Home | Contact | Sign in

Windows Infrastructure

Real life Active Directory, Hyper-V, Forefront , Performance and Security experiences By Erik den Burger

Azure not using Hyper-V ?

Tags:  Hyper-V

During his keynote at the recent VMWare Partner Exchange, Paul Jackson made some interesting comments.

The chief marketing officer of VMWare told the attendees that: "Microsoft is painting a beautiful picture about cloud computing, but according to its own internal documents is not using its own Hyper-V virtualization platform because it cannot easily pool CPU, memory, and networking resources."

Now he has a point, the current version of Hyper-V doesn't shine in the possibilities to pool CPU, memory and network resources and yes, Microsoft doesn't use Hyper-V for its azure platform. But what supervisor does it use in its Azure platform and why does Azure use it?

The foundation of the Azure platform is a newly developed hypervisor that was built with three basic principles in mind. The hypervisor should have a small footprint, be efficient and provide tight integration.

  • The small footprint means that any features that are not needed in the cloud scenario are removed. That way you remove the need for fixing unnecessary code. Having a small footprint reduces the amount of patching and rebooting of your servers and making your hypervisor less vulnerable for potential attacks.
  • The efficiency is obvious. Any percentage gain will be significant once multiplied by tens of thousands machines. The result is that more CPU cycles are available for the hosted applications.
  • To achieve the required level of performance and scalability it is necessary to have a tight integration between the Azure Hypervisor and the Azure Kernel.

As you see, a lot of the requirements for the Azure hypervisor are specific for the needs of azure only, and therefore there is a need for a separate supervisor. However a lot of the innovations in the Azure hypervisor will be incorporated in the next releases of Hyper-V

February 13, 2010 · Posted by Erik den Burger · 0 Comments

Security Update Hyper-V

Tags:  Hyper-V · Security

For the first time since its official launch 18 months ago, Microsoft has issued a critical security patch for Hyper-V. The fix is available for all windows 2008 and 2008R2 installations.

The update resolves a vulnerability in Hyper-V that could allow a denial of services attack if a malformed sequence of instructions is run on a virtual guest running on the Hyper-V Server. However, the attacker must have valid logon credentials and be able to logon locally into the virtual machine.

The impact of the vulnerability is limited, in most scenarios, administrator access to the virtual hosts is limited to trusted administrators. In proper designed SBC cases the users have limited rights and cannot launch the malformed sequence of instructions. In some VDI scenarios it is possible that users have local administrator rights within their virtual machine and thus are capable to attack the underlying Hyper-V Server.

For more information about the vulnerability you can visit KB977894: VERY Important Hyper-V Security Update

February 11, 2010 · Posted by Erik den Burger · 0 Comments

Data Protection Manager 2010 Release Candidate available

Tags:  Hyper-V · Windows Infrastructure

Ever since the release of Windows 2008R2 we have been waiting for this new release of DPM. After testing severals Beta's I think it is great news that DPM 2010 now has the release candidate status.
now you get better performance, possibilities to backup to the cloud and expecially CSV support! So we can backup out Hyper-V Clusters in an efficient manner.
 
You can try the Releace Candidate yourself.

February 9, 2010 · Posted by Erik den Burger · 11 Comments

Planning your AD Infrastructure

Tags:  Active Directory · Hyper-V · Windows Infrastructure

With Hyper-V becoming widely used the question in a lot of designs is weather to virtualize your AD infrastructure as well. The answer isn't always as easy and clear as it looks.

First let's see what Microsoft has to say about virtualizing your ADDS Servers. In article KB888794 you can read that it is indeed possible to run your ADDS server in a virtual environment when you follow the guidelines about pausing, snapshotting, backupping and performance, you should have no problems at all.

Now let's see what would happen if you're using a Hyper-V cluster and because you want to take advantage of your High Availabily features of your Hyper-V Cluster, all of your ADDS Servers are running virtualized. As long as your cluster is up and running everything is looking good. But what is for whatever reason your cluster needs to be restarted after a shutdown? You have a problem. The cluster service isn't starting, telling you it cannot contact a domain controller. So you have a cluster that isn't starting because there is no ADDS server available and you have a ADDS Server that isn't starting because the cluster it is running on cannot be started. This is a major problem. To fix this problem take a while, you have to build a standalone Hyper-V machine and manually copy the VHD of the Cluster-LUN. Now you can start the ADDS server and start your cluster.

So when using a Hyper-V cluster it is really important to keep at least one of your ADDS server running on a physical machine or if you want on a standalone Hyper-V server.

 

February 6, 2010 · Posted by Erik den Burger · 9 Comments

Increase network throughput under load in Hyper-V

Tags:  Hyper-V · Performance

The default buffer size used by a virtual switch used by Hyper-V may provide not enough space to buffer all the network traffic, therefore resulting in packet loss. This may happen when hyper-V is put under a significant load. Default buffer size is 1 MB and may be increased to provide better performance.

Comparable to a normal traffic jam, where there are too many cars trying to drive the same piece of road, the same can happen to network traffic. This can result in poor network performance. Especially in virtual environments these problems can be complex with several child partitions fighting for the same physical NIC. Hyper-V or better the VMBus of the Hyper-V supervisor is regulating the access to the physical NIC by using buffers and queues to keep all data flowing. However when these buffers run out of space some data packets will be dropped. In Windows Server 2008R2 the default size for this buffer is 1 MB, giving room for 655 packet buffers of 1600 bytes each. Although in most situations this value will give you more than enough room to play it may be advisable in some larger and busier Hyper-V environments to increase this value to 2 MB or even 4 MB. Anything more is not useful.

The process of increasing this buffer size isn't done with a fancy setting hidden in the GUI but should be done in the registry of the guest partition. We need to have a GUID and index of the network adapter which we can find by opening the Device manager, expand network adapters, right click the MS Virtual Machine Bus driver and choose properties. In the details tab we select the driver key. We no get the GUID/Index we need. We can now go to the registry editor and go to HKLM\SYSTEM\CurrentControlSet\Control\Class\<GUID>\<Index> where we can create to new DWORD values: ReceiveBufferSize and SendBufferSize. These values are representing the amount of memory that will be used as a buffer in 1 Kb units. 0x400, the default value, will result in a cache of 1 MB. Now I almost forget to mention that changing the registry is dangerous and you should have made a backup before you were changing any settings.

With most Hyper-V servers having plenty of memory nowadays, it is a good idea to increase the buffer size to give you a better network performance and protect you from packet-loss.

February 6, 2010 · Posted by Erik den Burger · 0 Comments

Power Management

Tags:  Windows Infrastructure · Performance

Last year Microsoft released a SCOM Management Pack for monitoring and managing the power consumption of Windows 2008R2 servers. This management pack gives you some insight into the power consumption of the servers and, even more interesting, gives you the ability to control the power savings and therefore reducing the total consumption of a server. And keep in mind that every Watt you can save with your servers is another Watt saved in you cooling.

 

One of the interesting features of windows 2008R2 that will reduce your power consumption is the use of Core Parking. Modern servers are using multiple multicore processors, giving you a lot of horsepower. But this horsepower is not always needed. When the system is not using all of the cores Windows 2008R2 actually put these unused cores in a park mode. If necessary, Windows will wake these cores when needed. This feature, combined with reducing the speed of the processors can significantly lower the power consumption.

If you want to see the 2008R2 Core Parking in action, you can use the performance monitor of Windows 2008R2, this will give information about the usage of the different cores.

 

So, Microsoft is getting serious with their power savings tooling. After the announcement of SCCM 2007R3, which is very useful to reduce the power consumption of your workstations, the use of the power management pack for SCOM can really save a lot of energy, and thus a lot of money.


 

February 2, 2010 · Posted by Erik den Burger · 0 Comments