Network Management in System Center 2012 SP1 - VMM
Windows Server 2012 Virtualization: Notes from the Field
1. Windows Server 2012 Virtualization:
Notes from the Field
Didier Van Hoye, Architect
http://workinghardinit.wordpress.com
Kurt Roggen, Technical Consultant
http://trycatch.be/blogs/roggenk
4. WS 2012 Failover Clustering
Optimize & automate placement logic
Virtual Machine Priority
Starting the most important VMs first
Ensure the most important VMs are
running
Preemption to shut down low priority
VMs to free up resources for higher
priority VMs to start
Ideal for infrastructure servers (DCs)
or tiered architecture (back-end,
middle-tier, customer-facing)
Enhanced Failover Placement
Each VM placed based on node with best
available memory resources
Memory requirements evaluated on a per
VM basis
Non-Uniform Memory Access (NUMA)
aware
High
Medium
Low
5. Priorities for Roles or Virtual Machine
Values: High, Medium, Low
Default Priority: Medium
Lowest Priority: No Auto Start
Starting Roles in Priority order
Per Node
Placing Roles/VMs in Priority order
Cold start
Handling node crash
Moving Roles/VMs in Priority order
Queuing
Node Drain
High
Medium
Low
No Auto Start
6. Virtual Machine Priorities
Default Priority: Medium
Default “Move Behavior”: Quick migration for Low & below
Defined by cluster parameter “MoveTypeThreshold”
which defaults to 2000 (Medium or Higher Priority)
7. VM Priorities & Live Migration
Set all VMs to Live Migrate (instead of Quick Migrate)
Not only VM with Medium/High Priorities
VM Priority Values
3000 = High
2000 = Medium
1000 = Low
0 = Do not start automatically
Using PowerShell
Get-ClusterResourceType "Virtual Machine" |
Set-ClusterParameter MoveTypeThreshold 1000
8.
9. Enhanced Failover Placement
• Enhanced memory aware placement of VMs
• Check for most available Memory
• Failover is determined by Preferred Owners & Possible Owners
• Failback of VM now uses Live Migration instead of Quick Migration
• Live Migration respects Preferred Owners & Possible Owners
• Default Failback action: No Failback
10. Anti Affinity ClassNames
• Property of ClusterResourceGroup
• Identify ClusterGroups that should not be hosted on the same
node (where possible)
• Impacts VM Placement and Live Migrations
• Configurable using PowerShell only
• Configurable using SC2012 SP1 VMM using “Availibility Sets”
• Serves as basis for “Availibility Sets” in SC2012 SP1 VMM
More information:
http://msdn.microsoft.com/en-us/library/aa369651(v=vs.85).aspx
11. Cluster Node Maintenance Mode
Drain all VMs off a node
Supports all cluster roles
Role-specific features
Live migration or quick migration for VMs
Uses VM Priority
Moves other roles
12. Cluster Node Maintenance Mode
Workflow – In Depth
Cluster Node Maintenance Mode - Automated Node Drain
Workload sorted based on Priority
VMs queued for live migration (using MaxLiveMigrations)
Enhanced memory aware placement of VMs
VMs’ live migrated concurrently along with built-in retry logic
Node is PAUSED
Automated Node Drain completed
Cluster Placement Policies
(Preferred & Possible Owners, AntiAffinity)
14. Cluster Aware Updating (CAU)
Update orchestration across all nodes in a cluster
CAU ships in box with Windows Server 2012
Not reinventing Windows Updates & patching
Previews, applies and reports on updates for a cluster
Two modes: Self-updating & Remote-updating
Self-updating: Workload reduction through increased automation, Updating itself is resilient
Remote-updating scenarios where closer administrator attention is preferred or warranted
Extensible
Integrate with your patching tools with plug-ins (API)
Two inbox plug-ins: Windows Update & hotfix plug-in
Per-node pre-update and post-update scripts
16. Plug-ins & Supported Update Types
CAU ships with two plug-ins
1. Windows Update
1. Installs GDRs* => From Windows Update
Or WSUS
2. Hotfix Plug-in
1. Installs QFEs** from a SMB 3.0 file share
2. 3rd party updates such as BIOS & Firmware Updates from a
SMB 3.0 File Share
17. Cluster Aware Updating Process
1. Scans, downloads and installs applicable
updates on each node
Windows Update or Hotfix plugin or both
2. Restarts node as necessary
3. One node at a time
4. Repeats for all cluster nodes
5. Customize pre- & post-update behavior
with PS scripts
6. Easy manual or scheduled launch
Via GUI
PowerShell
Works for both physical or virtualized clusters
Jenny Starts
Updating Run
Node 64
Resume Node &
Failback VMs
.
.
.
Node 1
Windows
Server failover
cluster
. . .
Windows Update,
WSUS, QFE, …
Pause Node &
Drain VMs
CAU
18. Remote-Updating Mode
CAU Update Coordinator process
remotely connects to the cluster
User-initiated Updating Run,
allowing real time monitoring
Rich progress updates
Minimal Server Core (no .Net or
PS dependency) on nodes
CAU Update
Coordinator
Failover Cluster
Node 1 Node 2
Node 3 Node 4
19. Node 1
Failover Cluster
Self-Updating Mode
Leverages a CAU cluster role that is
resilient to planned and unplanned
failures
Requires no real-time user attention
Installs updates on a custom schedule
CAU Update Coordinator process runs
on a clustered node
Update Coordinator
Node 2
Node 3
Node 4
20. Strict ACL Checking (Optional)
Kerberos Mutual Authentication
(Required)
Data integrity checking (Required)
SMB Signing or SMB Encryption
Privacy with SMB Encryption
(Optional)
SMB Encryption is new in Windows Server 2012
Hotfixes Folder
Structure & Security
CAU Hotfix Root Folder
CAUHotfix_All
<Node Name 1>
Extension Rules
<MSU>
<MSI>
<MSP>
Folder Rules
<MySwUpdateType>
Hotfix Config File
MySwUpdateType
Special software updates
.
.
.
Hotfixes applicable to all nodes
Hotfixes applicable just to <Node Name 1>
Hotfixes applicable just to <Node Name N>
<Node Name N>
MySwUpdateType
Special software updates
MySwUpdateType
Special software updates
21. “Hotfix” Support Internals
Rich/extensible Hotfix installation
Microsoft QFEs, or third-party driver updates,
or even Firmware/BIOS updates…
Select hotfix behavior at start.
Two key inputs:
1. Root Folder: on an SMB File Share
2. Configuration xml file: defines the Rules
System32WindowsPowerShellv1.0ModulesClusterAwareUpdatingDefaultHotfixConfig.xml
Configuration Rules are the key to
flexibility
Easy to specify new Rules
hotfix installer name, install options, reboot behavior,
return values etc.
22. NTFS permissions CAU File Share
First you’ll need to do your home
work as described in the TechNet
article
But that doesn’t quite cover it
Adjust NTFS Permissions on the
CAU Share
Give cluster node computer accounts (or an
AD group containing them, which makes for
easier administration) Read/Execute
permission to the location
If Not =>they can’t run the DUPs.
23. NTFS permissions Log File
DUPs allows logging with /L switch
Locally (per node) or to central share
Must use another share than the CAU Share:
Need to give the computer accounts (or an AD
group containing them, which makes for easier
administration) write permission to the location
You’re not allowed to do that for other then
specific accounts as described on TechNet
The log can grow quite large if used a lot
Keep an eye on it
For clarities sake use different log per cluster or
folder type
29. VMM 2012 SP1 support for
Anti-Affinity = VMM ‘Availability Sets’
Availability Set = configurable anti-affinity
rules for VMs
Ensures VMs are placed on different
hosts for better availability
VMM Placement algorithm offers
suggestions based on availability sets
Works across:
Standalone (non-clustered) Hyper-V hosts*
Hyper-V clusters*
Xen Server hosts
VMware hosts
31. Availability Sets & VMM Services
VMM Services can leverage ‘Availability Sets’
Availability sets – configured at the machine tier level
Ensures that VM instances of a machine tier are placed on different hosts.
SSUs can request availability sets for their VMs
Simple checkbox experience
Available from the VMM Service Template Designer
35. Remediating Hyper-V Cluster
Orchestrated workflow
Put a node in maintenance mode
Evacuates the node using Live Migration
User can override this to save state the VMs on the node
Install missing updates based on baselines assigned
Take the node out of maintenance mode
Go to next node and repeat
Supports WS2008, WS2008 R2, WS2012 Hyper-V clusters
Automatable using PowerShell
37. Scale out & health policy Scale out & health policy Scale out & health policy
Service template (Multi-tier applications)
IIS
HW profile OS profile App profile
Application server
HW profile OS profile App profile
SQL
HW profile OS profile App profile
Web tier Application tier Data tier
Standardize Application Deployment
using Service Templates
Compute Storage Network
Web (IIS)
Web Deploy
App (Server App-V) Data (SQL)
DAC Packs
Custom Scripts
38. Create Service Template with
Service Designer
Use the ribbon for contextual actions
within the Service Template Designer.
Use the designer canvas to build your
service template from Virtual Machine
Templates, Logical Networks and
Load Balancers.
Set service-related properties such as
cost center, description, release version.
39. Preview pane shows view of your
service deployment.
Settings allow you to set
deployment specific variables.
Ribbon bar for deploy activity or
to check deployment ratings.
Deploy Service Through
Deployment Preview
40. Why Use Services?
Standardized deployments (in dynamic way – multiple environments)
Manage multi-tier applications across multiple servers as a single
unit
Scale out based on demand
Composibility of OS and Applications, allows users to manage fewer
OS images
Automation using # GCEs (Generic Command Execution ~ scripts)
41. Generic Command Execution (GCE)
Execute custom scripts within
Service instance VMs
Can specify run as account, script
restart behavior, logging
properties
Script parameters can leverage
configurable service settings
Multiple entry points available
Application level
Pre/post install, pre/post uninstall,
pre/post service, save/restore state
Application Profile level
Pre/post install, Pre/post uninstall
Pre/post install supports multiple,
ordered scripts (SP1)
42. SC 2012 SP1 VMM: Services
Service Deployment
Support for Service deployment to untrusted domains and workgroups
Support for Service deployment to disconnected VMs
Application Host
“Web Application Host” for deploying MS Web Deploy packages to existing web
servers (virtual, physical, farm, clustered)
SQL Server 2012
Complete installation of prepared SQL 2012 instances
Linux Guest support
Supporting Linux Operating Systems for unattended deployment
43. In-VM/Guest Agent SP1 Changes
Requires .NET 4.0
Agent installation will take care of this (can sysprep as well)
For Server Core, requires Windows Server 2008 R2 SP1 or above
Deployed via ISO
All service instance VMs have a guest agent installed
Decoupled from VMM server
Supports Service deployment to untrusted domains and workgroups
Supports Service deployment to disconnected VMs
44. Service Template Explorer
An add-in for your VMM Console, that allows you to discover,
download and import pre-configured service templates directly to
your VMM infrastructure
Service Templates available (soon)
Windows Server 2008 R2 SP1 / Windows Server 2012
ADDS Domain Controller
DNS, DHCP
Web Server (IIS)
File Server
* THIS IS BETA AT THE MOMENT AND MIGHT CHANGE TILL RTM