateway.  I started using IE to surf the net in the VM.
• I initiated a live migration from one host to another.
• I put a host into maintenance mode to move the VM (and another) back to the original host.
• I re-ran live migration.

Ping stayed up and running the entire time.  RDP never timed out.  I never saw an issue while surfing the net using IE.  That a 100% pass on the tests.  I think I’m feeling good about pushing this into production.  I think I’ll deploy the OpsMgr agents first and then do some more tests.

Working in the server hosting business I’m used to “VPS” terms like over commit, burstable, etc.  What they mean is that although your virtual machine is granted 4GB RAM (for example) it only ever is given whatever it is using.  The idea is that the server hoster might have 29GB RAM available for VM’s but could possibly sell 40GB on that host machine.  You could see how this would be attractive to anyone.  Let’s face it, we tend to spec servers based on peak requirements, not average ones.  A web server might have 2GB RAM but it probably only uses 1GB of that 95% of the time.  Wouldn’t this be appealing in testing labs, development farms and enterprise virtualisation deployments?  But what happens if the VM with 4GB of RAM can’t burst to 4GB when it needs it?  What if either too many VM’s are bursting at once or what if the hosting company abuses over commitment?  The best case scenario is that the host machine starts to page like crazy.  The worst case scenarios is that VM’s start to blue screen when the RAM the believe to be available cannot be accessed.  At work, our virtualisation solution (Hyper-V) doesn’t have this and even if it did, I’d be very conservative about using it.

That’s why I read this article with interest.  Let me preface this by saying that I’ve found this blogger, in my opinion (i.e. not fact), to have a slanted viewpoint.

The blogger talks about the Burton Group and how they compare/measure virtualisation solutions for the enterprise.  They have 27 requirements and a number of preferred standards.  Yes, they measure VMware above Hyper-V.  Fair enough.  I’d agree that VMware have been in this market longer and have a more mature solution.  It might not be the right solution for me right now, but it is around longer and had more time to develop.  VMware do have more features.  For example, VMware has memory over commitment of sorts.  Hyper-V does not.  MS did try to add it into W2008 R2 but had to pull it very late (pre beta) for whatever reason.  I suspect they didn’t feel they had time to get it perfect before the release date.  Instead of releasing a nearly perfect solution they waited to ensure something critical like this would be right.

One of the really cool things VMware does is their power management by putting idle hosts to sleep after using VMotion.  It’s like Core Parking across host servers.

The blogger says that one of the preferred features, Memory Over Commitment, should be a requirement.  Oh really?  Let’s just analyse this for a second.  Would it save companies money?  Absolutely.  With server costs exploding in the last 12 months the less we have to buy of them, the better.  Is memory over commitment supported in production?  Oh – no it isn’t, at least not by VMware.  I guess that puts a dampener on that.

Would I like to see memory over commitment supported in production?  Yes.  I’d love it.  But it isn’t right now so I guess it shouldn’t be a requirement for any measure of virtualisation suitability for the enterprise.

I’ve added a second node to our Hyper-V cluster.  The servers are HP BL460 G5 blades.  The setup was simple:

• Install Windows Server 2008 R2
• Install HP’s MPIO 4.0
• Install the HP PSP 8.30
• Set up the NIC’s
• Set up the computer name and computer domain membership
• Enable Hyper-V role
• Install the 2 fixes I’ve blogged about before for W2008 R2 and Hyper-V
• Enable Failover Clustering feature
• Set up/add to the cluster
• Add the cluster to VMM 2008 R2
• Configure the virtual networks for the hosts in VMM on one node – which replicates to the other nodes in the cluster via a job

I deployed a test VM to the cluster and ensure the IC’s were up to date.  I set up the IP configuration of the VM for the VLAN that it was located in.  I then set up a continuous ping from the VM to its default gateway (a Cisco ASA firewall cluster) and initiated a live migration.  As expected, the console window terminated as the VM left node 1 and moved to node 2.  Problem!  My ping failed.

Not with Live Migration, though.  It worked perfectly.  When I set up the virtual networks on node 1 in VMM, VMM set them up as Internal networks on the other node.  Doh!  I changed the virtual networks to External and reran the tests.  Perfect!  I set a node into maintenance mode – the VM live migrated.  Not a single ping was dropped.  Perfect!

OK … it is a single node cluster :-)  But it is running!  Live Migration is great and all but to be honest, the 2 things I want out of Windows Server 2008 R2 Hyper-V are Core Parking (to reduce our power bill) and Cluster Shared Volume.  I really, really hated having to do per-LUN deployment of VM’s on the cluster.  They stressed me out when it came to alterations or deletions.  Luckily, I’d settled on a consistent naming standard for every component in the W2008 cluster.  But still, one oversight and bang – a production VM goes off the air.  With CSV, you deploy your storage once and add to it as required later.  Love that!

Setting up CSV was easy.  I set up a LUN in the SAN management console.  I linked this to the cluster node(s).  I initialised it and brought it online with the GPT disk partition system.  This is optimised for LUN’s over 2TB in size.  Our CSV will keep on growing so 2TB will be nothing.  I did a quick format and labelled the disk as CSV1.  I did not add a letter to the drive because there was no point.

Next I added the storage to the cluster.  I renamed it as CSV1.  I enabled CSV in the cluster (select the cluster, centre pane, it’s a hyperlink in there).  The MMC refreshed and now I had a Cluster Shared Volume item in the navigation pane on the left.  I selected this and added storage: I selected the disk I’d just added to the cluster.  Badda bing, a CSV was created! 

The disk is now mounted as C:\ClusterStorage\Volume1\.  Additional CSV’s would be Volume2, Volume3, etc.

Now, I can add VM’s into the CSV.  Note that any VM that was on the disk before being converted to CSV will be “corrupted", i.e. their storage location will have changed so Hyper-V no longer knows where they are.  Make sure there are no VM’s created on the disk before you convert it to a CSV.

I’ve also added 2 patches for W2008 R2 that I’ve blogged about recently.  1 is related to Nehelem processors and the other is related to power management, i.e. Core Parking.

That’s it!  Next I need to build node 2 and add it to the cluster.  Then I get to try out Live Migration!

How do you migrate from a Windows Server 2008 Hyper-V cluster to Windows Server 2008 R2?  The process is that you build a new cluster and migrate the VM’s over.  If you have a tight budget you will be evicting a cluster node from the W2008 cluster, rebuilding it with W2008 R2 and then setting up a new cluster.  OK, not perfect, but at least you get a clean new cluster. 

You then migrate the VM’s over from the old cluster to the new one.  Because you do not have W2008 R2 on the old cluster you cannot use Storage Quick Migration.  This means shutting down each VM in a maintenance window, exporting it and importing it in the new cluster.  That’s quite manual.  If you have VMM 2008 R2 you could use a cold migration.  Here, you shut down the VM and use VMM to migrate the files.  It does all the export/import and does the file transfer using BITS. 

As you clear out the VM’s from each W2008 node, you evict it from the old cluster, rebuild it with W2008 R2 and add it to the new cluster.

Problem!  What if you can only free up one machine for the new W2008 R2 cluster?  OK, you can build up a one node cluster.  Windows Server has no issue with that.  Neither does Hyper-V.  Obviously you have no server fault tolerance until you add a second node.  But you’ll do that once you free up a host in the old cluster.

Unfortunately though, VMM 2008 R2 does have a problem with one node clusters.  I’ve set one up and this is what happens when I added the cluster to the console.  The node cannot be refreshed and cannot be used by VMM:

“Warning (13926)
Host cluster <cluster FQDN> was not fully refreshed because not all of the nodes could be contacted. Highly available storage and virtual network information reported for this cluster might be inaccurate. 

Recommended Action
Ensure that all the nodes are online and do not have Not Responding status in Virtual Machine Manager. Then refresh the host cluster again.”

I’m not the only person to experience this.  Another virtual machine MVP has posted in Connect (I added a note) discussing the issue.  It does appear to be a logic bug in VMM 2008 R2, preventing us from using VMM 2008 R2 as part of the initial migration.  It looks like we’ll have to use the Hyper-V console until we can free up a second node from the old W2008 cluster and add it into the new cluster.  Of course, you then face a scenario where VMM cannot manage the last remaining node in the W2008 cluster and you’ll have to use the Hyper-V console to manually move the VM’s to the W2008 R2 cluster.

Ouch.  This is why MS should give me €30K worth of hardware and somewhere to host it :-)  I found a similarly annoying logic bug in VMM 2008 which I got a fix written for (released as part of a rollup back around March/April 2009).

Unless we get a fix then this appears to be the scenario:

• You don’t have unlimited h/w budget:  You will have a single node W2008 R2 cluster at the start of the migration and a single node W2008 cluster at the end of the migration.  You will need to use the Hyper-V console to manually migrate VM’s while you have single node clusters.
• You have unlimited budget and can justify having 2 more host servers at the end of the project than you did at the start: Buy 2 new W2008 R2 host servers and set up your new cluster.  You can use VMM 2008 R2 to cold migrate the VM’s from the W2008 cluster to the W2008 R2 cluster.  At the end you will have 2 vacant W2008 cluster hosts that you will have to find a new use for.

This is a pity.  I hope MS fixes it.  It’s a shame to deprive people of the power of VMM and it’s PowerShell module during these critical stages of a Hyper-V W2008-W2008 R2 migration.

EDIT:

I put out a shout to my fellow MVP’s and got a response pretty quick.  One of them says he’s managing a single node cluster with no issues.  He accomplished this by editing the properties of the cluster in VMM and setting the “Cluster Reserve (Nodes)” to 0.  The effect of this is that you tell VMM that you want zero redundant nodes in the cluster.  It is set to one by default, giving you an N+1 cluster with 1 node for fault tolerance.

I did this and had no joy with the W2008 R2 cluster.  I ended up migrating a node into it later today and re-adding the cluster.  It’s working perfectly.  The setting does appear to work for a single node W2008 cluster that we have up.

Those of you outside of Ireland are probably familiar with a TV show called The Apprentice.  In the USA it featured Donald Trump.  In the UK it featured Alan Sugar.  The idea is that the featured executive is seeking a new employee.  12+ candidates are brought in, split into two teams each week and given a task.  The losing team faces a boardroom where one of them is fired.  Eventually 1 person is left and they get a job with the featured executive’s company.

In Ireland, the star is Bill Cullen.  He’s a self made man who went from selling fruit/veg in Dublin, buying/selling the Renault business in Ireland (and making an absolute fortune in doing so), etc.  It’s fair to say he does OK.  They’re in the second series now.  I think it’s fair to say that Cullen is dealing with vegetables once again in his life based on what we’ve seen in the show so far, with 1 possible exception.  They’re down to 5 candidates now.  This series has been interesting because the tasks have been quite real.  Each week an Irish based company is features and the teams are either trying to invent, market or sell something for those companies.  Off the back of this you see major publicity, e.g. Samsung Jet or The Big Red Book.

Next week … well we got a mail this morning: 

“Watch the Apprentice show on TV3 next Monday, November 23rd at 10pm to see the two teams, Cúchulainn (pr. Ku-Kullen, a mythical Irish warrior) and Platinum, battle it out on a task set by Microsoft.

The team efforts culminate in a gripping boardroom scene with the contestants trying to avoid being fired and remaining in with a chance of securing the job of a lifetime with Bill Cullen.

All will be revealed next week after the show.....

Regards,

Microsoft Small Business Team”

I had heard about this and I know a little bit more but I’m not saying anything.  All I know is I can’t wait to see how the candidates mess this one up.  They’ll be dealing with complex technology that I’m sure will be quite alien to them.  Those in Ireland will also be able to watch this on the TV3 website after the original broadcast.

My time working at the Springboard stand ended this afternoon.  Over 4 days I met with and talked to hundreds of people about the Springboard Series, explaining how it provides a central location to find out more about Windows desktop, have a successful deployment and continue to take advantage of the features and manage the network.

Springboard Champion, Stephen L. Rose, took this photo earlier today of the 4 of us who ran the booth.  Thanks to Stephen and Melissa for selecting us!  That’s me on the left, Miklos (Bolivia), Erdal (New Zealand) and Justin (UK).

Auf Wiedersehen Berlin!

I’ve attended my last session.  Actually I attended my last half session because I walked out at the 30 minute point.  This session was like the vast majority of the content I saw this week.  It was marketing slides presented by sales people.  There were a few exceptions but not enough to make me want to return to TechEd next year. I didn’t come here to Berlin from Ireland to attend sales sessions – I can do that at home.  But at least I didn’t pay €1,500-€2,000 to come here like many others will have done.  I would have been sick to my stomach if that had been the situation for me.

Overall there were maybe 4 technical sessions that I got to.  The keynote was a dreadful omen for the rest of the week.  They opened 2 doors to let over 7,000 people into a room.  The keynote was dreadful marketing drivel and the entire event continued much on that theme, unfortunately.  The coffee docks were limited to the 2 exhibition halls.  The main exhibitor hall became a bottleneck because it was the only route to and from the conference halls.  There wasn’t enough desks, power or seating outside of the halls for people who had to work between sessions.  I found myself sitting on the floor with a near flat battery on more than one occasion.  I know MS has to cut costs but the ticket costs didn’t go down for those who paid to attend.  It was only by Thursday that some coffee docks appeared in building 7 and some additional desks were put into the previously vast empty space in the front of the CommNet room.

On the plus side the swag bag was decent.  It’s an olive green laptop bag which I’ll probably use, unlike the turkeys of Amsterdam 2004 (remember the giant orange U shaped bags stuffed into bins and lying on the outside streets?) or the plastic waste of money from Barcelona 2008 that was a logo fest?  And the wireless network performed admirably under the load of 7000 laptops and twitterers. 

Overall, I felt the event was a disappointment.  Unless there is a marked change in the speakers and content that MS is providing then I have no desire to spend a week being sold to.  I came here to learn and am leaving have learned very little that I couldn’t have gotten from a 2 hour webcast.  I hope this changes but unfortunately there seems to be a trend towards rah-rah Redmond-sugar marketing speakers who we could all do with a little less of.

Speaker: Vipul Shah, Microsoft.

Oh no, another marketing head.  It’s been Need I say Vipul is a senior product manger?  Isn’t everyone in MS a senior product manager?  It also appears to me that the majority of the virtualisation technologies are developed in the MS centre in India rather than Redmond.  We heard in Ireland, recently at the lunch events, about the global around the clock effort to develop Windows.  This is further evidence of that.

Rockstar Mark Russinovich is playing in another room in this slot in a session that I wouldn’t have much time for, i.e. UAC is/isn’t a security feature.  That story has been done to death now.  That means this room is 60% empty.

Production application virtualisation (on server VM’s) has increased maybe by 100% during 2006-2008.  Lots of reasons which we know: deployment/management time, carbon foot print, flexibility, lower costs, DR, etc. 

I walked out on this session after 30 minutes of marketing filled with incorrect statements, e.g. “sure, go ahead an use more than 64 cores in your Hyper-V server and it will be supported”.  Uh uh.  It will not be supported.

I went out last night with some of the MS Ireland folks.  They had one spare ticket to go see the Blue Man Group in Berlin.  I had no idea what to expect.  To be honest I didn’t think I would have too much fun.  As it turns out, I was belly laughing quite a bit during the show.  It was great fun even before it really started.  A trip to a Brauhaus in the Sony Centre followed and I was in bed by 01:00 with a 07:00 rise to get to the conference venue.

Friday’s schedule is not a good one for the IT Pro.  I’m on at the Springboard stand at 11:30 until the show close at 14:45.  That means I get to one session today and there’s nothing on at 09:00 that appeals to me.  That’s a pity.

Speakers: Bill Anderson, Jeff Wettlaufer, Jeffrey Sutherland, Mark Florida

This session is about the successor to Configuration Manager 2007 and not ConfigMgr 2007 R3.  It will be a demo session.

The console is like a new version of the OpsMgr/VMM console.  It almost looks like a web version crossed with MMC.  This breaks up things nicely because the 2007 version is quite cluttered now.  Locations of things have been moved around to make it more natural. 

I can see straight away that advertisements are no longer involved in software distribution.

Collections, DCM and Asset Intelligence are grouped under “Assets and Compliance” and are all renamed.

Delegation appears to have been simplified with a role model.  Currently there are 12 roles in additional to Administrator, e.g. “Application Editor” is a role for a person who creates packages but doesn’t deploy them.  This makes it much simpler than the current system.  You can copy a role and customise it according to your needs.  Security scopes are new.  This can be bound with Security Roles to define who can do what actions to what assets.  The example we see has scopes for geographic regions.

We get a demo where an AD user is added as a application administrator and is granted permissions to Europe and Sales & Marketing scopes.  The console is launched as Bruce.  Now Bruce can only see the parts of the console that he has permission to.  Much better than what we currently have.  Some existing packages are now assigned to a scope that Bruce has rights to by the overall administrator.  In Bruce’s console these applications appear automatically. 

Next up is Compliance Settings (aka DCM).  A baseline is defined for an application.  We can see there is a high rate of non-compliance.  We can be notified automatically that a baseline has a specified non-compliance rate, e.g. if compliance is less than 80%.  An alert is in the Compliance Settings summary.  Depending on the baseline, there might be action links for the alert, e.g. remediate the non-compliant component.

Each major feature will have a similar alerts section in the final product, e.g. if s/w deployment is below a certain level then your application deployment team can react immediately.  You can only see alerts within your scope.  It is also possible to do automatic remediation.  This is a tick box for when there is support for a remediation, e.g. script based, WMI or registry settings.  This means ConfigMgr could fix non-compliant machines with no human action.

We get a demo of Windows registry device compliance.  The registry setting is originally non-compliant but is automatically changed to bring it into a compliant state.

Device (mobile) management will be integrated with normal (PC) management.  You’ll get to them via the same wizard start up points.  We’re shown the configuration of some Compliance Settings for Windows Mobile devices: Device Wipe (5 incorrect login attempts are allowed and 6th will automatically wipe the device), Password  (4 character minimum PIN with idle timeout) and Platform Lockdown (prohibit camera).  This baseline is assigned to all systems.  Non-mobile devices in All Systems will report as compliant because the settings are irrelevant.  That’s good.

A demo: The settings are forced onto a Windows Mobile device.

We now have “Applications”; a generic container.  This contains deployment types.  For example, you can have a mobile device deployment or a Windows deployment for a single application.  ConfigMgr figures out the right one to use.  A Detection Method is defined (e.g. the installer code or a script).  If the s/w is there then it’s not installed.  If it’s not there then it is installed.  Requirements are specified, e.g. memory, disk space.  A new one is user device affinity.  A user’s primary device might be where you install bespoke expensive software, e.g. Visio.  If they temporarily log in else where the s/w won’t be deployed, i.e. not wasting licenses/money.  “Primary Device” can be manual, a result of Asset Intelligence or even user self-defined.

Advertisements are replaced by Deployments.  You can set an Intent, e.g. mandatory, available (puts the app in a catalog) or prohibited (the uninstaller is invoked).  The catalog is a web UI where users can elect to pull down optional software, e.g. Adobe Reader.  The s/w will install automatically for the user.  A Silverlight control on the site will immediately communicate the client on the computer to kick things off quickly.  Application deployment rules are still applied, e.g. if the app is not appropriate for the user/machine then it will not install.  OH HELL SWEET: There is a workflow built into this where software can be set up to require approval.  For example, a user requests Visio but this request must be manually approved.  This is major stuff that every SMS/ConfigMgr customer will love.

Packages and Programs isn’t changing.  However there will be file level single instance storage on the Site Server between packages.

There are now distribution point groups.  You assign software to the DP group and any distribution point in it gets the software.  You can build new DP servers and add them to the group.  They automatically get the software.  Another big improvement for larger architectures. 

… With MDOP, System Center and Virtualisation

Speakers: Jeff Wettlaufer (MS), Jeremy Chapman (MS) and Michael Niehaus (MS)

I briefly considered going instead to the Russinovich session on Windows 7 kernel changes but we noticed that it’s a PDC session, i.e. aimed squarely at developers.  So here I am at a session that will probably focus on MDOP (a product set only available to purchase by desktop software assurance customers).  I’ll probably never use anything from this session but here I am anyway.

Application Compatibility Toolkit

Jeremy Chapman: He seems a bit nervous but shouldn’t be.  It’s a good presentation.

This presentation kicks off with Application Compatibility.  We get a look at the survey and the most demo’d application on Windows 7 yet: StockViewer.  It’s a XP app with loads of problems that you need to shim using AppCompat.  First, Standard User Analyser is used and that fixes some of the bits but not all.  The Compatibility Administrator is shown and it has a huge database of application shims/mitigations to make the apps work on Windows 7/Vista. 

Tip from MS: When shimming an application then shim it’s dependencies.

Tip from MS: create a single SDB shim file for the entire company and include as many application fixes as possible.  That makes it easier to deploy/manage.

Session Virtualisation can be used for some appcompat, e.g. W2008 has WOW32 for 16-bit applications.

MED-V should be used by medium/large organisations who are considering XP Mode.  It provides centralised administration and control, e.g. change control.  You also get policy for interaction between physical and virtual, e.g.  allow copy/paste but not local disk access.

App-V DOES NOT solve appcompat OS issues.  It does solve app to app compatibility issues.  You cannot run legacy IE in App-V.

Windows 7 Deployment

Using W2008 R2 WDS multicast MS went from 17 WDS unicast servers to 1 WDS multicast server and quadrupled their total output to 2100 builds per day.

Michael Niehaus takes over with WAIK and MDT (check out my whitepaper on XP to Win7 deployment).  Now we get a demo.  This is a very demo intensive session.

MDT is light touch, e.g. LiteTouch.VBS.  To get zero touch where the admin deploys from an admin station then you need to use Configuration Manager.  SP2 adds support for ConfigMgr 2007.  MDT is free.  ConfigMgr obviously allows you to automate deployment from 0-100, e.g. report/collection for suitable machines and run a job on them to upgrade/migrate and then get success/failure reports.

Jeff Wettlaufer takes over.

ACT does integrate into ConfigMgr.  V5.5 doesn’t at the moment but there is a fix on the way.  V6.0 will integrate as well.  I wasn’t aware of this integration.

You can use the Windows 7 Upgrade Assessment reports in ConfigMgr.  Obviously you can add s/w and App-V distributions into a ConfigMgr OSD task sequence.  In the future, there will be integration with MED-V similar to the current integration with App-V.  That’s 12-18 months away with V2.0 of MED-V.

Michael Niehaus takes over again.  This time to show how MDT can integrate with ConfigMgr to add additional features.  You can create MDT task sequences in ConfigMgr and create boot images.  Why?  MDT task sequences offer more functionality.  Documentation for this integration is built into MDT in the accelerator docs.

Configuration Manager 2007 R2

Jeff is back with some ConfigMgr R3 roadmap information.

The task sequencer has a new boot media creation process.  You can do a pre-staged media boot image that contains the build, e.g. for road warriors or hardware providers.  Give them the media and they build a machine outside of your network with your image using the media you create in ConfigMgr 2007 R3 – sounds similar to the MDT 2010 solution.

… to Provide VDI, Session, and Application Centralised Publishing

Speaker: Alex Balcanuqall, Senior Product Planner, Microsoft

We’re talking about VDI (Windows desktop virtualisation in the data centre), Terminal Services and application (TermSvcs and App-V) publishing to the end user via a man in the middle broker in W2008 R2.  Hyper-V is used in some of this (VDI).  VMM and SCCM used to manage VDI.

Remote Desktop Services VS Virtual Desktop Infrastructure

• Tech Maturity: RDS Proven, VDI emerging.
• Scalability: RDS gets more users per server.
• Isolation/Security: VDI isolates the user, 1 OS per user and users _can_ run as admin.  Opposite for RDS.
• Remote User Experience: Protocol (RDP in MS) dependent
• User flexibility: User is non-admin in RDS
• Application Compatibility: RDS is a server OS and requires TermScvs compatibility.  VDI is a desktop OS.

RD Virtualisation Host

• Windows Server manages VM’s
• Install the Remote Desktop Virtualisation Host Role services
• Receives commands from the Connection Broker to start VM’s
• Collects information on VM’s and sends to Connection Broker (session information and VM-state (ie. is it running or hibernated)).

User requests VM on client –> Broker determines rights –> Broker initiates VM –> host starts up VM –> Broker redirects RDP session to VM (a direct RDP connection now)

The redirection uses the RDP 5.2 redirect packet so it’s very backwards compatible.

RDP Broker

• Connection Broker: what the client connects to initially
• Publishing service: aggregates VDI VM’s, RDS session servers or published applications
• Redirector: Most common mistake in setup is not setting this up in addition to the connection broker
• Connection broker and redirector can be separate

TS Web Access talk to Centralised Publish Service on TCP 5504

Redirector

It’s a session host in “drain”/dedicated redirector mode.  It forwards RDP sessions to the connection borker and retuns the list of IP addresses received from the broker.  Users never TS into it.

Certificates

Must be done right to keep single sign-on and to have no error popups for users.

You can use a single trusted SSL cert for all components.

Prepare VDI host

• Install Hyper-V
• Install Remote Desktop Virtualisation Host role

Sizing?

It depends:

• applications
• data used
• demand cycle of users
• depends on OS

And thing about CPU and memory requirements.  Only way to know for sure is to do a pilot with real users and real applications in real usage over a period.

Prepare Client OS VM’s

• Supports XP SP3, Vista and Windows 7
• Install the Hyper-V IC’s
• Enable RDP services (GPO)
• Add users to the groups (GPO)
• Enable Remote RPC (TermSvcs GPO)
• Open firewall for RDP and Remote Service Management
• Modify RDP Listener Permissions (manual or script).  This can only be done after a domain join.  Possibly a start up script is the way to go here. 
• There’s a script from MS for this but the URL on the screen is way too long to copy (must never have heard of Tinyurl)

Configure the Connection Broker and Redirector

• Broker: Is the RD Server Role
• Redirector: Is RD session host

When you install Remote Desktop Service Role the server is automatically put in “drain” mode so users cannot log into this server.

Unfortunately, we now get a very confusing and unrehearsed demonstration.  I’m lost.  It appears to me that the presenter is here because he is a manager, not a knowledgeable techie.

I can’t keep up with note taking in this session.  Sorry; it’s all a bit of a mess.

Pooled VDI VM’s

Often people start with this and switch to dedicated per user VM’s.  Problems: when to patch them.  S/W deployment – do you really want to install/stream non-standard s/w to a VM every time a user logs in?  Probably not.

There was some slides on tips’n’tricks and common mistakes.  He rushed through it after spending too much time troubleshooting his demo lab.  Disappointing session.

ARR 2.0 was announced as being released and available to download earlier this week.  It leverages IIS 7.0 and IIS 7.5 to give you a load balancing and content caching solution.  It’s an interesting solution, especially if you start reconsidering how you architect your web farms.  Here’s a listing of the features:

• HTTP based routing decisions built using rules that examine HTTP request information
• Sophisticated load balancing algorithms to determine appropriate servers to service the HTTP requests
• Health monitoring for live traffic and specific URLs to determine the health of servers with a set of configuration parameters provided to calibrate baseline server health
• Client affinity to direct all requests from a client to a specific server by using cookies.
• Host name affinity to streamline administration for Web servers and to create additional business opportunities.
• Management of multiple server farms to enable pilot management and A/B testing scenarios.
• Management and monitoring of all configuration settings and aggregated runtime statistics through IIS Manager interface.
• Support for Failed Request Tracing Rules
• Disk-based caching
• Cache hierarchy management
• Cache proxy node in CDN/ECN environment
• Caching compressed objects
• Browsing cached contents using IIS Manager
• Removing cached contents by matching URL patterns
• Overriding cache-control directives
• Warming up cache mode
• Intelligent byte-range support
• Intelligent live request support
• Caching while serving responses

Although I do a little bit of speaking and writing about Windows deployment, I am nothing compared to gurus like Johan Arwidmark, Michael Niehaus and Rhonda Layfield.  Speaking of Johan, he released a new edition of his deployment CD.  It covers MDT 2010 and Configuration Manager 2007 OSD.  It’s a free download and well worth getting your hands on.  Johan is speaking this week at TechEd Europe 2009.  I’ll miss him unfortunately but if you are here I would recommend you go along.  Based on what I see on the Minasi forum, Johan knows this stuff inside-out.

The Irish delegation had a country party last night somewhere in East Berlin.  I finished up slightly late at the Springboard stand and made my way to my hotel.  I powered up the laptop and found lots of work waiting for me.  Add in me feeling exhausted and I was not up to a party, e.g. after lunch I was walking the halls and totally missed two Dutch friends, Wim and Ton who were calling my name … right in front of me.  I was in a world of my own.  I couldn’t find the energy to go out.  I ended up working until about 21:00 and was quickly asleep after that.

Today is day 4 of TechEd Europe 2009 in Berlin.  I’m back on the Springboard stand in the afternoon so I’ll only be able to go in the morning once again.  It looks like I’m doing a group policy and Windows performance sessions before lunch.  There’s a DirectAccess architecture session on in the afternoon that I will unfortunately miss.  I’d like to learn a bit about that even though it doesn’t really play much a role in my world.

I’ve got the go-ahead to deploy our Windows Server 2008 R2 Hyper-V cluster next week.  The plan is pretty simple.  New hardware is required for expansion.  I’ll be setting that up with Windows Server 2008 R2 instead of 2008.  It will be set up as our new cluster, as is required for the “upgrade” which is really a migration.  I’ll then use VMM to move the VM’s from the old 2008 cluster to the new 2008 R2 cluster.  That won’t be able to take advantage of Quick Storage Migration because the old cluster is still W2008.  It’ll require getting maintenance windows for he affected VM’s, shutting them down and doing a cold migration from the old cluster to the new.  Once that is done I can break up the old cluster, one node at a time as they are made available.  As I get each node I can rebuild it with Windows Server 2008 R2.

Using VMM for the procedure simplifies things.  The job optimises the export/import process and it uses BITS to transfer the files safely.  The job then mounts the VM, adds the integration components and starts up the VM for you if you’ve elected to do that.

We’ve already migrated to W2008 R2 for whatever un-clustered hosts we run.  Once we complete the “upgrade” we’ll be able to use quick storage migration for future operations like this.  We’ll also get better performance (it was already quite good) and lower power consumption.  I’m quite happy so far.  I have one DL380 G5 that is moderately specified and we’ll be getting a 14-1 compression ratio out of it without any sacrifices.  We’re already at 10-1 and only using between 30-45% of CPU resources.  That is quite cool!  When we start going with the G6 series of servers from HP we’ll get even more from each host – all thanks to the power and efficiencies of Windows Server 2008 R2 and Hyper-V.

*OK; where’s my commission?* ;-)

Speaker: David Lowe, Senior Product Planner, Microsoft.  Former Dubliner working in Redmond and the first ever speaker at the Irish Windows User Group the day after the W2008 launch in Feb 2008.

This session will focus on IIS 7.5 (W2008 R2) and the free extensions to IIS 7.5.  It is aimed to be a level 300 session.

I’ve blogged about this before: The IIS team have been VERY busy.  There are a lot of extensions to expand the platform for web beyond IIS focused for the IT Pro and Dev.

Web Platform Installer

The Web Platform Installer is a small little tool that makes it easy to download and install MS and 3rd party extensions, e.g. PHP.  A demo now of the WPI v2.0.  David shows that there is stuff like Wordpress and PHP available here for download and auto-install.  DasBlog is installed in the demo.

IIS 7.5

• More reliable
• More control
• More secure
• More Choice

FTP 7.5 built in on W2008 R2.  Includes a secure FTP option.  Same applies for some of the other IIS7 extensions: built into 7.5.

W2008 R2

• ASP.NET on Server Core
• PowerShell Module & CmdLets
• Integrated FTP and WebDAV
• Integrated Admin Pack Modules
• Configuration Logging and Tracing
• Best Practices Analyser

.NET in Server Core

Couldn’t do it in time for W2008.  You get a subset of 2.0, 3.0 (WCF, WF) and 3.5 (WF additions from 3.5 and LINQ).  Subset of ASP.NET support for IIS.  PowerShell support and WoW64 for 32 bit applications.  No WPF, small bit from CLR missing and a few bits from ASP.NET.

Use DISM to install .NET installed on Server Core.

Now we get a demo of setting up .NET on Server Core.  The installer sits at around 99.8% for ages while .NET installs – we all know how long that installer typically runs for.  Enable remote management.  Install it and then enable it:

• dism /online /enable-feature /featurename:IIS-ManagementService
• Regedit on the Core machine to enable remote management
• net start wmsvc
• sc config wmsvc start= auto

Extensions

Possible because MS added an API to IIS.  This allows MS and 3rd parties to add functionality to IIS.  MS has added several so far that are free and supported.

FTP 7.5 built in.  WebDAV 7.5 built in and using industry standards.

PowerShell

• Seaqmless integration
• Add.configure websites, etc.
• Advanced configuration
• Run time query data

Very marketing driven slide with little info.

We get a demo now of installing and configuring the IIS PowerShell module on Server Core followed by some cmdlet demos.

Web Deployment Tool

Use this to change the location of a web site/application or to copy it to other machines.  This simplifies the task by packing the contents of the application, certs, databases, etc.  You can migrate between IIS 6.0, 7.0 and 7.5.  Integrated in IIS and Visual Studio 2010.  Can synchronize changed data.  Server admin rights not necessarily required.

We get a demo of this tool now.  It was installed using the WPI.  In the IIS manager you can right click on the site and select Deploy to get various options for the site.  This fires up a wizard, e.g. for exporting a package of the site so you can deploy it to a different web server.  This creates a zip file that you can use to transport the web application.  This zip structure also happens to be in the format that the WPI uses to distribute applications.  This means anyone can export and upload their site to MS for submission into the WPI.  When you install this Web Deployment Tool on Core you need to install every component pretty much by the sounds of it.  You then need to start the msdepsvc service using net start.  From the remote IIS Management console you need to reconnect to the server to re-query for the available modules.

IIS URL Rewriter

Any application like DNN often uses unfriendly long URL’s.  The purpose of the URL Rewriter is to give us human friendly URL’s that resolve to the application URL’s.

IIS Application Request Routing

• Balance loads across servers
• Manage and monitor multiple servers and web farms more easily through IIS Manager
• Create affinity for server requests by client or host name

V2.0 features edge caching.  I’ve been liking the look of this tool for a while.  It doesn’t do high availability so things like the F5 devices still have a place.  This V2 is still and RC.

Search Engine Optimisation

Tools you can install on your server to boost your position in search engine ranking.  It crawls your site and help with the SEO work normally done by experts.  It runs from the IIS Manager.

Demo: he crawls a tiny bit of Google.com and finds lots of SEO violations!  500 links searched and 768 violations found.

Others:

IIS Application Warm Up (in 7.5)

You can pre-load applications on your web servers so that they don’t take ages to get going.

CLR Settings per Application Pool (in 7.5)

Some ASP.NET thing :)

Configuration Logging and Tracing (in 7.5)

• R2 provides read/write audition of configuration changes
• Logging of events unrelated to reads/writes
• In Event Viewer under IIS-Configuration
• Audit what configuration changes are made on your IIS servers by administrators

Application Pool Identities (in 7.5)

You can use domain accounts for this now.

Best Practices Analyser (in 7.5)

Make sure your server is secure and configured for best performance.  You can run this tool to verify you have followed best practices.

Windows Web Server 2008 R2

The cheap but limited web server OS.  W2008 R2 is 64 bit only and this edition supports 4 processors and 32GB RAM.  Does not require CAL’s or the External Connector.

Speaker: Elden Christensen, Microsoft – owner of the failover clustering and network load balancing features.

One of the primary reasons that DR invocations plan fail is the dependence on people.  This was the result of a study after Hurricane Katrina in New Orleans.  In the event of a disaster people focused on their personal priorities, not on their DR plan actions.

Network Options To Stretch Cluster:

• Stretch the VLAN: 2003 did this
• Dissimilar subnets: 2008 introduced this support.

Longer distance = latency.  Windows 2008 allows you to tune the heartbeat time out.  Out of the box <500ms is fine but you can tune this.  This can be tunes differently for nodes on the same or different subnets within the one cluster.

Windows 2008 inter-node communication can be encrypted for cross WAN clusters.

Client reconnect reconsiderations:

• If the nodes are in different subnets then there are DNS timing issues to consider.  A records get cached on DNS and on the client.  If there’s a failover then what happens?  The client/DNS have cached the old record and clients fail to connect until their purge/timeout the DNS cache.  Also consider DNS AD replication between sites.
• Configure a smaller TTL for the record but you need to find the right balance between too frequent and infrequent lookups.
• RegisterAllProcidersIP and/or HostRecordTTL

Alternative 1: Advanced Planning:

Have a local failover in Site A and in Site B.  Configure the cluster to failover to a local node first, e.g. a local hardware issue rather than a site failure.  If site failure then fail over to site B.  This is OK if the DR plan allows for non-instant failover.

Alternative 2: Otherwise stretch the VLAN.

The IP of the clustered resource never changes.

Alternative 3: Abstraction Device

For example, Cisco has a device to abstract and IP address to reroute it as required to the correct server in the correct site.

Storage

You need to have two copies of the data.  Single site allows for single copy storage.  But that’s not going to fly for DR.  You need to replicate the data between site A and B.  MS relies on the vendors/partners, e.g. HP LeftHand, HP EVA Controller, HP XP Controller, Compellent, DoubleTake, SteelEye.  There is also application stuff such as Exchange CCR.

Synchronous or Asynchronous can both be used – it depends on your application.  Synchronous commits data to both sets of storage and then responds to the application to confirm the write.  Asynchronous writes to one set of storage and then replicates it to the other site.  Obviously the latter is good in limited bandwidth scenarios.  There is a potential for data loss.  It stretches over great distances and has no impact on application performance.

But the former guarantees no data loss but requires more bandwidth between sites.  Latency is an issue so the stretch is a short distance (<100KM) and has an impact on application performance with greater latencies.

The storage partner writes DLL’s that integrate into clustering so it ensures consistency of storage ownership/failover during a failover of the clustered resource.

The validation tool is not written for these replicated storage solutions and will fail.  This is acknowledged by MS and is documented online.

HP StorageWorks Representative

The speaker is talking about the HP story, CLX for Windows.  CLX = Cluster Extension Resource.  This is for EVA and XP SAN.  There is support now for Hyper-V Live Migration in the new release.  This adds W2008 R2 and Hyper-V Server 2008 R2 support.  This Live Migration support indicates the speed of failover.  EVA support in a month, XP next year.  Apparently this does not support CSV at the moment due to the controllers role in the replication process.  This costs around €3000 per cluster node so you better be serious about DR – and this doesn’t include SAN replication licensing.

We get a video of this demo based on W2008 R2 Hyper-V live migration on a pair of replicated EVA 4000 SAN’s.  We saw 3 failed pings on the grainy video but the HP guy claims they were retransmits, not dropped packets.  I’m not convinced that HP have real Live Migration between sites but 2-3 missed pings between sites for DR is pretty good.  You have duplicate copies of data in 2 sites in case of a disaster.

Quorum Overview

It’s all about getting a vote majority to decide who owns a resource.

• Disk only: The quorum disk (who ever is the owner of it) decides.  Even number of nodes.
• Node and disk majority: Disk owner breaks the vote
• Node majority: No witness disk
• File Share Witness: Instead of the disk

Replicated Witness Disk in DR:

Not to be used unless recommended by the storage vendor  Normally not used in replicated storage clustering because it is really 2 disks, one in each site.  MS not a fan of it.

Which to use?

• Node Majority: Odd numbers of hosts.  The majority of nodes will be in the primary data centre, e.g. 3 nodes in site A and 2 nodes in site B.  If there’s a break in comms between sites A and B then the nodes will vote.  If node 1 in site A (3 nodes) votes it can talk to itself (1 vote) and the other 2 (now 3 votes).  In site B node 4 can talk to itself and it’s neighbour (2 votes).  Therefore the resource stays in site A.  But in DR if site A burns down then you need to manually override because site B cannot win a vote.  This is called Forcing Quorum.
• Multi-Site with File Share Witness: This is normally the best one to use.  Place a file (SMB) share in a third (witness) site.  There’s nothing special about the share other than a single text file.  This allows even node numbers where the file share is the vote breaker.  If site A fails then site B can see the file share in the witness site.  Site B initiates a failover automatically.  But what it site A and site B can both see the witness site but not each other?  Seems there’s a solution with the file share but the speaker doesn’t say … I guess it’s something in that text file.  This comes up in QA.  The node that owns the file in the file share is healthy then it becomes the vote breaker.

Workloads

Hyper-V: If you use DHCP then you can use different VLAN’s.  If your VM’s use static IP then stretch the VLAN(s).  Live Migration really requires stretched VLAN’s because otherwise the IP must change in the VM and that requires a TCP outage.

CSV: Requires a single VLAN between nodes.  CAV assumes all nodes can concurrently access the LUN.  SAN replication assumes that only one array has the replicated LUN active at a time.  CSV is not a requirement for Live Migration.  MS says you should talk to your storage vendor for support statements.  The whole scenario depends on how the storage is replicated by the vendor.

SQL: Missed this because it was very quick.

Exchange 2007: It has CCR so you don’t need storage level replication.  Change the TTL to 5 minutes.  File share witness should be on the hub transport server in the primary site.  Exchange 2010 is probably very different because of the possibility of using a DAG.

Q&A

DFS-R: Can you use this for multi-site clustering? Yes and No.  DFS-R is supported on 2008 R2 clusters but you cannot use it as the replication mechanism because it only replicates at file level and file close.

Does the HP CLX support CSV? Not in this release.  They are working with MS to get this working.  HP LeftHand will do this.  Compellent does this too – I think Lakeland Dairies (Irish company) are using their solution for inter-building DR for Hyper-V on their “campus”.  I believe there’s a whitepaper on it somewhere on the MS site.  I did find this video.

What is Springboard?  It’s a program by Microsoft to help IT Pro’s do a successful deployment of the desktop operating system, e.g. Windows 7.  The site acts as a portal, gathering together articles, blog posts and videos generated by experts inside and outside of Microsoft.  That means you can go to a single location to learn about :

• Windows 7 and its features
• Plan your deployment
• Run your pilot
• Deploy Windows 7 and
• Manage your desktop network

Springboard also runs the Springboard Technical Excellence Program (STEP).  This is a global group of around 140 MCT’s and MVP’s who work with Springboard to add content and present the content to local markets.  I’m a member of STEP.  I applied to staff the Springboard stand for a few hours a day at TechEd EMEA 2009 and was accepted.  That’s why I’m here in Berlin now.

Yesterday afternoon I did my first stint at the stand.  It was hectic.  Springboard sponsored a party for MVP’s, MCT’s and IT Pro’s and tickets were limited to 300 people.  The demand was nuts and not everyone managed to do their registration correctly.  Throw in the usual conference booth competitions and the genuine interest in Springboard and you can imagine how busy we were.  I ended up answering all sorts of questions:

• What is STEP?
• Can you tell me about Windows 7?
• Hyper-V
• Boot from VHD
• SAN Storage
• MDT 2010/WDS
• “I didn’t register for the party but can I get a ticket?”

It was wide and varied audience.  I’m back on again this afternoon.

We had the party last night at a club called Watergate.  I hung out with some of the Irish folks and didn’t go wild.  The drink was flowing and plenty of folks made the most of it.  I’m still feeling a little ropey this morning despite being cautious but I suspect it’s mostly lack of sleep over the last 3-4 nights that’s got me.  We have an Irish night out tonight and I’ll be taking it easy there too.

I’ve just read one of the most uninformed or biased articles about Hyper-V yet – outside of VMware of course.  The author reports or makes 3 comments about the “failings” of Windows Server 2008 R2 Hyper-V:

“When it comes to large enterprise customers, he said there is very little hope because the "vast majority" of them have very little interest in switching.”

OK.  But that’s not a failing in Hyper-V even if this is true.  I’m not going to get into decision making between products.  I’m too hungover for that.  What I will say is that MS sells through their partners.  What I’ve seen in the last 2-3 months is partners start to get genuinely interested in Hyper-V now that CSV and Live Migration are here.  I’ve seen it here at TechEd Europe 2009 too.

This isn’t a technical problem for Hyper-V but I guess having 3 “failings” makes for a better headline than 2.

"… every physical host has a copy of Windows that is used as the parent OS. It manages the I/O drivers and is home to any management agents that are installed” … "so what you end up with is one big, fat, single point of failure."

Hmm … so how do VMware, Xen, RedHat all manage their hypervisors?  Oh yeah, they’ve all got some sort of operating system or platform on the machine to manage it.  Duh!

“Every time it's necessary to patch the parent OS, it is also necessary to take down all the VMs.”

No, not quite true.  I have deployed patches that do not require reboots.  True, they are rare but it does happen.  And if you deploy a Hyper-V cluster (which you can do with the totally free Hyper-V Server 2008 R2 with CSV and Live Migration – something VMware does not have) then you simply Live Migrate the VM’s to another host and then do your host operations.  Heck, VMM 2008 R2 makes that easy with the “maintenance mode” option for hosts which does all that leg work for you.  By the way, a VMware “patch” is way worse to deal with.  With Windows and Hyper-V I have Windows Update, WSUS/ConfigMgr for downloading, testing and managing the deployment of my updates (including reports).  It just so happens to be the same engine I use for managing updates for all of my MS software/OS’s.  Windows happens to be on 72% of all servers in the world.

Speaker: Jeff Wettlaufer (Microsoft)

This rooms is packed.  Standing room only at this point. 

There will be support for 300,000 support.  Jan 10 2010, mainstream support for SMS 2003 ends.  Be aware of V.Next when planning your migration from SMS to ConfigMgr.

ConfigMgr 2007 SP2

SP2 adds support for Windows 7, Server 2008 R2, Vista SP2 and Server 2008 SP2.  This allows them to be clients and allows those servers to host site roles.  Server 2008 R2 BranchCache is a game changer.  In MS they cut 90% of traffic to the Mexico office with this.

Improved Client Policy Evaluation:

• Faster processions.  Pre-SP2 there was a 2 minute delay
• More efficient s/w deployment configured to run at user logon
• There was a 10 minute delay pre-SP2
• User/Group targeted advertisements instantly available after logon with SP2

BranchCache Support:

• Integration with ConfigMgr reduces vastly WAN traffic and transfer loads on distribution points.
• Client downloads are faster (from local cache)
• Configuration Document guide available
• Requires R2 DP and Win 7 Enterprise/Ultimate clients

64 bit Support

• App-V x64 client
• Remote Control for x64 XP and W2003
• x64 performance counters
• Update to OpsMgr MP for 64bit OS
• x64 support for OpsMgr agent

Asset Intelligence

• Software Assurance not required
• The requirement for a cert has been removed for updates synchronisation

Intel vPro Technology

• Out of band wifi management
• Power state configuration
• Other stuff – vPro costs extra on the h/w side

KVM coming in the future.

OS Deployment

• Multiselect and delete drivers in the console
• Task sequence editor UI displays the package names as in the console.

Available as of Oct 22.

Now on to ConfigMgr 2007 R3

It’s still quite early in the engineering phase.  Support for power management – it’s the only thing they’ve talked about so far from what I can see. 

• Monitor power consumption
• Plan and create a power management policy and check for exceptions
• Apply power management policy
• Check compliance and remediate
• Report in power savings and costs savings and environmental impact

Collections will be used to apply power policies so some engineering required to group clients appropriately.

Demo:

The Power Management Client Agent has a dependency on the Hardware Inventory Client Agent.  With both configured (and with schedule noted on hardware agent) you’ll start getting data back.

In the collection you can enable power management settings in a new Power Management tab.  There is an option for a peak plan and a non-peak plan.  That allows the admin to select the Windows power plans, e.g. balanced, etc.  In the properties you can configure that Windows power plan in the ConfigMgr console, e.g. sleep after 5 minutes, etc.  This will support older OS’s because the core focus is on power down and hibernation but Win7 takes advantage of it more.