I’m happy enough now with our W2008 R2 Hyper-V cluster that I’m putting it into production tomorrow night.  We’ll be migrating some of our production machines from the old W2008 cluster to the new cluster.  Today I deployed OpsMgr agents onto the hosts and did some more testing.

OpsMgr and VMM don’t synchronise their maintenance modes.  I submitted feedback suggesting that this would be good.  I also noticed that even if both System Center products had a node in maintenance mode, the VMM management pack would alert when that node rebooted.  Ouch.  That’s a bit painful.  I also submitted feedback on that.

So far, I haven’t had any problems with CSV or Live Migration.  Everything has worked fine.  One tip I’ve picked up on is to set a static MAC on Linux guests.  SUSE 10 SP2 binds the IP configuration to the MAC address and a change due to any sort of VMM/Hyper-V migration can screw it up – I’ve seen this with an export/import.

So 11PM tomorrow, the first production machine moves over, followed by the second at midnight.  Hopefully there won’t be any calls on Saturday morning!

Last year I blogged about this.  I had difficulties getting this working so I fired a question to MS on the subject.  For any MS person reading, the case number was case#SRX081210600013.  The PSS engineer said this was not possible.  I would have to continue the time and space consuming process of copying the ISO files over.  That sucked.

I’d since read on one of the MS blogs that sharing an ISO or DVD image over the network from Virtual Machine Manager was actually possible.  The required configuration was blogged by Jose Barreto.  What you need to do is edit the properties of the AD computer account object of every Hyper-V server managed by VMM.  Edit the delegation and configure constrained delegation.  Add the names of the VMM library server(s) and add them with the CIFS (file sharing) protocol.  To be save I did a reboot of the hosts (live migration rocks!).

I finally had an opportunity to deploy this configuration.  I tested and I was then able to share an ISO over the network.

You’ll note that Jose didn’t actually do this for VMM.  His example was where he was using the Hyper-V console to access file server resources, e.g. VHD (not supported in production) or ISO’s.

EDIT #1

Make sure that either the computer account of the Hyper-V host or EVERYONE has at least read access to the library share(s).

Ben Armstrong has posted an article on this subject.  There is a complicated TechNet method and there is a simpler tool you can use.  Running Windows Server from USB is completely unsupported.  This is intended only for Hyper-V Server 2008 R2.  If using portable USB then beware that you really shouldn’t go from machine to machine with this – it isn’t supported and it messes up virtual switches. 

I’ve previously talked about the process of going from a W2008 to a W2008 R2 Hyper-V cluster.  Today, I’ve tested the process out from end to end.  I set up a VM on the W2008 cluster and made sure the integration components were updated by VMM 2008 R2.  I then went through this process:

• I shut down the VM in VMM 2008 R2.
• I used a network migration to move the VM from the old cluster to the CSV in the new cluster.
• The job exported the VM configuration, used BITS to transfer the files and imported the VM configuration.  It wrapped up the job by updating the IC’s and starting the VM.
• I logged into the VM and tested everything.  All was good.

I then did some more testing to complete things:

• I RDP’d into the VM and fired up a ping –t to the default gateway.  I started using IE to surf the net in the VM.
• I initiated a live migration from one host to another.
• I put a host into maintenance mode to move the VM (and another) back to the original host.
• I re-ran live migration.

Ping stayed up and running the entire time.  RDP never timed out.  I never saw an issue while surfing the net using IE.  That a 100% pass on the tests.  I think I’m feeling good about pushing this into production.  I think I’ll deploy the OpsMgr agents first and then do some more tests.

Working in the server hosting business I’m used to “VPS” terms like over commit, burstable, etc.  What they mean is that although your virtual machine is granted 4GB RAM (for example) it only ever is given whatever it is using.  The idea is that the server hoster might have 29GB RAM available for VM’s but could possibly sell 40GB on that host machine.  You could see how this would be attractive to anyone.  Let’s face it, we tend to spec servers based on peak requirements, not average ones.  A web server might have 2GB RAM but it probably only uses 1GB of that 95% of the time.  Wouldn’t this be appealing in testing labs, development farms and enterprise virtualisation deployments?  But what happens if the VM with 4GB of RAM can’t burst to 4GB when it needs it?  What if either too many VM’s are bursting at once or what if the hosting company abuses over commitment?  The best case scenario is that the host machine starts to page like crazy.  The worst case scenarios is that VM’s start to blue screen when the RAM the believe to be available cannot be accessed.  At work, our virtualisation solution (Hyper-V) doesn’t have this and even if it did, I’d be very conservative about using it.

That’s why I read this article with interest.  Let me preface this by saying that I’ve found this blogger, in my opinion (i.e. not fact), to have a slanted viewpoint.

The blogger talks about the Burton Group and how they compare/measure virtualisation solutions for the enterprise.  They have 27 requirements and a number of preferred standards.  Yes, they measure VMware above Hyper-V.  Fair enough.  I’d agree that VMware have been in this market longer and have a more mature solution.  It might not be the right solution for me right now, but it is around longer and had more time to develop.  VMware do have more features.  For example, VMware has memory over commitment of sorts.  Hyper-V does not.  MS did try to add it into W2008 R2 but had to pull it very late (pre beta) for whatever reason.  I suspect they didn’t feel they had time to get it perfect before the release date.  Instead of releasing a nearly perfect solution they waited to ensure something critical like this would be right.

One of the really cool things VMware does is their power management by putting idle hosts to sleep after using VMotion.  It’s like Core Parking across host servers.

The blogger says that one of the preferred features, Memory Over Commitment, should be a requirement.  Oh really?  Let’s just analyse this for a second.  Would it save companies money?  Absolutely.  With server costs exploding in the last 12 months the less we have to buy of them, the better.  Is memory over commitment supported in production?  Oh – no it isn’t, at least not by VMware.  I guess that puts a dampener on that.

Would I like to see memory over commitment supported in production?  Yes.  I’d love it.  But it isn’t right now so I guess it shouldn’t be a requirement for any measure of virtualisation suitability for the enterprise.

I’ve added a second node to our Hyper-V cluster.  The servers are HP BL460 G5 blades.  The setup was simple:

• Install Windows Server 2008 R2
• Install HP’s MPIO 4.0
• Install the HP PSP 8.30
• Set up the NIC’s
• Set up the computer name and computer domain membership
• Enable Hyper-V role
• Install the 2 fixes I’ve blogged about before for W2008 R2 and Hyper-V
• Enable Failover Clustering feature
• Set up/add to the cluster
• Add the cluster to VMM 2008 R2
• Configure the virtual networks for the hosts in VMM on one node – which replicates to the other nodes in the cluster via a job

I deployed a test VM to the cluster and ensure the IC’s were up to date.  I set up the IP configuration of the VM for the VLAN that it was located in.  I then set up a continuous ping from the VM to its default gateway (a Cisco ASA firewall cluster) and initiated a live migration.  As expected, the console window terminated as the VM left node 1 and moved to node 2.  Problem!  My ping failed.

Not with Live Migration, though.  It worked perfectly.  When I set up the virtual networks on node 1 in VMM, VMM set them up as Internal networks on the other node.  Doh!  I changed the virtual networks to External and reran the tests.  Perfect!  I set a node into maintenance mode – the VM live migrated.  Not a single ping was dropped.  Perfect!

OK … it is a single node cluster :-)  But it is running!  Live Migration is great and all but to be honest, the 2 things I want out of Windows Server 2008 R2 Hyper-V are Core Parking (to reduce our power bill) and Cluster Shared Volume.  I really, really hated having to do per-LUN deployment of VM’s on the cluster.  They stressed me out when it came to alterations or deletions.  Luckily, I’d settled on a consistent naming standard for every component in the W2008 cluster.  But still, one oversight and bang – a production VM goes off the air.  With CSV, you deploy your storage once and add to it as required later.  Love that!

Setting up CSV was easy.  I set up a LUN in the SAN management console.  I linked this to the cluster node(s).  I initialised it and brought it online with the GPT disk partition system.  This is optimised for LUN’s over 2TB in size.  Our CSV will keep on growing so 2TB will be nothing.  I did a quick format and labelled the disk as CSV1.  I did not add a letter to the drive because there was no point.

Next I added the storage to the cluster.  I renamed it as CSV1.  I enabled CSV in the cluster (select the cluster, centre pane, it’s a hyperlink in there).  The MMC refreshed and now I had a Cluster Shared Volume item in the navigation pane on the left.  I selected this and added storage: I selected the disk I’d just added to the cluster.  Badda bing, a CSV was created! 

The disk is now mounted as C:\ClusterStorage\Volume1\.  Additional CSV’s would be Volume2, Volume3, etc.

Now, I can add VM’s into the CSV.  Note that any VM that was on the disk before being converted to CSV will be “corrupted", i.e. their storage location will have changed so Hyper-V no longer knows where they are.  Make sure there are no VM’s created on the disk before you convert it to a CSV.

I’ve also added 2 patches for W2008 R2 that I’ve blogged about recently.  1 is related to Nehelem processors and the other is related to power management, i.e. Core Parking.

That’s it!  Next I need to build node 2 and add it to the cluster.  Then I get to try out Live Migration!

How do you migrate from a Windows Server 2008 Hyper-V cluster to Windows Server 2008 R2?  The process is that you build a new cluster and migrate the VM’s over.  If you have a tight budget you will be evicting a cluster node from the W2008 cluster, rebuilding it with W2008 R2 and then setting up a new cluster.  OK, not perfect, but at least you get a clean new cluster. 

You then migrate the VM’s over from the old cluster to the new one.  Because you do not have W2008 R2 on the old cluster you cannot use Storage Quick Migration.  This means shutting down each VM in a maintenance window, exporting it and importing it in the new cluster.  That’s quite manual.  If you have VMM 2008 R2 you could use a cold migration.  Here, you shut down the VM and use VMM to migrate the files.  It does all the export/import and does the file transfer using BITS. 

As you clear out the VM’s from each W2008 node, you evict it from the old cluster, rebuild it with W2008 R2 and add it to the new cluster.

Problem!  What if you can only free up one machine for the new W2008 R2 cluster?  OK, you can build up a one node cluster.  Windows Server has no issue with that.  Neither does Hyper-V.  Obviously you have no server fault tolerance until you add a second node.  But you’ll do that once you free up a host in the old cluster.

Unfortunately though, VMM 2008 R2 does have a problem with one node clusters.  I’ve set one up and this is what happens when I added the cluster to the console.  The node cannot be refreshed and cannot be used by VMM:

“Warning (13926)
Host cluster <cluster FQDN> was not fully refreshed because not all of the nodes could be contacted. Highly available storage and virtual network information reported for this cluster might be inaccurate. 

Recommended Action
Ensure that all the nodes are online and do not have Not Responding status in Virtual Machine Manager. Then refresh the host cluster again.”

I’m not the only person to experience this.  Another virtual machine MVP has posted in Connect (I added a note) discussing the issue.  It does appear to be a logic bug in VMM 2008 R2, preventing us from using VMM 2008 R2 as part of the initial migration.  It looks like we’ll have to use the Hyper-V console until we can free up a second node from the old W2008 cluster and add it into the new cluster.  Of course, you then face a scenario where VMM cannot manage the last remaining node in the W2008 cluster and you’ll have to use the Hyper-V console to manually move the VM’s to the W2008 R2 cluster.

Ouch.  This is why MS should give me €30K worth of hardware and somewhere to host it :-)  I found a similarly annoying logic bug in VMM 2008 which I got a fix written for (released as part of a rollup back around March/April 2009).

Unless we get a fix then this appears to be the scenario:

• You don’t have unlimited h/w budget:  You will have a single node W2008 R2 cluster at the start of the migration and a single node W2008 cluster at the end of the migration.  You will need to use the Hyper-V console to manually migrate VM’s while you have single node clusters.
• You have unlimited budget and can justify having 2 more host servers at the end of the project than you did at the start: Buy 2 new W2008 R2 host servers and set up your new cluster.  You can use VMM 2008 R2 to cold migrate the VM’s from the W2008 cluster to the W2008 R2 cluster.  At the end you will have 2 vacant W2008 cluster hosts that you will have to find a new use for.

This is a pity.  I hope MS fixes it.  It’s a shame to deprive people of the power of VMM and it’s PowerShell module during these critical stages of a Hyper-V W2008-W2008 R2 migration.

EDIT:

I put out a shout to my fellow MVP’s and got a response pretty quick.  One of them says he’s managing a single node cluster with no issues.  He accomplished this by editing the properties of the cluster in VMM and setting the “Cluster Reserve (Nodes)” to 0.  The effect of this is that you tell VMM that you want zero redundant nodes in the cluster.  It is set to one by default, giving you an N+1 cluster with 1 node for fault tolerance.

I did this and had no joy with the W2008 R2 cluster.  I ended up migrating a node into it later today and re-adding the cluster.  It’s working perfectly.  The setting does appear to work for a single node W2008 cluster that we have up.

Those of you outside of Ireland are probably familiar with a TV show called The Apprentice.  In the USA it featured Donald Trump.  In the UK it featured Alan Sugar.  The idea is that the featured executive is seeking a new employee.  12+ candidates are brought in, split into two teams each week and given a task.  The losing team faces a boardroom where one of them is fired.  Eventually 1 person is left and they get a job with the featured executive’s company.

In Ireland, the star is Bill Cullen.  He’s a self made man who went from selling fruit/veg in Dublin, buying/selling the Renault business in Ireland (and making an absolute fortune in doing so), etc.  It’s fair to say he does OK.  They’re in the second series now.  I think it’s fair to say that Cullen is dealing with vegetables once again in his life based on what we’ve seen in the show so far, with 1 possible exception.  They’re down to 5 candidates now.  This series has been interesting because the tasks have been quite real.  Each week an Irish based company is features and the teams are either trying to invent, market or sell something for those companies.  Off the back of this you see major publicity, e.g. Samsung Jet or The Big Red Book.

Next week … well we got a mail this morning: 

“Watch the Apprentice show on TV3 next Monday, November 23rd at 10pm to see the two teams, Cúchulainn (pr. Ku-Kullen, a mythical Irish warrior) and Platinum, battle it out on a task set by Microsoft.

The team efforts culminate in a gripping boardroom scene with the contestants trying to avoid being fired and remaining in with a chance of securing the job of a lifetime with Bill Cullen.

All will be revealed next week after the show.....

Regards,

Microsoft Small Business Team”

I had heard about this and I know a little bit more but I’m not saying anything.  All I know is I can’t wait to see how the candidates mess this one up.  They’ll be dealing with complex technology that I’m sure will be quite alien to them.  Those in Ireland will also be able to watch this on the TV3 website after the original broadcast.

My time working at the Springboard stand ended this afternoon.  Over 4 days I met with and talked to hundreds of people about the Springboard Series, explaining how it provides a central location to find out more about Windows desktop, have a successful deployment and continue to take advantage of the features and manage the network.

Springboard Champion, Stephen L. Rose, took this photo earlier today of the 4 of us who ran the booth.  Thanks to Stephen and Melissa for selecting us!  That’s me on the left, Miklos (Bolivia), Erdal (New Zealand) and Justin (UK).

Auf Wiedersehen Berlin!

I’ve attended my last session.  Actually I attended my last half session because I walked out at the 30 minute point.  This session was like the vast majority of the content I saw this week.  It was marketing slides presented by sales people.  There were a few exceptions but not enough to make me want to return to TechEd next year. I didn’t come here to Berlin from Ireland to attend sales sessions – I can do that at home.  But at least I didn’t pay €1,500-€2,000 to come here like many others will have done.  I would have been sick to my stomach if that had been the situation for me.

Overall there were maybe 4 technical sessions that I got to.  The keynote was a dreadful omen for the rest of the week.  They opened 2 doors to let over 7,000 people into a room.  The keynote was dreadful marketing drivel and the entire event continued much on that theme, unfortunately.  The coffee docks were limited to the 2 exhibition halls.  The main exhibitor hall became a bottleneck because it was the only route to and from the conference halls.  There wasn’t enough desks, power or seating outside of the halls for people who had to work between sessions.  I found myself sitting on the floor with a near flat battery on more than one occasion.  I know MS has to cut costs but the ticket costs didn’t go down for those who paid to attend.  It was only by Thursday that some coffee docks appeared in building 7 and some additional desks were put into the previously vast empty space in the front of the CommNet room.

On the plus side the swag bag was decent.  It’s an olive green laptop bag which I’ll probably use, unlike the turkeys of Amsterdam 2004 (remember the giant orange U shaped bags stuffed into bins and lying on the outside streets?) or the plastic waste of money from Barcelona 2008 that was a logo fest?  And the wireless network performed admirably under the load of 7000 laptops and twitterers. 

Overall, I felt the event was a disappointment.  Unless there is a marked change in the speakers and content that MS is providing then I have no desire to spend a week being sold to.  I came here to learn and am leaving have learned very little that I couldn’t have gotten from a 2 hour webcast.  I hope this changes but unfortunately there seems to be a trend towards rah-rah Redmond-sugar marketing speakers who we could all do with a little less of.

Speaker: Vipul Shah, Microsoft.

Oh no, another marketing head.  It’s been Need I say Vipul is a senior product manger?  Isn’t everyone in MS a senior product manager?  It also appears to me that the majority of the virtualisation technologies are developed in the MS centre in India rather than Redmond.  We heard in Ireland, recently at the lunch events, about the global around the clock effort to develop Windows.  This is further evidence of that.

Rockstar Mark Russinovich is playing in another room in this slot in a session that I wouldn’t have much time for, i.e. UAC is/isn’t a security feature.  That story has been done to death now.  That means this room is 60% empty.

Production application virtualisation (on server VM’s) has increased maybe by 100% during 2006-2008.  Lots of reasons which we know: deployment/management time, carbon foot print, flexibility, lower costs, DR, etc. 

I walked out on this session after 30 minutes of marketing filled with incorrect statements, e.g. “sure, go ahead an use more than 64 cores in your Hyper-V server and it will be supported”.  Uh uh.  It will not be supported.

I went out last night with some of the MS Ireland folks.  They had one spare ticket to go see the Blue Man Group in Berlin.  I had no idea what to expect.  To be honest I didn’t think I would have too much fun.  As it turns out, I was belly laughing quite a bit during the show.  It was great fun even before it really started.  A trip to a Brauhaus in the Sony Centre followed and I was in bed by 01:00 with a 07:00 rise to get to the conference venue.

Friday’s schedule is not a good one for the IT Pro.  I’m on at the Springboard stand at 11:30 until the show close at 14:45.  That means I get to one session today and there’s nothing on at 09:00 that appeals to me.  That’s a pity.

Speakers: Bill Anderson, Jeff Wettlaufer, Jeffrey Sutherland, Mark Florida

This session is about the successor to Configuration Manager 2007 and not ConfigMgr 2007 R3.  It will be a demo session.

The console is like a new version of the OpsMgr/VMM console.  It almost looks like a web version crossed with MMC.  This breaks up things nicely because the 2007 version is quite cluttered now.  Locations of things have been moved around to make it more natural. 

I can see straight away that advertisements are no longer involved in software distribution.

Collections, DCM and Asset Intelligence are grouped under “Assets and Compliance” and are all renamed.

Delegation appears to have been simplified with a role model.  Currently there are 12 roles in additional to Administrator, e.g. “Application Editor” is a role for a person who creates packages but doesn’t deploy them.  This makes it much simpler than the current system.  You can copy a role and customise it according to your needs.  Security scopes are new.  This can be bound with Security Roles to define who can do what actions to what assets.  The example we see has scopes for geographic regions.

We get a demo where an AD user is added as a application administrator and is granted permissions to Europe and Sales & Marketing scopes.  The console is launched as Bruce.  Now Bruce can only see the parts of the console that he has permission to.  Much better than what we currently have.  Some existing packages are now assigned to a scope that Bruce has rights to by the overall administrator.  In Bruce’s console these applications appear automatically. 

Next up is Compliance Settings (aka DCM).  A baseline is defined for an application.  We can see there is a high rate of non-compliance.  We can be notified automatically that a baseline has a specified non-compliance rate, e.g. if compliance is less than 80%.  An alert is in the Compliance Settings summary.  Depending on the baseline, there might be action links for the alert, e.g. remediate the non-compliant component.

Each major feature will have a similar alerts section in the final product, e.g. if s/w deployment is below a certain level then your application deployment team can react immediately.  You can only see alerts within your scope.  It is also possible to do automatic remediation.  This is a tick box for when there is support for a remediation, e.g. script based, WMI or registry settings.  This means ConfigMgr could fix non-compliant machines with no human action.

We get a demo of Windows registry device compliance.  The registry setting is originally non-compliant but is automatically changed to bring it into a compliant state.

Device (mobile) management will be integrated with normal (PC) management.  You’ll get to them via the same wizard start up points.  We’re shown the configuration of some Compliance Settings for Windows Mobile devices: Device Wipe (5 incorrect login attempts are allowed and 6th will automatically wipe the device), Password  (4 character minimum PIN with idle timeout) and Platform Lockdown (prohibit camera).  This baseline is assigned to all systems.  Non-mobile devices in All Systems will report as compliant because the settings are irrelevant.  That’s good.

A demo: The settings are forced onto a Windows Mobile device.

We now have “Applications”; a generic container.  This contains deployment types.  For example, you can have a mobile device deployment or a Windows deployment for a single application.  ConfigMgr figures out the right one to use.  A Detection Method is defined (e.g. the installer code or a script).  If the s/w is there then it’s not installed.  If it’s not there then it is installed.  Requirements are specified, e.g. memory, disk space.  A new one is user device affinity.  A user’s primary device might be where you install bespoke expensive software, e.g. Visio.  If they temporarily log in else where the s/w won’t be deployed, i.e. not wasting licenses/money.  “Primary Device” can be manual, a result of Asset Intelligence or even user self-defined.

Advertisements are replaced by Deployments.  You can set an Intent, e.g. mandatory, available (puts the app in a catalog) or prohibited (the uninstaller is invoked).  The catalog is a web UI where users can elect to pull down optional software, e.g. Adobe Reader.  The s/w will install automatically for the user.  A Silverlight control on the site will immediately communicate the client on the computer to kick things off quickly.  Application deployment rules are still applied, e.g. if the app is not appropriate for the user/machine then it will not install.  OH HELL SWEET: There is a workflow built into this where software can be set up to require approval.  For example, a user requests Visio but this request must be manually approved.  This is major stuff that every SMS/ConfigMgr customer will love.

Packages and Programs isn’t changing.  However there will be file level single instance storage on the Site Server between packages.

There are now distribution point groups.  You assign software to the DP group and any distribution point in it gets the software.  You can build new DP servers and add them to the group.  They automatically get the software.  Another big improvement for larger architectures. 

… With MDOP, System Center and Virtualisation

Speakers: Jeff Wettlaufer (MS), Jeremy Chapman (MS) and Michael Niehaus (MS)

I briefly considered going instead to the Russinovich session on Windows 7 kernel changes but we noticed that it’s a PDC session, i.e. aimed squarely at developers.  So here I am at a session that will probably focus on MDOP (a product set only available to purchase by desktop software assurance customers).  I’ll probably never use anything from this session but here I am anyway.

Application Compatibility Toolkit

Jeremy Chapman: He seems a bit nervous but shouldn’t be.  It’s a good presentation.

This presentation kicks off with Application Compatibility.  We get a look at the survey and the most demo’d application on Windows 7 yet: StockViewer.  It’s a XP app with loads of problems that you need to shim using AppCompat.  First, Standard User Analyser is used and that fixes some of the bits but not all.  The Compatibility Administrator is shown and it has a huge database of application shims/mitigations to make the apps work on Windows 7/Vista. 

Tip from MS: When shimming an application then shim it’s dependencies.

Tip from MS: create a single SDB shim file for the entire company and include as many application fixes as possible.  That makes it easier to deploy/manage.

Session Virtualisation can be used for some appcompat, e.g. W2008 has WOW32 for 16-bit applications.

MED-V should be used by medium/large organisations who are considering XP Mode.  It provides centralised administration and control, e.g. change control.  You also get policy for interaction between physical and virtual, e.g.  allow copy/paste but not local disk access.

App-V DOES NOT solve appcompat OS issues.  It does solve app to app compatibility issues.  You cannot run legacy IE in App-V.

Windows 7 Deployment

Using W2008 R2 WDS multicast MS went from 17 WDS unicast servers to 1 WDS multicast server and quadrupled their total output to 2100 builds per day.

Michael Niehaus takes over with WAIK and MDT (check out my whitepaper on XP to Win7 deployment).  Now we get a demo.  This is a very demo intensive session.

MDT is light touch, e.g. LiteTouch.VBS.  To get zero touch where the admin deploys from an admin station then you need to use Configuration Manager.  SP2 adds support for ConfigMgr 2007.  MDT is free.  ConfigMgr obviously allows you to automate deployment from 0-100, e.g. report/collection for suitable machines and run a job on them to upgrade/migrate and then get success/failure reports.

Jeff Wettlaufer takes over.

ACT does integrate into ConfigMgr.  V5.5 doesn’t at the moment but there is a fix on the way.  V6.0 will integrate as well.  I wasn’t aware of this integration.

You can use the Windows 7 Upgrade Assessment reports in ConfigMgr.  Obviously you can add s/w and App-V distributions into a ConfigMgr OSD task sequence.  In the future, there will be integration with MED-V similar to the current integration with App-V.  That’s 12-18 months away with V2.0 of MED-V.

Michael Niehaus takes over again.  This time to show how MDT can integrate with ConfigMgr to add additional features.  You can create MDT task sequences in ConfigMgr and create boot images.  Why?  MDT task sequences offer more functionality.  Documentation for this integration is built into MDT in the accelerator docs.

Configuration Manager 2007 R2

Jeff is back with some ConfigMgr R3 roadmap information.

The task sequencer has a new boot media creation process.  You can do a pre-staged media boot image that contains the build, e.g. for road warriors or hardware providers.  Give them the media and they build a machine outside of your network with your image using the media you create in ConfigMgr 2007 R3 – sounds similar to the MDT 2010 solution.

… to Provide VDI, Session, and Application Centralised Publishing

Speaker: Alex Balcanuqall, Senior Product Planner, Microsoft

We’re talking about VDI (Windows desktop virtualisation in the data centre), Terminal Services and application (TermSvcs and App-V) publishing to the end user via a man in the middle broker in W2008 R2.  Hyper-V is used in some of this (VDI).  VMM and SCCM used to manage VDI.

Remote Desktop Services VS Virtual Desktop Infrastructure

• Tech Maturity: RDS Proven, VDI emerging.
• Scalability: RDS gets more users per server.
• Isolation/Security: VDI isolates the user, 1 OS per user and users _can_ run as admin.  Opposite for RDS.
• Remote User Experience: Protocol (RDP in MS) dependent
• User flexibility: User is non-admin in RDS
• Application Compatibility: RDS is a server OS and requires TermScvs compatibility.  VDI is a desktop OS.

RD Virtualisation Host

• Windows Server manages VM’s
• Install the Remote Desktop Virtualisation Host Role services
• Receives commands from the Connection Broker to start VM’s
• Collects information on VM’s and sends to Connection Broker (session information and VM-state (ie. is it running or hibernated)).

User requests VM on client –> Broker determines rights –> Broker initiates VM –> host starts up VM –> Broker redirects RDP session to VM (a direct RDP connection now)

The redirection uses the RDP 5.2 redirect packet so it’s very backwards compatible.

RDP Broker

• Connection Broker: what the client connects to initially
• Publishing service: aggregates VDI VM’s, RDS session servers or published applications
• Redirector: Most common mistake in setup is not setting this up in addition to the connection broker
• Connection broker and redirector can be separate

TS Web Access talk to Centralised Publish Service on TCP 5504

Redirector

It’s a session host in “drain”/dedicated redirector mode.  It forwards RDP sessions to the connection borker and retuns the list of IP addresses received from the broker.  Users never TS into it.

Certificates

Must be done right to keep single sign-on and to have no error popups for users.

You can use a single trusted SSL cert for all components.

Prepare VDI host

• Install Hyper-V
• Install Remote Desktop Virtualisation Host role

Sizing?

It depends:

• applications
• data used
• demand cycle of users
• depends on OS

And thing about CPU and memory requirements.  Only way to know for sure is to do a pilot with real users and real applications in real usage over a period.

Prepare Client OS VM’s

• Supports XP SP3, Vista and Windows 7
• Install the Hyper-V IC’s
• Enable RDP services (GPO)
• Add users to the groups (GPO)
• Enable Remote RPC (TermSvcs GPO)
• Open firewall for RDP and Remote Service Management
• Modify RDP Listener Permissions (manual or script).  This can only be done after a domain join.  Possibly a start up script is the way to go here. 
• There’s a script from MS for this but the URL on the screen is way too long to copy (must never have heard of Tinyurl)

Configure the Connection Broker and Redirector

• Broker: Is the RD Server Role
• Redirector: Is RD session host

When you install Remote Desktop Service Role the server is automatically put in “drain” mode so users cannot log into this server.

Unfortunately, we now get a very confusing and unrehearsed demonstration.  I’m lost.  It appears to me that the presenter is here because he is a manager, not a knowledgeable techie.

I can’t keep up with note taking in this session.  Sorry; it’s all a bit of a mess.

Pooled VDI VM’s

Often people start with this and switch to dedicated per user VM’s.  Problems: when to patch them.  S/W deployment – do you really want to install/stream non-standard s/w to a VM every time a user logs in?  Probably not.

There was some slides on tips’n’tricks and common mistakes.  He rushed through it after spending too much time troubleshooting his demo lab.  Disappointing session.

ARR 2.0 was announced as being released and available to download earlier this week.  It leverages IIS 7.0 and IIS 7.5 to give you a load balancing and content caching solution.  It’s an interesting solution, especially if you start reconsidering how you architect your web farms.  Here’s a listing of the features:

• HTTP based routing decisions built using rules that examine HTTP request information
• Sophisticated load balancing algorithms to determine appropriate servers to service the HTTP requests
• Health monitoring for live traffic and specific URLs to determine the health of servers with a set of configuration parameters provided to calibrate baseline server health
• Client affinity to direct all requests from a client to a specific server by using cookies.
• Host name affinity to streamline administration for Web servers and to create additional business opportunities.
• Management of multiple server farms to enable pilot management and A/B testing scenarios.
• Management and monitoring of all configuration settings and aggregated runtime statistics through IIS Manager interface.
• Support for Failed Request Tracing Rules
• Disk-based caching
• Cache hierarchy management
• Cache proxy node in CDN/ECN environment
• Caching compressed objects
• Browsing cached contents using IIS Manager
• Removing cached contents by matching URL patterns
• Overriding cache-control directives
• Warming up cache mode
• Intelligent byte-range support
• Intelligent live request support
• Caching while serving responses

Although I do a little bit of speaking and writing about Windows deployment, I am nothing compared to gurus like Johan Arwidmark, Michael Niehaus and Rhonda Layfield.  Speaking of Johan, he released a new edition of his deployment CD.  It covers MDT 2010 and Configuration Manager 2007 OSD.  It’s a free download and well worth getting your hands on.  Johan is speaking this week at TechEd Europe 2009.  I’ll miss him unfortunately but if you are here I would recommend you go along.  Based on what I see on the Minasi forum, Johan knows this stuff inside-out.

The Irish delegation had a country party last night somewhere in East Berlin.  I finished up slightly late at the Springboard stand and made my way to my hotel.  I powered up the laptop and found lots of work waiting for me.  Add in me feeling exhausted and I was not up to a party, e.g. after lunch I was walking the halls and totally missed two Dutch friends, Wim and Ton who were calling my name … right in front of me.  I was in a world of my own.  I couldn’t find the energy to go out.  I ended up working until about 21:00 and was quickly asleep after that.

Today is day 4 of TechEd Europe 2009 in Berlin.  I’m back on the Springboard stand in the afternoon so I’ll only be able to go in the morning once again.  It looks like I’m doing a group policy and Windows performance sessions before lunch.  There’s a DirectAccess architecture session on in the afternoon that I will unfortunately miss.  I’d like to learn a bit about that even though it doesn’t really play much a role in my world.

I’ve got the go-ahead to deploy our Windows Server 2008 R2 Hyper-V cluster next week.  The plan is pretty simple.  New hardware is required for expansion.  I’ll be setting that up with Windows Server 2008 R2 instead of 2008.  It will be set up as our new cluster, as is required for the “upgrade” which is really a migration.  I’ll then use VMM to move the VM’s from the old 2008 cluster to the new 2008 R2 cluster.  That won’t be able to take advantage of Quick Storage Migration because the old cluster is still W2008.  It’ll require getting maintenance windows for he affected VM’s, shutting them down and doing a cold migration from the old cluster to the new.  Once that is done I can break up the old cluster, one node at a time as they are made available.  As I get each node I can rebuild it with Windows Server 2008 R2.

Using VMM for the procedure simplifies things.  The job optimises the export/import process and it uses BITS to transfer the files safely.  The job then mounts the VM, adds the integration components and starts up the VM for you if you’ve elected to do that.

We’ve already migrated to W2008 R2 for whatever un-clustered hosts we run.  Once we complete the “upgrade” we’ll be able to use quick storage migration for future operations like this.  We’ll also get better performance (it was already quite good) and lower power consumption.  I’m quite happy so far.  I have one DL380 G5 that is moderately specified and we’ll be getting a 14-1 compression ratio out of it without any sacrifices.  We’re already at 10-1 and only using between 30-45% of CPU resources.  That is quite cool!  When we start going with the G6 series of servers from HP we’ll get even more from each host – all thanks to the power and efficiencies of Windows Server 2008 R2 and Hyper-V.

*OK; where’s my commission?* ;-)