This is my very last blog post on my Live Spaces.  I’ve been thinking about doing this for quite some time.  I’ve now launched a new blog based on WordPress.

http://www.aidanfinn.com

This is my very last blog post on my Live Spaces.  I’ve been thinking about doing this for quite some time.  I’ve now launched a new blog based on WordPress.

What pushed me from Live Spaces to WordPress?  As you might notice, I am a big Microsoft fan.  I try to keep things simple and use their integrated products as much as I can.  However, I got more and more frustrated with Live Spaces as a blog service as time went by.  It hasn’t developed at all since I started using it back in 2006.  During the summer they changed the all-too-basic stat counter so it wouldn’t record RSS statistics.  All the while the amount of spam comment postings was mad.  Lately it’s gotten to be unbearable.  Microsoft’s support wouldn’t respond either via Live or via other avenues so I decided to make a change.  Finally, I wanted a search engine for my blog.  Live doesn’t have that and WordPress does.  I use my blog as my personal notebook and I got tired of using Google to search my Live blog.

All this was made possible by many people:

• Gavin Duncan helped a good bit by answering my questions and trying to figure out things for me.
• The folks on Twitter helped out.
• I wanted to make sure I brought my content over from my old blog.  Given that there are thousands of blog posts I can’t really update all of the URL’s.  Getting the content over was a nightmare.  I used the Live Space Mover to get the content out of Spaces.  MS does their best  to lock you in on Live.  The Python script was installed into a VM along with the prerequisites.  It took a while to get the Live blog configured correctly (mainly the time and date formats) but eventually the export job ran.  Then I had problems importing the content.  The problem appeared to be that my 4.9MB upload was timing out.  So I opened up Wordpad and chopped up the file.  I made sure to keep the header section (not sure if it was required after the first import) in the start of each XML file.  Then I broke up the doc in 5 pieces before an <item> tag and after a </item> tag.

This will be an ongoing learning experience for me.  I’ve got to learn things like SEO, tagging (why the heck is it different to categories!), etc.  I’ve put in a bunch of SEO and associated plug-ins and I’m hoping they do the work for me!  We’ll see.

For now, the Live blog is dead.  I’m going to be bringing the whitepapers over as time goes by.  All live content will be on my new blog at:

http://www.aidanfinn.com

Here’s an update on a previous blog post that I wrote last week.

The issue was that I had built a new one node Hyper-V cluster and VMM could not manage it.  The error was:

“Warning (13926)
Host cluster <cluster FQDN> was not fully refreshed because not all of the nodes could be contacted. Highly available storage and virtual network information reported for this cluster might be inaccurate. 

Recommended Action
Ensure that all the nodes are online and do not have Not Responding status in Virtual Machine Manager. Then refresh the host cluster again”.

I logged a call with Microsoft through IT Pro Momentum and here was the response:

“After confirmed this design with our product team, they told me that this feedback has already been reported to them, it’s really a problem, and they are considering to improve it in the future release of VMM, They are aware of this issue and are actively looking into it further. I’m sorry for the inconvenience brought to you now.

In the current release of VMM, There are also some workarounds you can take to “solve” this issue. One possible workaround that has been identified is to temporarily add a second node to the cluster at which point you are then able to bring it under management by VMM.  While this is neither an ideal or long term solution, it has allowed other customers who have ran into this issue to move forward with their projects. Another workaround that I’ve found that will allow the ‘single node cluster’ scenario to complete is … once the Add Host process completes w/info and has the 13926 warning, change the cluster reserve value from 1 to 0, and then re-cycle the vmmservice.  This should allow the host cluster to be added successfully in the console”.

There you go.  It’s a bit late for me to test but the real world work around appears to be to change the cluster reserve value (cluster properties in VMM) from 1 to 0, and then recycle the VMM Service on the Hyper-V node.  I’d tried the value change without the service restart which didn’t work.  Hopefully this will help someone in the future.

The south west and west of Ireland got pummelled last week and it has been continuing.  We woke up on Friday to stories of how half of Cork was under water.  It wasn’t helped by the ESB who had to open the gates at some of their water reservoirs which sent even more water down to the already at risk Cork city.  We saw photos of submerged streets, cars and businesses.

This was a time when a plan was needed.  Most businesses will have insurance.  That covers the cost of lost stock, buildings and assets.  But what about lost customers and revenue?  No insurance will even come close to that.  Even the smallest of businesses rely on computers now.  They don’t do too well with high levels of water.  I wonder what all those small, medium and large businesses were doing for that situation?

At work, one of the services we provide is secure online backup for operational and DR backup/recovery purposes.  That covers desktops, laptops and servers.  I’m not involved in that side of the business on a day-to-day basis but one of the engineers told me that we’ve already helped out a number of businesses who were hit by the floods.  All they needed were alternative places to restore their data and away they went, keeping their business operational, even if at some limited capacity.  They could maintain relationships with their customers instead of just going completely off the air.

What about those businesses that did the usual, “safe”, “trusted” backup?  No backup is useful for DR if it isn’t stored in a secure and remote location.  Tapes or disk arrays in your computer room that is neck deep in water won’t really do too much for saving the business. 

Ah – but you’ve got a DR plan with live replication?  Superb.  Can I ask a quick question.  Where is it?  Is it on the same flood plain?  Is it in the same power supply region?  Two examples of organisations I’ve dealt with in the last 2 years come to mind.  One was a organisation in Dublin.  They wanted a DR solution where they could replicated all servers from their offices to a DR site or Site B.  We went in as a hosting company offering a solution.  (a) They were unwilling to share technical information, e.g. required specifications, so we couldn’t price anything and (b) they decided they wanted to use their second office as a DR site.  Where was the second office?  It was around the corner on the same flat area and probably in the same power supply region.

Then there was the organisation I met with in Limerick a few months ago.  Their campus is split across the Shannon, the largest river in Ireland.  On the good news front, one side is in the Limerick grid and the other is in the Clare grid.  The bad news?  The river Shannon is reportedly about to burst its banks with the forecasted rain coming into Ireland.  That isn’t going to do this organisation much good considering the campus is literally on the river bank and the region is as flat as a pancake. 

If you are doing DR then take the same approach as you should with tapes.  Place the location as remote as you can afford with a different geographic area/profile.  Make sure it’s on a different power grid and preferably with dedicated substation, diesel generators, etc.

You can do DR on the cheap.  There are service like what our company offers for online backup.  Alternatively, have a look at Microsoft’s Data Protection Manager solution: DPM2DPM4DR.  Here you place DPM in your production site and it backs up to disk.  You then either get dedicated/colo hosting, another thing our company does, and place an identical DPM installation there, maybe also with a tape library.  That hosted DPM installation can backup the data store from the production DPM site, maintaining knowledge of its internals.  Then it can optionally stream to tape for archive.  There’s a cheap DR!

Alternatively, you can spend a fortune on host based replication (DoubleTake, etc), implement cross-site SAN’s (HP LeftHand or Compellent – requiring at least 100MB dedicated links) or do SAN controller based replication (HP EVA, XPS, EMC Clarion – all requiring dark fibre). 

Due to the amount of spam coming from China, I’ve had to disable comments on my blog.  Live Spaces does not require anything more than you are logged into Live to be allowed to comment on a blog.  This leaves it open to bots to post like crazy.  The result has been an ever increasing number of spam comments to sites in Asia, advertising and selling all sorts of crap.  I’ve been spending more and more time trying to clean up this rubbish but now I’ve had enough of it.  I’ve complained to Live, Microsoft, anyone, and nothing has been done.  The solution would be simple: place a “captcha” on the comment site to prevent bots from submitting a comment.  Instead, MS Live is forcing its users to either leave Live or disable the 2-way communication of a blog.

I am researching the possibility of leaving Live Spaces completely.  My main requirement is being able to take my content with me.  Until there’s a solution or I’ve migrated I won’t be able to re-enable 2-way communications on this blog.

Trying to make a decision on which type of disk to use in your Windows Server 2008 R2 Hyper-V deployment?  Have a look at this independent performance study.  The author set up his own lab and did a comparison of the performance of the three types of disk you could use in a production Hyper-V deployment.  He concludes with saying that if you need the very most from the disk then go with a pass through disk.  However, you lose very, very little by going with dynamic VHD’s.

I have moved my blog so please head over to http://www.aidanfinn.com to read more posts like this.

I hate when people talk about disk being cheap.  I want to just smack them.  Disk for laptops and PC’s is cheap.  Disk for fault tolerance server computing is far from cheap.

If you’re running a Hyper-V cluster then you know that you can’t just go out and buy some cheap storage.  You’re looking at shared storage with cluster support.  That means either a Fibre Channel or iSCSI SAN.  And then there’s the disk.  You could go budget and use SATA or worry about performance and go with SAS.  Odds are it will be the latter which provides less storage for a higher price.  Add in fault tolerance and you’ve use more expensive HBA’s, doubled your switch port requirements, etc.

At work we’re using a HP EVA with fibre channel connections via dual port HBA’s and 15K disks.  We had to worry about the ability to scale.  We’re a hosting company so unlike most virtualisation projects we had no end point.  I couldn’t say “we have 20 machines to virtualise”.  As a hosting company, 20 VM’s wouldn’t make much and wouldn’t justify the existence of a company.  We also had to worry about performance.

When we deployed we use Windows Server 2008 Hyper-V.  As you may know, the recommended (and VMM required) way to deploy storage for Hyper-V in a cluster is 1 LUN per VM.  It’s a storage nightmare.  I had to be paranoid about our processes.  LUN’s, volumes, fail over cluster storage definitions and VM’s all had identical names based on a naming standard I’ve been using for years.  But even with all that, I had that nightmare that I’d accidentally wipe a hosted customer’s VM if I deleted the wrong LUN on the SAN or someone wasn’t careful with documentation.

Windows Server 2008 R2 gives us the Cluster Shared Volume (CSV) for Hyper-V.  Note the last bit; CSV is custom written by MS to be only used for Hyper-V.  Instead of creating lots of LUNS in the SAN and managing lots of failover cluster storage definitions and tracking documentation, you simply carve out a single LUN and deploy lots of VM’s onto it.  I’ve deployed a single LUN on our new cluster.  It’s set up as a GPT volume and used as a CSV on our W2008 R2 cluster.  That means we can simply deploy lots of VM’s onto it without worrying.  Deleting VM’s doesn’t bring me to the EVA command view console to worry over accidentally deleting volumes.  I just don’t need to go there anymore unless adding more space to the CSV.  And sure, OpsMgr will let me know when I need to do that!

Another nice perk of the CSV is that self service deployment on a Hyper-V cluster becomes a real world possibility.  Sure, you could have allocated lots of individual LUNS in W2008.  But wouldn’t it be a waste if a person deployed a 50GB VM onto a 200GB LUN?

What about performance?  You shouldn’t suffer at all really.  Our EVA uses a concept where all storage is striped across all disks in a disk group.  RAID is a secondary decision when you create the LUN.  So, when you put lots of VM’s on a single CSV, they’ll all use all physical disks in the CSV.

There’s also another thing you can do.  You can split storage for VM’s across different CSV’s.  Maybe you have RAID1, RAID5 and RAID6 CSV’s.  They all are suited for different kinds of storage, even if it is virtual.  So now your virtualised SQL could have the OS and log files on a RAID1 CSV and the data files on a RAID5 CSV.  You get the most from the physical storage while maintaining disk performance.

In Windows Server 2008, dynamic disks did not meet our requirements for storage because it was too slow.  So we went with fixed disks.  I think our experience is not unique in any regard.  Our customers often don’t know what their storage requirements are going to be.  We advise them to consume only what they need and take more disk later; it’s a quick operation to add space to a VHD.  But even then, physical disk gets wasted.  Consider a Windows Server C drive.  The recommended minimum is 40GB.  Our average consumption is less than 50% of that.  That means 50% of physical disk for the C: drive is wasted.  That means a person with a 40GB C drive who is storing 13GB in the VM is really using 40GB of physical disk, plus whatever to allow for free space and save states.

Windows Server 2008 R2 offers greater performance for dynamic disks.  In fact, they nearly match the performance of fixed size disks.  We’ve made the switch so we can keep costs down.  That means that hypothetical consumer of 13GB of disk is really only consuming slightly more than that.  Over the number of VM’s I’ve observed so far, we could save on 50% of our C: drives.  Data drives are hard to figure.  Early on we definitely save but storage requirements only ever go up.  But we are definitely saving there too.

Oh yes, you can convert from a fixed VHD to a dynamic VHD.  You just need to bring down the VM (why we won’t do this to existing customers) and have space for the new VHD to be created.

So CSV simplifies storage administration.  Especially if you are in an organisation where SAN management is split from server management.  Using Dynamic Disks allows you to consume only the physical disk that you need for the data you’ve stored.  Add in other things like Live Migration, Core Parking, SLAT, improved networking, etc and you might want to do the cost benefit analysis of upgrading from Windows Server 2008 Hyper-V to Windows Server 2008 R2 Hyper-V.  The costs of those licenses could be easily negated by the savings you’ll make on storage costs (literally consume what you use) and reduced administration.

At 11pm GMT last night, we put our new Windows Server 2008 R2 cluster into production.  We use Virtual Machine Manager (VMM) 2008 R2 to migrate the first machines from our W2008 cluster to the W2008 R2 cluster.  We’re a hosting company so we had to do this at times that suited the customers and we had to do some other steps so their “sites” were not unresponsive.

The VMM moves ran pretty well.  One of the machines failed to install the updated IC’s in the job so I reran the IC upgrade by itself.  Once each machine moved over to the new cluster (on the CSV) I tested live migration.  These were all web servers so the tests were simple – RDP into the machines via VPN, run a continuous ping from them to their respective default gateways and refresh websites from a browser while the migration was running.  RDP didn’t have a disconnect or a hitch, ping didn’t miss a packet and none of the IE refreshes failed.  All worked well.

The real test would be what would happen over night.  As usual, the phone stayed close by.  My real dread was seeing my inbox when I would come down in the morning.  Would it be full of alerts from OpsMgr?  We use OpsMgr 2007 R2 to monitor server hardware, virtualisation, operating systems, services, applications and to do some client side perspective monitoring of websites.  One of the migrated customers is a web developer/hoster with a lot of sites.  They’ve identified a decent number of critical sites for client perspective monitoring.  Any problems at all over night and Outlook would be a scary proposition.

I might have only gotten to sleep at 02:00 but I was awake at 07:30.  I came downstairs and powered up my work laptop.  Outlook had … no new mails.  Phew, what a relief!  I was very confident after a rigorous test program but you never know when you make a big change.  I fell good now about completing this migration, hopefully next week.

I’m happy enough now with our W2008 R2 Hyper-V cluster that I’m putting it into production tomorrow night.  We’ll be migrating some of our production machines from the old W2008 cluster to the new cluster.  Today I deployed OpsMgr agents onto the hosts and did some more testing.

OpsMgr and VMM don’t synchronise their maintenance modes.  I submitted feedback suggesting that this would be good.  I also noticed that even if both System Center products had a node in maintenance mode, the VMM management pack would alert when that node rebooted.  Ouch.  That’s a bit painful.  I also submitted feedback on that.

So far, I haven’t had any problems with CSV or Live Migration.  Everything has worked fine.  One tip I’ve picked up on is to set a static MAC on Linux guests.  SUSE 10 SP2 binds the IP configuration to the MAC address and a change due to any sort of VMM/Hyper-V migration can screw it up – I’ve seen this with an export/import.

So 11PM tomorrow, the first production machine moves over, followed by the second at midnight.  Hopefully there won’t be any calls on Saturday morning!

Last year I blogged about this.  I had difficulties getting this working so I fired a question to MS on the subject.  For any MS person reading, the case number was case#SRX081210600013.  The PSS engineer said this was not possible.  I would have to continue the time and space consuming process of copying the ISO files over.  That sucked.

I’d since read on one of the MS blogs that sharing an ISO or DVD image over the network from Virtual Machine Manager was actually possible.  The required configuration was blogged by Jose Barreto.  What you need to do is edit the properties of the AD computer account object of every Hyper-V server managed by VMM.  Edit the delegation and configure constrained delegation.  Add the names of the VMM library server(s) and add them with the CIFS (file sharing) protocol.  To be save I did a reboot of the hosts (live migration rocks!).

I finally had an opportunity to deploy this configuration.  I tested and I was then able to share an ISO over the network.

You’ll note that Jose didn’t actually do this for VMM.  His example was where he was using the Hyper-V console to access file server resources, e.g. VHD (not supported in production) or ISO’s.

EDIT #1

Make sure that either the computer account of the Hyper-V host or EVERYONE has at least read access to the library share(s).

Ben Armstrong has posted an article on this subject.  There is a complicated TechNet method and there is a simpler tool you can use.  Running Windows Server from USB is completely unsupported.  This is intended only for Hyper-V Server 2008 R2.  If using portable USB then beware that you really shouldn’t go from machine to machine with this – it isn’t supported and it messes up virtual switches. 

I’ve previously talked about the process of going from a W2008 to a W2008 R2 Hyper-V cluster.  Today, I’ve tested the process out from end to end.  I set up a VM on the W2008 cluster and made sure the integration components were updated by VMM 2008 R2.  I then went through this process:

• I shut down the VM in VMM 2008 R2.
• I used a network migration to move the VM from the old cluster to the CSV in the new cluster.
• The job exported the VM configuration, used BITS to transfer the files and imported the VM configuration.  It wrapped up the job by updating the IC’s and starting the VM.
• I logged into the VM and tested everything.  All was good.

I then did some more testing to complete things:

• I RDP’d into the VM and fired up a ping –t to the default gateway.  I started using IE to surf the net in the VM.
• I initiated a live migration from one host to another.
• I put a host into maintenance mode to move the VM (and another) back to the original host.
• I re-ran live migration.

Ping stayed up and running the entire time.  RDP never timed out.  I never saw an issue while surfing the net using IE.  That a 100% pass on the tests.  I think I’m feeling good about pushing this into production.  I think I’ll deploy the OpsMgr agents first and then do some more tests.

Working in the server hosting business I’m used to “VPS” terms like over commit, burstable, etc.  What they mean is that although your virtual machine is granted 4GB RAM (for example) it only ever is given whatever it is using.  The idea is that the server hoster might have 29GB RAM available for VM’s but could possibly sell 40GB on that host machine.  You could see how this would be attractive to anyone.  Let’s face it, we tend to spec servers based on peak requirements, not average ones.  A web server might have 2GB RAM but it probably only uses 1GB of that 95% of the time.  Wouldn’t this be appealing in testing labs, development farms and enterprise virtualisation deployments?  But what happens if the VM with 4GB of RAM can’t burst to 4GB when it needs it?  What if either too many VM’s are bursting at once or what if the hosting company abuses over commitment?  The best case scenario is that the host machine starts to page like crazy.  The worst case scenarios is that VM’s start to blue screen when the RAM the believe to be available cannot be accessed.  At work, our virtualisation solution (Hyper-V) doesn’t have this and even if it did, I’d be very conservative about using it.

That’s why I read this article with interest.  Let me preface this by saying that I’ve found this blogger, in my opinion (i.e. not fact), to have a slanted viewpoint.

The blogger talks about the Burton Group and how they compare/measure virtualisation solutions for the enterprise.  They have 27 requirements and a number of preferred standards.  Yes, they measure VMware above Hyper-V.  Fair enough.  I’d agree that VMware have been in this market longer and have a more mature solution.  It might not be the right solution for me right now, but it is around longer and had more time to develop.  VMware do have more features.  For example, VMware has memory over commitment of sorts.  Hyper-V does not.  MS did try to add it into W2008 R2 but had to pull it very late (pre beta) for whatever reason.  I suspect they didn’t feel they had time to get it perfect before the release date.  Instead of releasing a nearly perfect solution they waited to ensure something critical like this would be right.

One of the really cool things VMware does is their power management by putting idle hosts to sleep after using VMotion.  It’s like Core Parking across host servers.

The blogger says that one of the preferred features, Memory Over Commitment, should be a requirement.  Oh really?  Let’s just analyse this for a second.  Would it save companies money?  Absolutely.  With server costs exploding in the last 12 months the less we have to buy of them, the better.  Is memory over commitment supported in production?  Oh – no it isn’t, at least not by VMware.  I guess that puts a dampener on that.

Would I like to see memory over commitment supported in production?  Yes.  I’d love it.  But it isn’t right now so I guess it shouldn’t be a requirement for any measure of virtualisation suitability for the enterprise.

I’ve added a second node to our Hyper-V cluster.  The servers are HP BL460 G5 blades.  The setup was simple:

• Install Windows Server 2008 R2
• Install HP’s MPIO 4.0
• Install the HP PSP 8.30
• Set up the NIC’s
• Set up the computer name and computer domain membership
• Enable Hyper-V role
• Install the 2 fixes I’ve blogged about before for W2008 R2 and Hyper-V
• Enable Failover Clustering feature
• Set up/add to the cluster
• Add the cluster to VMM 2008 R2
• Configure the virtual networks for the hosts in VMM on one node – which replicates to the other nodes in the cluster via a job

I deployed a test VM to the cluster and ensure the IC’s were up to date.  I set up the IP configuration of the VM for the VLAN that it was located in.  I then set up a continuous ping from the VM to its default gateway (a Cisco ASA firewall cluster) and initiated a live migration.  As expected, the console window terminated as the VM left node 1 and moved to node 2.  Problem!  My ping failed.

Not with Live Migration, though.  It worked perfectly.  When I set up the virtual networks on node 1 in VMM, VMM set them up as Internal networks on the other node.  Doh!  I changed the virtual networks to External and reran the tests.  Perfect!  I set a node into maintenance mode – the VM live migrated.  Not a single ping was dropped.  Perfect!

OK … it is a single node cluster :-)  But it is running!  Live Migration is great and all but to be honest, the 2 things I want out of Windows Server 2008 R2 Hyper-V are Core Parking (to reduce our power bill) and Cluster Shared Volume.  I really, really hated having to do per-LUN deployment of VM’s on the cluster.  They stressed me out when it came to alterations or deletions.  Luckily, I’d settled on a consistent naming standard for every component in the W2008 cluster.  But still, one oversight and bang – a production VM goes off the air.  With CSV, you deploy your storage once and add to it as required later.  Love that!

Setting up CSV was easy.  I set up a LUN in the SAN management console.  I linked this to the cluster node(s).  I initialised it and brought it online with the GPT disk partition system.  This is optimised for LUN’s over 2TB in size.  Our CSV will keep on growing so 2TB will be nothing.  I did a quick format and labelled the disk as CSV1.  I did not add a letter to the drive because there was no point.

Next I added the storage to the cluster.  I renamed it as CSV1.  I enabled CSV in the cluster (select the cluster, centre pane, it’s a hyperlink in there).  The MMC refreshed and now I had a Cluster Shared Volume item in the navigation pane on the left.  I selected this and added storage: I selected the disk I’d just added to the cluster.  Badda bing, a CSV was created! 

The disk is now mounted as C:\ClusterStorage\Volume1\.  Additional CSV’s would be Volume2, Volume3, etc.

Now, I can add VM’s into the CSV.  Note that any VM that was on the disk before being converted to CSV will be “corrupted", i.e. their storage location will have changed so Hyper-V no longer knows where they are.  Make sure there are no VM’s created on the disk before you convert it to a CSV.

I’ve also added 2 patches for W2008 R2 that I’ve blogged about recently.  1 is related to Nehelem processors and the other is related to power management, i.e. Core Parking.

That’s it!  Next I need to build node 2 and add it to the cluster.  Then I get to try out Live Migration!

I have an update on this post with a workaround from Microsoft PSS.

How do you migrate from a Windows Server 2008 Hyper-V cluster to Windows Server 2008 R2?  The process is that you build a new cluster and migrate the VM’s over.  If you have a tight budget you will be evicting a cluster node from the W2008 cluster, rebuilding it with W2008 R2 and then setting up a new cluster.  OK, not perfect, but at least you get a clean new cluster. 

You then migrate the VM’s over from the old cluster to the new one.  Because you do not have W2008 R2 on the old cluster you cannot use Storage Quick Migration.  This means shutting down each VM in a maintenance window, exporting it and importing it in the new cluster.  That’s quite manual.  If you have VMM 2008 R2 you could use a cold migration.  Here, you shut down the VM and use VMM to migrate the files.  It does all the export/import and does the file transfer using BITS. 

As you clear out the VM’s from each W2008 node, you evict it from the old cluster, rebuild it with W2008 R2 and add it to the new cluster.

Problem!  What if you can only free up one machine for the new W2008 R2 cluster?  OK, you can build up a one node cluster.  Windows Server has no issue with that.  Neither does Hyper-V.  Obviously you have no server fault tolerance until you add a second node.  But you’ll do that once you free up a host in the old cluster.

Unfortunately though, VMM 2008 R2 does have a problem with one node clusters.  I’ve set one up and this is what happens when I added the cluster to the console.  The node cannot be refreshed and cannot be used by VMM:

“Warning (13926)
Host cluster <cluster FQDN> was not fully refreshed because not all of the nodes could be contacted. Highly available storage and virtual network information reported for this cluster might be inaccurate. 

Recommended Action
Ensure that all the nodes are online and do not have Not Responding status in Virtual Machine Manager. Then refresh the host cluster again.”

I’m not the only person to experience this.  Another virtual machine MVP has posted in Connect (I added a note) discussing the issue.  It does appear to be a logic bug in VMM 2008 R2, preventing us from using VMM 2008 R2 as part of the initial migration.  It looks like we’ll have to use the Hyper-V console until we can free up a second node from the old W2008 cluster and add it into the new cluster.  Of course, you then face a scenario where VMM cannot manage the last remaining node in the W2008 cluster and you’ll have to use the Hyper-V console to manually move the VM’s to the W2008 R2 cluster.

Ouch.  This is why MS should give me €30K worth of hardware and somewhere to host it :-)  I found a similarly annoying logic bug in VMM 2008 which I got a fix written for (released as part of a rollup back around March/April 2009).

Unless we get a fix then this appears to be the scenario:

• You don’t have unlimited h/w budget:  You will have a single node W2008 R2 cluster at the start of the migration and a single node W2008 cluster at the end of the migration.  You will need to use the Hyper-V console to manually migrate VM’s while you have single node clusters.
• You have unlimited budget and can justify having 2 more host servers at the end of the project than you did at the start: Buy 2 new W2008 R2 host servers and set up your new cluster.  You can use VMM 2008 R2 to cold migrate the VM’s from the W2008 cluster to the W2008 R2 cluster.  At the end you will have 2 vacant W2008 cluster hosts that you will have to find a new use for.

This is a pity.  I hope MS fixes it.  It’s a shame to deprive people of the power of VMM and it’s PowerShell module during these critical stages of a Hyper-V W2008-W2008 R2 migration.

EDIT:

I put out a shout to my fellow MVP’s and got a response pretty quick.  One of them says he’s managing a single node cluster with no issues.  He accomplished this by editing the properties of the cluster in VMM and setting the “Cluster Reserve (Nodes)” to 0.  The effect of this is that you tell VMM that you want zero redundant nodes in the cluster.  It is set to one by default, giving you an N+1 cluster with 1 node for fault tolerance.

I did this and had no joy with the W2008 R2 cluster.  I ended up migrating a node into it later today and re-adding the cluster.  It’s working perfectly.  The setting does appear to work for a single node W2008 cluster that we have up.

Those of you outside of Ireland are probably familiar with a TV show called The Apprentice.  In the USA it featured Donald Trump.  In the UK it featured Alan Sugar.  The idea is that the featured executive is seeking a new employee.  12+ candidates are brought in, split into two teams each week and given a task.  The losing team faces a boardroom where one of them is fired.  Eventually 1 person is left and they get a job with the featured executive’s company.

In Ireland, the star is Bill Cullen.  He’s a self made man who went from selling fruit/veg in Dublin, buying/selling the Renault business in Ireland (and making an absolute fortune in doing so), etc.  It’s fair to say he does OK.  They’re in the second series now.  I think it’s fair to say that Cullen is dealing with vegetables once again in his life based on what we’ve seen in the show so far, with 1 possible exception.  They’re down to 5 candidates now.  This series has been interesting because the tasks have been quite real.  Each week an Irish based company is features and the teams are either trying to invent, market or sell something for those companies.  Off the back of this you see major publicity, e.g. Samsung Jet or The Big Red Book.

Next week … well we got a mail this morning: 

“Watch the Apprentice show on TV3 next Monday, November 23rd at 10pm to see the two teams, Cúchulainn (pr. Ku-Kullen, a mythical Irish warrior) and Platinum, battle it out on a task set by Microsoft.

The team efforts culminate in a gripping boardroom scene with the contestants trying to avoid being fired and remaining in with a chance of securing the job of a lifetime with Bill Cullen.

All will be revealed next week after the show.....

Regards,

Microsoft Small Business Team”

I had heard about this and I know a little bit more but I’m not saying anything.  All I know is I can’t wait to see how the candidates mess this one up.  They’ll be dealing with complex technology that I’m sure will be quite alien to them.  Those in Ireland will also be able to watch this on the TV3 website after the original broadcast.

My time working at the Springboard stand ended this afternoon.  Over 4 days I met with and talked to hundreds of people about the Springboard Series, explaining how it provides a central location to find out more about Windows desktop, have a successful deployment and continue to take advantage of the features and manage the network.

Springboard Champion, Stephen L. Rose, took this photo earlier today of the 4 of us who ran the booth.  Thanks to Stephen and Melissa for selecting us!  That’s me on the left, Miklos (Bolivia), Erdal (New Zealand) and Justin (UK).

Auf Wiedersehen Berlin!

I’ve attended my last session.  Actually I attended my last half session because I walked out at the 30 minute point.  This session was like the vast majority of the content I saw this week.  It was marketing slides presented by sales people.  There were a few exceptions but not enough to make me want to return to TechEd next year. I didn’t come here to Berlin from Ireland to attend sales sessions – I can do that at home.  But at least I didn’t pay €1,500-€2,000 to come here like many others will have done.  I would have been sick to my stomach if that had been the situation for me.

Overall there were maybe 4 technical sessions that I got to.  The keynote was a dreadful omen for the rest of the week.  They opened 2 doors to let over 7,000 people into a room.  The keynote was dreadful marketing drivel and the entire event continued much on that theme, unfortunately.  The coffee docks were limited to the 2 exhibition halls.  The main exhibitor hall became a bottleneck because it was the only route to and from the conference halls.  There wasn’t enough desks, power or seating outside of the halls for people who had to work between sessions.  I found myself sitting on the floor with a near flat battery on more than one occasion.  I know MS has to cut costs but the ticket costs didn’t go down for those who paid to attend.  It was only by Thursday that some coffee docks appeared in building 7 and some additional desks were put into the previously vast empty space in the front of the CommNet room.

On the plus side the swag bag was decent.  It’s an olive green laptop bag which I’ll probably use, unlike the turkeys of Amsterdam 2004 (remember the giant orange U shaped bags stuffed into bins and lying on the outside streets?) or the plastic waste of money from Barcelona 2008 that was a logo fest?  And the wireless network performed admirably under the load of 7000 laptops and twitterers. 

Overall, I felt the event was a disappointment.  Unless there is a marked change in the speakers and content that MS is providing then I have no desire to spend a week being sold to.  I came here to learn and am leaving have learned very little that I couldn’t have gotten from a 2 hour webcast.  I hope this changes but unfortunately there seems to be a trend towards rah-rah Redmond-sugar marketing speakers who we could all do with a little less of.

Speaker: Vipul Shah, Microsoft.

Oh no, another marketing head.  It’s been Need I say Vipul is a senior product manger?  Isn’t everyone in MS a senior product manager?  It also appears to me that the majority of the virtualisation technologies are developed in the MS centre in India rather than Redmond.  We heard in Ireland, recently at the lunch events, about the global around the clock effort to develop Windows.  This is further evidence of that.

Rockstar Mark Russinovich is playing in another room in this slot in a session that I wouldn’t have much time for, i.e. UAC is/isn’t a security feature.  That story has been done to death now.  That means this room is 60% empty.

Production application virtualisation (on server VM’s) has increased maybe by 100% during 2006-2008.  Lots of reasons which we know: deployment/management time, carbon foot print, flexibility, lower costs, DR, etc. 

I walked out on this session after 30 minutes of marketing filled with incorrect statements, e.g. “sure, go ahead an use more than 64 cores in your Hyper-V server and it will be supported”.  Uh uh.  It will not be supported.

I went out last night with some of the MS Ireland folks.  They had one spare ticket to go see the Blue Man Group in Berlin.  I had no idea what to expect.  To be honest I didn’t think I would have too much fun.  As it turns out, I was belly laughing quite a bit during the show.  It was great fun even before it really started.  A trip to a Brauhaus in the Sony Centre followed and I was in bed by 01:00 with a 07:00 rise to get to the conference venue.

Friday’s schedule is not a good one for the IT Pro.  I’m on at the Springboard stand at 11:30 until the show close at 14:45.  That means I get to one session today and there’s nothing on at 09:00 that appeals to me.  That’s a pity.

Speakers: Bill Anderson, Jeff Wettlaufer, Jeffrey Sutherland, Mark Florida

This session is about the successor to Configuration Manager 2007 and not ConfigMgr 2007 R3.  It will be a demo session.

The console is like a new version of the OpsMgr/VMM console.  It almost looks like a web version crossed with MMC.  This breaks up things nicely because the 2007 version is quite cluttered now.  Locations of things have been moved around to make it more natural. 

I can see straight away that advertisements are no longer involved in software distribution.

Collections, DCM and Asset Intelligence are grouped under “Assets and Compliance” and are all renamed.

Delegation appears to have been simplified with a role model.  Currently there are 12 roles in additional to Administrator, e.g. “Application Editor” is a role for a person who creates packages but doesn’t deploy them.  This makes it much simpler than the current system.  You can copy a role and customise it according to your needs.  Security scopes are new.  This can be bound with Security Roles to define who can do what actions to what assets.  The example we see has scopes for geographic regions.

We get a demo where an AD user is added as a application administrator and is granted permissions to Europe and Sales & Marketing scopes.  The console is launched as Bruce.  Now Bruce can only see the parts of the console that he has permission to.  Much better than what we currently have.  Some existing packages are now assigned to a scope that Bruce has rights to by the overall administrator.  In Bruce’s console these applications appear automatically. 

Next up is Compliance Settings (aka DCM).  A baseline is defined for an application.  We can see there is a high rate of non-compliance.  We can be notified automatically that a baseline has a specified non-compliance rate, e.g. if compliance is less than 80%.  An alert is in the Compliance Settings summary.  Depending on the baseline, there might be action links for the alert, e.g. remediate the non-compliant component.

Each major feature will have a similar alerts section in the final product, e.g. if s/w deployment is below a certain level then your application deployment team can react immediately.  You can only see alerts within your scope.  It is also possible to do automatic remediation.  This is a tick box for when there is support for a remediation, e.g. script based, WMI or registry settings.  This means ConfigMgr could fix non-compliant machines with no human action.

We get a demo of Windows registry device compliance.  The registry setting is originally non-compliant but is automatically changed to bring it into a compliant state.

Device (mobile) management will be integrated with normal (PC) management.  You’ll get to them via the same wizard start up points.  We’re shown the configuration of some Compliance Settings for Windows Mobile devices: Device Wipe (5 incorrect login attempts are allowed and 6th will automatically wipe the device), Password  (4 character minimum PIN with idle timeout) and Platform Lockdown (prohibit camera).  This baseline is assigned to all systems.  Non-mobile devices in All Systems will report as compliant because the settings are irrelevant.  That’s good.

A demo: The settings are forced onto a Windows Mobile device.

We now have “Applications”; a generic container.  This contains deployment types.  For example, you can have a mobile device deployment or a Windows deployment for a single application.  ConfigMgr figures out the right one to use.  A Detection Method is defined (e.g. the installer code or a script).  If the s/w is there then it’s not installed.  If it’s not there then it is installed.  Requirements are specified, e.g. memory, disk space.  A new one is user device affinity.  A user’s primary device might be where you install bespoke expensive software, e.g. Visio.  If they temporarily log in else where the s/w won’t be deployed, i.e. not wasting licenses/money.  “Primary Device” can be manual, a result of Asset Intelligence or even user self-defined.

Advertisements are replaced by Deployments.  You can set an Intent, e.g. mandatory, available (puts the app in a catalog) or prohibited (the uninstaller is invoked).  The catalog is a web UI where users can elect to pull down optional software, e.g. Adobe Reader.  The s/w will install automatically for the user.  A Silverlight control on the site will immediately communicate the client on the computer to kick things off quickly.  Application deployment rules are still applied, e.g. if the app is not appropriate for the user/machine then it will not install.  OH HELL SWEET: There is a workflow built into this where software can be set up to require approval.  For example, a user requests Visio but this request must be manually approved.  This is major stuff that every SMS/ConfigMgr customer will love.

Packages and Programs isn’t changing.  However there will be file level single instance storage on the Site Server between packages.

There are now distribution point groups.  You assign software to the DP group and any distribution point in it gets the software.  You can build new DP servers and add them to the group.  They automatically get the software.  Another big improvement for larger architectures. 

… With MDOP, System Center and Virtualisation

Speakers: Jeff Wettlaufer (MS), Jeremy Chapman (MS) and Michael Niehaus (MS)

I briefly considered going instead to the Russinovich session on Windows 7 kernel changes but we noticed that it’s a PDC session, i.e. aimed squarely at developers.  So here I am at a session that will probably focus on MDOP (a product set only available to purchase by desktop software assurance customers).  I’ll probably never use anything from this session but here I am anyway.

Application Compatibility Toolkit

Jeremy Chapman: He seems a bit nervous but shouldn’t be.  It’s a good presentation.

This presentation kicks off with Application Compatibility.  We get a look at the survey and the most demo’d application on Windows 7 yet: StockViewer.  It’s a XP app with loads of problems that you need to shim using AppCompat.  First, Standard User Analyser is used and that fixes some of the bits but not all.  The Compatibility Administrator is shown and it has a huge database of application shims/mitigations to make the apps work on Windows 7/Vista. 

Tip from MS: When shimming an application then shim it’s dependencies.

Tip from MS: create a single SDB shim file for the entire company and include as many application fixes as possible.  That makes it easier to deploy/manage.

Session Virtualisation can be used for some appcompat, e.g. W2008 has WOW32 for 16-bit applications.

MED-V should be used by medium/large organisations who are considering XP Mode.  It provides centralised administration and control, e.g. change control.  You also get policy for interaction between physical and virtual, e.g.  allow copy/paste but not local disk access.

App-V DOES NOT solve appcompat OS issues.  It does solve app to app compatibility issues.  You cannot run legacy IE in App-V.

Windows 7 Deployment

Using W2008 R2 WDS multicast MS went from 17 WDS unicast servers to 1 WDS multicast server and quadrupled their total output to 2100 builds per day.

Michael Niehaus takes over with WAIK and MDT (check out my whitepaper on XP to Win7 deployment).  Now we get a demo.  This is a very demo intensive session.

MDT is light touch, e.g. LiteTouch.VBS.  To get zero touch where the admin deploys from an admin station then you need to use Configuration Manager.  SP2 adds support for ConfigMgr 2007.  MDT is free.  ConfigMgr obviously allows you to automate deployment from 0-100, e.g. report/collection for suitable machines and run a job on them to upgrade/migrate and then get success/failure reports.

Jeff Wettlaufer takes over.

ACT does integrate into ConfigMgr.  V5.5 doesn’t at the moment but there is a fix on the way.  V6.0 will integrate as well.  I wasn’t aware of this integration.

You can use the Windows 7 Upgrade Assessment reports in ConfigMgr.  Obviously you can add s/w and App-V distributions into a ConfigMgr OSD task sequence.  In the future, there will be integration with MED-V similar to the current integration with App-V.  That’s 12-18 months away with V2.0 of MED-V.

Michael Niehaus takes over again.  This time to show how MDT can integrate with ConfigMgr to add additional features.  You can create MDT task sequences in ConfigMgr and create boot images.  Why?  MDT task sequences offer more functionality.  Documentation for this integration is built into MDT in the accelerator docs.

Configuration Manager 2007 R2

Jeff is back with some ConfigMgr R3 roadmap information.

The task sequencer has a new boot media creation process.  You can do a pre-staged media boot image that contains the build, e.g. for road warriors or hardware providers.  Give them the media and they build a machine outside of your network with your image using the media you create in ConfigMgr 2007 R3 – sounds similar to the MDT 2010 solution.

… to Provide VDI, Session, and Application Centralised Publishing

Speaker: Alex Balcanuqall, Senior Product Planner, Microsoft

We’re talking about VDI (Windows desktop virtualisation in the data centre), Terminal Services and application (TermSvcs and App-V) publishing to the end user via a man in the middle broker in W2008 R2.  Hyper-V is used in some of this (VDI).  VMM and SCCM used to manage VDI.

Remote Desktop Services VS Virtual Desktop Infrastructure

• Tech Maturity: RDS Proven, VDI emerging.
• Scalability: RDS gets more users per server.
• Isolation/Security: VDI isolates the user, 1 OS per user and users _can_ run as admin.  Opposite for RDS.
• Remote User Experience: Protocol (RDP in MS) dependent
• User flexibility: User is non-admin in RDS
• Application Compatibility: RDS is a server OS and requires TermScvs compatibility.  VDI is a desktop OS.

RD Virtualisation Host

• Windows Server manages VM’s
• Install the Remote Desktop Virtualisation Host Role services
• Receives commands from the Connection Broker to start VM’s
• Collects information on VM’s and sends to Connection Broker (session information and VM-state (ie. is it running or hibernated)).

User requests VM on client –> Broker determines rights –> Broker initiates VM –> host starts up VM –> Broker redirects RDP session to VM (a direct RDP connection now)

The redirection uses the RDP 5.2 redirect packet so it’s very backwards compatible.

RDP Broker

• Connection Broker: what the client connects to initially
• Publishing service: aggregates VDI VM’s, RDS session servers or published applications
• Redirector: Most common mistake in setup is not setting this up in addition to the connection broker
• Connection broker and redirector can be separate

TS Web Access talk to Centralised Publish Service on TCP 5504

Redirector

It’s a session host in “drain”/dedicated redirector mode.  It forwards RDP sessions to the connection borker and retuns the list of IP addresses received from the broker.  Users never TS into it.

Certificates

Must be done right to keep single sign-on and to have no error popups for users.

You can use a single trusted SSL cert for all components.

Prepare VDI host

• Install Hyper-V
• Install Remote Desktop Virtualisation Host role

Sizing?

It depends:

• applications
• data used
• demand cycle of users
• depends on OS

And thing about CPU and memory requirements.  Only way to know for sure is to do a pilot with real users and real applications in real usage over a period.

Prepare Client OS VM’s

• Supports XP SP3, Vista and Windows 7
• Install the Hyper-V IC’s
• Enable RDP services (GPO)
• Add users to the groups (GPO)
• Enable Remote RPC (TermSvcs GPO)
• Open firewall for RDP and Remote Service Management
• Modify RDP Listener Permissions (manual or script).  This can only be done after a domain join.  Possibly a start up script is the way to go here. 
• There’s a script from MS for this but the URL on the screen is way too long to copy (must never have heard of Tinyurl)

Configure the Connection Broker and Redirector

• Broker: Is the RD Server Role
• Redirector: Is RD session host

When you install Remote Desktop Service Role the server is automatically put in “drain” mode so users cannot log into this server.

Unfortunately, we now get a very confusing and unrehearsed demonstration.  I’m lost.  It appears to me that the presenter is here because he is a manager, not a knowledgeable techie.

I can’t keep up with note taking in this session.  Sorry; it’s all a bit of a mess.

Pooled VDI VM’s

Often people start with this and switch to dedicated per user VM’s.  Problems: when to patch them.  S/W deployment – do you really want to install/stream non-standard s/w to a VM every time a user logs in?  Probably not.

There was some slides on tips’n’tricks and common mistakes.  He rushed through it after spending too much time troubleshooting his demo lab.  Disappointing session.

ARR 2.0 was announced as being released and available to download earlier this week.  It leverages IIS 7.0 and IIS 7.5 to give you a load balancing and content caching solution.  It’s an interesting solution, especially if you start reconsidering how you architect your web farms.  Here’s a listing of the features:

• HTTP based routing decisions built using rules that examine HTTP request information
• Sophisticated load balancing algorithms to determine appropriate servers to service the HTTP requests
• Health monitoring for live traffic and specific URLs to determine the health of servers with a set of configuration parameters provided to calibrate baseline server health
• Client affinity to direct all requests from a client to a specific server by using cookies.
• Host name affinity to streamline administration for Web servers and to create additional business opportunities.
• Management of multiple server farms to enable pilot management and A/B testing scenarios.
• Management and monitoring of all configuration settings and aggregated runtime statistics through IIS Manager interface.
• Support for Failed Request Tracing Rules
• Disk-based caching
• Cache hierarchy management
• Cache proxy node in CDN/ECN environment
• Caching compressed objects
• Browsing cached contents using IIS Manager
• Removing cached contents by matching URL patterns
• Overriding cache-control directives
• Warming up cache mode
• Intelligent byte-range support
• Intelligent live request support
• Caching while serving responses