I did the upgrade today at work from Operations Manager 2007 SP1 to Operations Manager 2007 R2.  I followed the upgrade document by Microsoft.  It weighs in at 60 pages but that covers all sorts of scenarios.  I printed the document out and slowly worked through it.  It’s 60 pages so that’s a nice load going into the recycle bin.  It’s a very well written document so congrats to the team and the author, Christopher Fox.

I followed their precautionary backup steps.  But I also took a snapshot – yeap, our OpsMgr 2007 RMS is a virtual machine.  I checked out it’s utilisation of resources and found it was a candidate.  So I took a snapshot after the database backups/resizing and then continued the MS upgrade process.  I’ll leave the snapshot for a weekend to see how it goes.  The AVHD’s are slowing performance of the OpsMgr server but I’ll live with that in order to have a rollback option in the case of a critical issue.  If all is well in a few days I will merge the snapshot.

You need to have some disk space for this upgrade.  The guide recommends that the Operations and datawarehouse database have 50% free space.  The Operations database also needs a log file that is 50% of the size of the database file, e.g. the MDF is 50GB so the LDF should be 25GB.

The agent upgrade can be done a bunch of ways.  The easiest is to approve the updates via Pending Management in the console under Administration.  Note that agents accessed via a firewall will probably fail so you’ll have to do those manually.

I’m also using the Management Pack Templates to manage 3rd party services.  There’s a new option to target this to a group of machines.  I like that; it trims the fat.  I also use the Web Application templates.  They also need to be upgraded (edit properties, click Apply and agree to upgrade the management pack).  You’ll have to do that with each application.

The supported configurations for Microsoft System Center Configuration Manager 2007 R2 is posted on TechNet.  Thankfully, older OS’s and DB’s such as Windows 2003 and SQL 2005 are still supported, making the upgrade easier.  I’ve only a small bit of W2003 and SQL 2005 which will likely stick around for a while.

A recurring subject on my blog since I started this up back in 2006 has been control of data and usage auditing.  The Irish Times is reporting that companies are losing control of data by allowing employees to download the data to domestic PC’s.  Their PC’s are either stolen or sold with the data on it.  Even if they delete the data, it’s still recoverable without using a wipe tool like DBAN.  Just like disk encryption, it seems like businesses don’t want to take this one seriously.  I’ve talked about it over and over and over.

Have a read of those posts if you want to learn about how to protect your data no matter where it is.  Some quick tips:

• Learn how to properly secure data on your file shares: Then only authorised users can access the files.
• Use Rights Management Services to protect data no matter where it is: Bringing data to a home PC is useless.  Forwarding emails can be prevented.  Printing can be prevented.
• Audit data access, e.g. on the file shares and using OpsMgr 2007 R2 Audit Collection Services: Know who has done what for investigations.
• Use Network Access Protection to restrict access to company resources: That domestic PC won’t be able to connect to your network without the proper security configuration.
• Use forced (by policy) removable storage encryption to protect mobile data: Mobile data is secure even if the removable storage is lost or stolen.
• Use forced (by policy) laptop encryption to protect company laptops: The data on the laptop is secure even if it is lost or stolen.
• Use something like DBAN to wipe computers when you finish with them or they move between departments: Deleted/formatted data is recoverable so a secure wipe is required to overwrite it with garbage.
• Put policies in place:  Breaking company policies is a punishable offence no matter who does it.

OpsMgr 2007 R2 RTM’d about a month ago but was due to be GA on July 1st.  I checked that morning but Redmond doesn’t usually post things until 20:00 GMT or later.  I’ve been snowed under since and spent last night at a preview for the Bruno movie (laughed so much I started coughing my innards up).  I saw this morning Anthony Crottie posted that OpsMgr 2007 R2 is available.  I’m downloading it now from EOpen.  Check out my previous post for links to product documentation and descriptions of the new features.

VMM 2008 regularly refreshes a VM to retrieve it’s configuration and settings, e.g. what ISO is mounted. What happens if you manage a machine directly in Hyper-V?  That change won’t be reflected immediately in VMM.  So you might need to force the refresh.  You’ll have to fire up the PowerShell console for Virtual Machine Manager 2008 to do this:

First you’ll connect to the VMM server.  I know, you’re probably logged into it already but PowerShell isn’t.

get-vmmserver <Vmm_Server_Name>

That’ll think for a second and then spit back a load of information about the VMM server object.  That’s a sign that it worked.  Next you’ll run a command to refresh your VM:

refresh-vm –vm <Virtual_Machine_Name>

I usually forget the –vm flag because it does seem a bit redundant.  Here’s an example:

PS C:\Windows\System32> get-vmmserver vmm01.mydomain.com

PS C:\Windows\System32> refresh-vm –vm SQLServer01

In that example I’ve connected to a VMM server called vmm01.mydomain.com.  The VM I want to refresh appears as SQLServer01 in the VMM console so that’s what I refresh.  That’s not necessarily it’s FQDN.  Give this a few seconds and the VM properties will be refreshed in VMM and the console.  They’ll be displayed in the PowerShell console.

Many have said that “Sony are evil” following the Russinovich discovery of their “rootkits” in their music CD’s.  I used to run a HP laptop.  It worked fine for me, nice and powerful AMD processor, big screen (great for photo editing) and I could use it for virtualisation.  The day before I was to speak to a bunch of MVP’s over in Reading last September, that laptop died.  I was in a hotel in Reading, near soiling myself.  Luckily I kept a  a copy of my presentations on Skydrive and a USB key – I’ve since added Mesh to that mix.  Another MVP allowed me to use his laptop.

On the return home I had several hundred photos of Welsh Red Kites to process and not much budget for a laptop.  I was in a hurry so I ended up buying the cheapest thing of sufficient spec, a Sony Vaio VGN-NR38M.  The cheap offers from Dell and HP had disappeared. I brought the Sony home and didn’t rebuild.  I simply installed my required software and used it as was for months.

I upgraded it from Win7 beta to Win7 RC on Tuesday night.  I went to install a copy of Virtual PC 7 on it last night.  No joy – I can’t enable CPU assisted/machine virtualisation (Intel VT-X) because Sony have hidden it in the BIOS.  I did some searching and this appears to be the norm across the entire Vaio range.  DAMN YOU SONY!

I think I’ll have to encourage a name and shame listing of OEM’s who won’t reveal this feature in the BIOS.  I don’t get why they don't.  It’s already there on the processor – just let us turn that and DEP on.  Why won’t you?  It’s not like it will cause Penguins to get sunburned.  This feature is mandatory to use Virtual PC 7 and XP Mode.  And I can’t install Virtual PC 2007 SP1 because it blocks the installation – unsupported OS.

Thinking of using Windows 7 on a laptop?  THEN DON’T BUY SONY!

EDIT #1:

There is a 3rd party hack but I don't recommend it.

By default VMM 2008 uses the Local System account to run the VMM service.  However, you might just want to use a domain account instead.  The VMM team blogged about how you can do this.

“While the option to specify a domain account exists as part of the installation program, the recommended way to achieve this is by completing the following …”

It looks like you will also use this approach for a remote SQL database.  It’s a long process but it looks very well documented and pretty logical.

I encountered this one just a short while ago tonight.  It’s been mentioned elsewhere before.  I was doing some work on some VM’s and I used the Hyper-V MMC to upgrade the integration components and reboots.  VMM 2008 did a refresh and suddenly the VM’s had the “unsupported cluster configuration” status.  I got a brief warning about unclustered storage.  The LUN’s being used for the VHD’s were fine.  I did a quick search and the result made perfect sense.  The integration components ISO was still mounted on the host.  Moving the VM from one host to another would break that because the ISO is on the host, not on the LUN.  VMM picked up on that.  I unmounted the ISO and all was well again after a repair-ignore job.

If you are still running Windows Server or Workstation 2000 then put July 13th, 2010 in your calendar.  That is the last day that Microsoft will be doing security fixes for that operating system.  Not a big deal you think?  Go do some searching to see how many NT4 users wet their pants over the lack of security fixes for various things like Conficker recently.  It’s not MS’s fault: every software company draws the line over support after a certain amount of time.  Anyway, 10 years is a long time to support something.

Other important ones include end of life for ConfigMgr 2007 RTM (pre service pack) on July 14th 2009 and SQL 2005 SP2 on January 12th, 2010.

Today is the day for my MVP renewal or not.  I checked the MVP profile site and my profile was changed to a new expertise.  I guess that means I’m renewed for another year.  I’ve not gotten the official email yet so I’m probably jumping the gun.  But ….

Yeehaw!

I guess I should change the VMware T-Shirt I have on :-)  I'll have to stop at the off-license and pick up some expensive beer like I did last year to celebrate.  Hopefully that'll be a new tradition.

Thanks to Dave, Will and Enda in MS Ireland who gave me the opportunities to do some stuff and helped many times along the last year.  And thanks also to the places where I was allowed to speak and to the people who put up with me overruning my allocated time to listen.  There's also been some people in the MS virtualisation teams and PSS who've answered questions along the way so thanks to you folks too.  My employers, C Infinity gave me a great big lab to play on and most of what I write about I learn at work. And especially to anyone who is actually reading this blog, feeding me with information sources and posting comments, especially Tim and Anthony.

EDIT #1:

The official email came in at 15:12 this afternoon.  The beer is cooling in the fridge.  Can't go too mad before 8: I'm some VM reconfigurations scheduled for then.  Should only take 5 minutes.

I met an IT manager recently and had an interesting conversation with him.  He’s in an organisation/line of business where the IT budget would be generous and costs would be lower when compared to private business.

We discussed various things.  He talked about one particular problem he has and how he’s going out to tender for a fix.  He’s using an older MS product (1 generation behind) and he needs to make it site fault tolerant.  Certainly he could ease those issues by going to the current generation of the product and the next generation (probably 6 months away) will definitely fix the issue.  If he goes ahead with his tender plans he’ll probably have to spend €3,000 to €7,000 per server in his architecture!  It’d probably be cheaper to upgrade the product.  I suggested he have a look into doing this.  I didn’t care either way – we don’t sell licenses and we’re not a consulting company.  He then went on a bit of a rant about never using the current generation of Microsoft products.  His policy is to always stay 1 generation behind the current release.

I know someone else in his line of work about 1 hour down the road.  He works in a very similar organisation.  But their attitude contrasts very much.  They’ve embraced the latest stuff from Microsoft (and probably from others).  They aren’t doing this because their Microsoft-philes or they’ve bought into the marketing.  They do it to take advantage of new solutions, fault tolerance and flexibility.  They’ve studied the products and made an informed decision.  This is bringing their costs down substantially, increasing their automation and probably making their service better to the “business”.  I bet the staff also are enjoying the job more too.

I think we’ve all encountered organisations like this where someone there has heard of a friend of a friend, that knows someone that met a person that bumped in a guy in the pub who had a new Microsoft product that “brought the business down”.  I can’t say I’ve had that experience myself.  But those networks with that attitude tended to be a mess.  I can think of one company I did some work in that had that attitude.  I left there scared to do anything major in case it all came down around me.  I left … and it all came down.  I met a senior manager from there not so long ago and he admitted I was right all along.

In the first organisation above I know they had a disaster.  With some forward thinking they could have avoided it.  I don’t want to get into specifics here because it’ll become clear to many who I’m talking about.  The point is, being more open minded towards technologies and methodologies will allow you to avoid these issues and keep costs down.  Shouting “boo” at the sunrise and making declarations of “witchcraft” won’t stop the sun from rising.

Maybe this is something like IT security?  You can only do so much to the iron to secure things.  In the end you have to look at the meat sitting between the chair and the monitor?

I’ve been using HP servers and storage most of the time since 2003.  I’ve experience their support via two channels: via partners maintenance contracts and direct support contracts.  Has it always been perfect?  No, but I’ve gotten things sorted.  Typically, the issue is resolved within 4 hours which is perfect.  What I love about HP hardware is how easy it is to manage.  If you use their setup DVD, you can install your OS with all the HP management software and agents.  This lets you configure every aspect of the hardware (with no sacrifices to the gods or black magic required) and the SIM agent will detect any hardware fault.  You can use HP’s free software, their paid software or even their management pack for MOM 2005/OpsMgr 2007 to get alerts.  Heck, the agent can be configured to directly send SMTP alerts.  Each server has a HTTPS based service running on TCP 2381 to allow you to inspect the exact hardware issue, part number and serial number.  The HP event log also shows you a clear explanation of what’s happened.

At work, we have 6 IBM X servers and 5 IBM DAS storage units.  They were bought before I joined the company and installed by IBM and one of their Irish preferred partners (think of a shape to guess the name – no it isn’t a rhombus).  The first thing I did was inspect the installation.  I wasn’t familiar with IBM hardware or systems management so I didn’t know fully what to look for or expect.

Aside from the 13 configuration issues I found on this 6 server installation, e.g. the single domain controller on a mission critical service configured to use an external ISP’s DNS servers as it’s primary DNS server, I noticed I had no way of locally inspecting the health of the IBM hardware.  I had no way of configuring disk.  BTW, we spent endless hours fixing those 13 issues and I added Active Directory fault tolerance.

We use OpsMgr 2007 for health and performance monitoring.  HP offers a management pack to integrate with the SIM agent on Proliant servers.  IBM claimed to offer a management pack for IBM Director agents.  I searched high and low for it.  A friend in Holland was also doing the same for a site he was in.  Neither of us could find it.  Every link on the IBM site was dead.  I contacted a sales guy in Ireland.  He sent me a link.  It turns out IBM published it on their Intranet but not on the Internet.  The link wouldn’t work.  Eventually we got the MP after many emails.

One year ago we had a failed disk in one of the IBM DAS storage units.  No worry; we had a support contract with IBM.  Or I thought there should be no worry.  I logged the call.  After 1 week of stress, getting our directors involved and screaming at local IBM sales people, did we get our replacement disk.  Here’s the really worrying bit.  The IBM director agent on the server connect to the DAS box did not pick up the failure.  I discovered the failure when we rebooted the server and it hung on the POST to say there was an issue.

I the meantime we bought HP blades and a SAN.  We had some memory board failures, etc.  Each time, I got an alert from the SIM agent via OpsMgr 2007.  We logged calls with HP via their portal and memory boards were replaced within 4 hours.

Back to April of this year.  One of our 5 IBM DAS units went offline.  One of our engineers logged the call.  IBM support wanted DSA logs before they’d progress the call.  Our engineer sent them in.  IBM Support continued to ask for the logs for the following 2 months! In the meantime we had escalated the issue to local IBM staff.  Every single person in IBM refused to send anyone out.  We’d sent in the logs.  We resorted to sending them to local staff members.  After 2 months we finally got an engineer out.  The Megaraid controller firmware had a bug.  I wanted it replaced so it was replaced.  I wanted a complete resolution after 2 months of an outage caused by IBM hardware and “support”.

In the meantime, there was another memory degradation in a HP blade.  An engineer from a reseller was sent out by HP within 3 hours.  There was zero fuss or downtime (Hyper-V cluster).

A few weeks later we started updating firmware on the Megaraid controllers to avoid this issue.  The first one went OK.  The second one failed.  I got a message in POST about foreign configurations.  I had a choice of importing or continuing.  I didn’t know what to do – I’m not an IBM engineer.  I googled but with no joy.  Our storage was not visible on the server.  I called IBM support expecting this to be a 1 minute conversation.  Instead I was on the phone for 2 hours.  The support engineer barely spoke English.  He decided to have me go through a maze of POST configuration tools.  It was clear by the delays in his instructions that he didn’t know the solution; he was searching for answers on an Intranet portal.  I asked 3 times if he knew what he was doing.  “Yes” was the answer.  After the 3rd time I demanded to speak to his team leader.  More excuses followed with him.  If you know me, you can imagine what my temperament was like at this point.  I actually got the guy flustered enough to get him to admit that no one on his team knew how to resolve this issue on the DAS unit.  Stunning!  I demanded an on-site engineer and one came out later that day.  He pressed 1 button to import the foreign configurations in the POST and the issue was resolved.  That’s all I wanted from the support desk …. do I press that button or not?

IBM said they’d come out to upgrade the rest of the firmwares to make up for our experience.  Fair enough. They did that within a few days.  During the process a disk failed in one of the DAS units.  Then I saw how my experience differed from theirs.  They logged a call and a disk was out in a day.

A week later (last week) I was in the data centre to do some network engineering.  I checked on the rack with the IBM gear.  Uh-oh.  Another disk failure in a DAS unit and another DAS chassis had an alert light.  IBM Director picked up neither issue.  I logged 2 calls; one for each issue.  That was Thursday.  A few hours later the IBM support desk called me.  A replacement for the failed disk was not in stock in Ireland.  We’d get a replacement 2 days later once it was shipped from Holland.  What!!!!  Our MD wasn’t happy.  The MD went straight to IBM and complained.  Suddenly the disk was going to be replaced the following morning.  It seems to me that IBM was just delaying in some way to reduce shipment costs.

As for the alerting DAS chassis?  It’s now the following Wednesday and IBM still hasn’t followed up.  I sent in the DSA logs 17 minutes after IBM asked for them last Thursday.  They started this rubbish about saying they hadn’t gotten them.  Ah but boys, didn’t you see that I CC’d another of our engineers, our MD, and 3 people in IBM Ireland.  I aint accepting the BS you’re using to delay action.  According to an email from IBM, I should have used an FTP site to upload the logs as my first choice.  I tried.  Without logging in I had no access to the folder in question.  I was given no credentials.  So then I tried anonymous with my email address as my password (thank God for green screen education in college).  I navigated to the folder but was refused permission to upload.  The delaying rubbish about the logs continued up to Monday.  Then an engineer called to ask for the logs.  I exploded over the phone.  I got onto his team leader (the same guy as before) and suggested that maybe the lot of them should be fired and that Lotus Notes was a pile of steaming ****.  I wasn’t sending in logs again.  It was done once and I told him he could get it from one of the 3 IBM people in Ireland that I’d CC’d.  That went down well :-)

30 minutes later the field service manager for IBM Ireland called me.  More of the same.  I really don’t care.  “Would I go to a meeting to learn more about IBM?”.  Why the f**k would I want to do that?  I have no time for that BS.  I don’t tolerate sales people; I don’t take their calls because I have no time for crap.  JUST FIX THE DAMNED DAS BOX!  He promised to forward the DSA logs to the support desk.  That was 2 days ago.  Nothing has happened since.

Oh sorry it has, that manager has tried to go above my head to our MD to get us out to talk about IBM.  Oh you sad bugger.  That was the wrong move.  In fact, that pushed me over the edge.  Trying to outmanoeuvre me while still not sending anyone out to fix the DAS unit is the sort of BS I don’t accept from anyone.

So here’s how I compare HP and IBM:

We’re changing the IP address range on the firewalls so we’re adding in the new NAT rules in addition to the old ones for a smooth transition. 

We started with a web server.  The site uses DotNetNuke.  We tested the new IP and the server wouldn’t load the page on clients.  Luckily we’d kept the old IP and could confirm the site was OK on that.  I ran Network Monitor 3.3 on the server (NetMon part of my standard server installation package) and on my client to check things out.  Our network engineer started looking at router and firewall traces.  I could see traffic coming into TCP 80 but the conversation was short.  On the client end I could see the same.  I compared with a working conversation on the old IP address and saw that there was a different HTTP status code at the start.  The failing server was giving me a 302.  In fact, my client was loading localhost instead of the site on the new IP address; that was the 302 code redirect.

I swapped in a default IIS7 site and tested.  It worked perfectly.  The site bindings were the default norms on the hosted site so it wasn’t that.

I decided to google (I cannot bring my self to say I binged or bonged something, Microsoft) for DotNetNuke redirecting to localhost.  Badda-bing!  It appears DotNetNuke has it’s own site binding configuration in a SQL table called PortAlias.  I added in a row and added in the new IP address to test.  That worked perfectly.

I now need to have a long shower after doing developer work ;-)

AppLocker is a feature available to administrators of Windows 7 Ultimate and Enterprise (Software Assurance) editions only.  It allows administrators to use group policy to define what applications can be run on Ultimate and Enterprise computers.  Obviously these policies won’t work on Vista or the other editions of Windows 7, e.g. Business.

Microsoft has released some technical documentation on the feature:

“The AppLocker Technical Documentation for Windows 7 and Windows Server 2008 R2 provides technical guidance about understanding how AppLocker works and how to effectively plan and deploy AppLocker policies.

AppLocker in Microsoft Windows Server 2008 R2, Windows 7 Ultimate, and Windows 7 Enterprise helps administrators control which applications are allowed to run in their organizations. These documents provide technical guidance about understanding how AppLocker works and how to effectively plan and deploy AppLocker policies”.

MS Ireland is opening the new data centre in Dublin tomorrow (July 1st 2009).  It’s down the Nangor Road, near the Air Corps base, and across from the Grange Castle golf course.  Why there?  That’s the most connected road in Ireland, thanks mainly to the presence of DataElectronics (DEG).  DEG is an Irish colo hosting facility and just so happens to be the one we use at work.

This data centre will host MS internal service but also the hosted services.  Being American, it’s subject to the Patriot Act so companies worried about the European/Irish data protection directive might not be able to consider those services.  Otherwise, there’s some seriously cool offerings for small, medium and large businesses.

Grangecastle is “is the first “mega-data center” Microsoft has built outside the U.S. The 303,000 square foot first phase of the building will be supported by 5.4 megawatts of electricity and have a Power Usage Effectiveness (PUE) rating of 1.25, the company said. The $500 million project will eventually include about 550,000 square feet of space”.  This data centre will run “hot”, i.e. not at the usual 19C or 21C but at 30C.  This saves a fortune on air conditioning power consumption and is fully supported by HP, MS’s (and mine) preferred supplier of servers and storage.

A Chicago data centre will also be opening.  This is the first of MS’s next generation data centres based on a fault tolerant, scalable, economic and power efficient container model.  Each module is a pre-build container that is dropped into place and connected to a permanent corridor.

EDIT#1:

PS Microsoft, I'll be just around the corner if you feel like giving me a tour tomorrow ;-)

I’ve just been doing some P2V work when I encountered the below warning for the first time.  I had just run a system scan:

“There is already an SSL certificate associated with port 443 on machine MachineToP2v.yourdomain.com.

Ensure that no application on machine MachineToP2v.yourdomain.com listens for HTTP traffic on TCP port 443 during the conversion. Alternatively use registry key HKLM\Software\Microsoft\Microsoft System Center Virtual Machine Manager Server\Settings\P2VBITSTcpPort on the VMM server to change the P2V transfer port number and add the necessary firewall rule for TCP port 443 on machine MachineToP2v.yourdomain.com.

ID: 13252”

The physical server I am going to convert to virtual (P2V) is running an IIS site on TCP 443 or SSL.  This would interfere with the P2V conversion because it runs on 443 by default.

The solution was simple:

• Identify an alternative port that you figure is free on your entire network, e.g. I picked 30666.
• Ensure that there are no communication problems between the physical machine and the VMM 2008 server on your alternative port.  Check physical and Windows firewalls.
• Add a REG_DWORD called “P2VBITSTcpPort” to “HKLM\Software\Microsoft\Microsoft System Center Virtual Machine Manager Server\Settings”.  Set the decimal value to your alternative port number.
• Restart the Virtual Machine Manager Service on the VMM 2008 server.
• Start the P2V all over.

That worked fine for me.

Clive Watson posted on his blog about the performance increase SLAT can give to Remote Desktop Services (the renamed and expanded Terminal Services) on Hyper-V running on Windows Server 2008 R2.

SLAT (Second-Level Address Translation) is available on the newest processors from Intel (EPT feature) and AMD (RVI feature) offer this functionality, e.g. Nehalem.  It optimises memory management on Hyper-V, i.e. it offloads the mapping of physical to virtual memory to the CPU so that the parent partition is not involved.  That reduces RAM overhead on heavily loaded hosts.

According to a quote that Clive posted for RDS virtual machines running on Hyper-V 2008 R2: “SLAT enabled processors increased the number of sessions by a factor of 1.6x to 2.5x compared to non-SLAT processors”.  That’s a significant workload improvement.

I’ve been looking at pricing for new HP servers and components.  At least when it comes to shelf prices the G6 chassis is more expensive but their processors are much cheaper than G5 ones.

Johan Arwidmark, another Minasi forum poster, has posted about the latest beta (2) build of the MDT 2010 (Microsoft Deployment Toolkit).  It is available now to download on Connect.  MDT is the free toolkit from MS that you can use to optimise your Windows 7 and Windows Server 2008 R2 deployments.  Johan, a deployment MVP, is one of the gurus on this stuff and a regular source of answers on the trickier side of deployment; I think he has some training media coming out soon so watch out for that.

There’s a new SKU in the July price list for SPLA (Service Providers Leasing Agreement – AKA hosting licensing) called DataCenter Per Processor Outsourcer.

One of the perks for retail/volume licensing (non-hosted) was that you could by DataCenter edition for each of your hosts physical processors.  That gives you unlimited free Windows Server licensing for VM’s running on that host.  That’s a major money saver on hosts with lots of VM’s.

In SPLA up to now, we only had a SKU for anonymous DataCenter.  This only allows anonymous free licensing for VM’s.  Anonymous means that Windows can play no role in authenticating the users, e.g. SharePoint, Exchange, Active Directory, etc.  You cannot run authenticated (those where Windows plays a role in user authentication) licenses on VM’s on this host, even if you pay for them!  This meant that you either:

• Ran 2 Hyper-V clusters: 1 using Enterprise for authenticated and one running DataCenter for anonymous in larger installations.  This doubled your hardware costs.
• Or just run 1 Hyper-V cluster: running Enterprise where you didn’t get the benefits for anonymous licensing.  This put smaller companies at a pricing disadvantage to larger companies.  It was also pretty expensive compared to the new model.

The new Outsourcer SKU’s replace the authenticated licensing model.  It also adds DataCenter to the list, fixing a major flaw with SPLA licensing for hosting companies using Hyper-V for virtualisation.  There is also a new 3 year license which saves a bit of money over the per month model.

EDIT #1:

Our SPLA LAR called me up to ask a technical question.  Then he warned me not to go making plans on the Outsourcer SKU.  He's seen an issue in the text that MS needs to rectify immediately before the July price list takes effect.  Hopefully it will be sorted out soon.

Virtual Boy posted about some free training that’s going for Hyper-V:

“Microsoft is offering some free Hyper-V training. You will need to enter a specific access code 9350-Y2W6-3676 and sign in with your Live ID.  The course “Collection 6319 - Configuring Hyper-V in Windows Server 2008” includes the following modules:

1. An overview of the Hyper-V technology
2. Creating a virtual environment
3. Deploying systems in a virtual environment
4. Configuring high availability in a virtual environment
5. Administering a virtual environment with SCVMM”

You can sign up here.