Wednesday, August 29, 2012

Explaining the Hyper-V Extensible Switch

In previous versions of Hyper-V, we referred to Virtual Networks instead of switches when we talked about what’s now called the Hyper-V Extensible Switch. This often led to confusion for customers and engineers when dealing with networking in Hyper-V, especially in the TechNet Forums.

A virtual network could either be Private, Internal or External.

The Private network would not bind to a physical NIC on the parent partition, and only let the virtual machines connected to this network communicate. Since there was no binding to a physical NIC, the virtual machines was unable to communicate with other virtual machines on other hosts.

The Internal network did not bind to a physical NIC either, but created  virtual NIC in the parent partition so that the virtual machines and the host itself was able to communicate.

The External network was the only type of network that would bind to a physical NIC in the parent, meaning that this was the proper type of virtual network if you wanted your virtual machines to be able to communicate over the physical network and have LAN/WAN access.

The three different types still exists in Windows Server 2012, but have been renamed to virtual switches.

There’s been done a lot with the extensible switch in Hyper-V and the switch itself is now extensible for third parties to integrate and develop tools and solutions that interacts with this switch.
A Hyper-V virtual switch is a virtual layer-2 network switch that provides programmatically managed and extensible capabilities to connect virtual machines to the physical network. This will led to better solutions related to security, isolation, SLA’s and policy enforcements in a virtual environment, and is much better suited for cloud computing scenarios.

Normally when we think of cloud computing scenarios, we would also think of tenant isolation, protection of malicious virtual machines and traffic control. The Hyper-V Extensible switch will cover it all.

There’s built-in support for NDIS (Network Device Interface Specification) filter drivers and WFP (Windows Filtering Platform) callout drivers. This makes it possible for ISV’s to create plug-ins to provide enhanced networking and security capabilities. This will give organizations more options to secure their tenants, traffic and measure networking for virtual machines.

Functionality in Hyper-V Extensible Switch

DHCP Guard protection: Will help you to protect against malicious virtual machines that presents themselves as DHCP servers. Often referred to man-in-the-middle attachs.

Network traffic monitoring: let the cloud administrators have control and review the traffic over the network switch.

Port ACLs: Traffic filtering based on MAC (Media Access Control) or IP (Internet Protocol) addresses/ranges so that the cloud administrator can set up virtual network isolation.

ARP/ND Spoofing protection: Gives protection against malicious VMs using ARP spoofing to steal other VMs IP addresses, and provides protection against attacks that can be launched for IPv6 using ND spoofing.

Trunk mode to a VM: Let the cloud administrator set up a specific VM as a virtual appliance to direct traffic from various VLANs to that VM.

Isolated VLAN (PVLAN): Let the cloud administrator segregate traffic on multiple VLANs so that they can easily establish isolated tenant communities.

Bandwidth limit and burst support: Reserve guaranteed amount of bandwidth. Bandwidth maximum caps the amount of bandwidth a VM can consume.

ENC marking support: Explicit Congestion Notification (ECN) marking—also known as Data CenterTCP (DCTCP)—enables the physical switch and operating system to regulate traffic flow such that the buffer resources of the switch are not flooded, which results in increased traffic throughput.
Diagnostics: Let the cloud administrator easily trace and monitor events and packets through the virtual switch.

This will for sure ensure that you can meet the demand of cloud computing in the networking space as well, in conjunction with network virtualization.

There will be more blogging about switch extensions and network virtualization when SC VMM 2012 SP1 is available.

Monday, August 27, 2012

Windows Bootcamp in Norway

We’re getting close to a very exciting date. The date Windows Server 2012 becomes globally available.
Yes, there will be a virtual launch as a part of this, and I strongly recommend you to sign up for this event:


And if you’re in Norway in September, you should also attend the Windows Bootcamp.


We have a pretty awesome line-up of speakers this time, covering both the client and the server side.
In addition, some developers will be presenting for the developer community to teach and show what awesome applications you can create with the next generation of Microsoft’s operating systems.

I will have 4 sessions and cover Hyper-V and Windows Azure:


1.      Hyper-V for Everyone – come and see what’s hot and new and why you should start to virtualize your mother’s house.

2.      Overview of Networking in Hyper-V – See the enhancements in the extensible virtual switch, network virtualization and much more in this session.

3.      IaaS in Windows Azure – Exploring virtual machines and networking together with cloud services and resources on-premise.

4.      Hyper-V Replica – Do you suffer from insomnia? Join this session to see how I can help you out of your misery.

I am looking forward to see you at Fornebu in September!

Sunday, August 19, 2012

Blogging at TechNet

For those of you who knows Norwegian, you can also find some great content at the norwegian TechNet site.
I will be blogging over there as well, covering stuff like Hyper-V, Windows Server, System Center and Windows Azure.
If that's not enough, you'll also find some other MVP Vikings covering the other areas in the IT industry:

Jan Egil Ring which is our PowerShell guru.
Ståle Hansen will take care of everything related to Unified Communication.
Olav Tvedt will deploy things everywhere, as usual.
Nicolai Henriksen will take you by your hand and force you into his client area, managed by Configuration Manager.

Follow our blog at http://blogs.technet.com/b/technetnorge/

And if you're into Facebook, you can like this page to participate with the Norwegian TechNet community: https://www.facebook.com/#!/TechNetNorge

Saturday, August 11, 2012

Cloud Services in Windows Azure

As a part of the new offerings in Windows Azure, Hosted Services are now replaced with Cloud Services in the new Windows Azure portal.
A hosted service was previously a service in Azure that could contain Web Roles, Worker Roles and VM Roles.
With the new Virtual Machine (persistent) in Azure, you can also add them to a cloud service so that they can communicate in their private network.

A cloud service is automatically created when you create a virtual machine. When you create your second virtual machine you will be able to add the virtual machine to the same cloud service to enable network communication, load-balancing and maintain high availability for those virtual machines.
This is important to know if you’re planning to extend your infrastructure and create connectivity between resources on-premise and in Windows Azure. Instead of going through the external IP/DNS name, you can take advantage of this private network.

So let’s repeat the PaaS service model in Windows Azure

A hosted service in Windows Azure was basically a combination of code and configuration. This does still apply for the cloud service.
A cloud service represents the PaaS service model in Azure, where you can deploy your multi-tier applications, using multiple roles and have a flexible model to scale your stateless applications.

Each role (Web or/and Worker Role) has its own code and configuration file.
So from a developer’s perspective, they only need to concentrate on their code, and let Windows Azure’s eco-system take care of the underlying architecture for the infrastructure and maintain performance, patching of the operating system and general maintenance in case of a failure.
Based on the SLA’s available in Azure, you must specify at least two instances of each role to assure you meat a satisfied SLA. This will apply to both failures and when you’re servicing your service.
This is to guarantee external connectivity to your internet-facing roles 99.95% of the time.

If you have worked with System Center 2012 – Virtual Machine Manager, you may be aware of the service concept where you can deploy distributed applications, use load balancing and scale out the stateless instances, and specify upgrade domains. Windows Azure has something similar, and provides you with two environments.

The staging environment is where you can test your cloud service before you put it into your production environment. When you are satisfied with your service, you can easily do a VIP swap (swapping the virtual IP address that’s associated with the two environments).

I’ll blog more about Azure over the next weeks.

Thursday, August 9, 2012

Master Class "Beyond Virtualization with Hyper-V in Windows Server 2012"

Just wanna share the content of my Hyper-V Master Class course.
Currently extending the course and documentation since there's so much content to cover, and also adding a section about Windows Azure and IaaS scenarios.


MasterClass «Beyond Virtualization with Windows Server 2012 Hyper-V»

Skills being measured: 

1.      Hyper-V and architecture – The details you need to know prior to design, installation and troubleshooting

-        Learning the architecture of Hyper-V (type 1 hypervisor)

-        Hyper-V compared with Citrix and VMware

-        Scale, performance and density

-        Installation

2.      Configuring your Hyper-V environment – Plan for scale and to fit your organization needs

-        Introducing the new features for a wide range of scenarios

-        Network Virtualization for multi-tenancy (Introduced with VMM 2012 SP1)

-        ACLs

-        Hyper-V Extensible Switch

-        LBFO

3.      Virtual Machine Management – What you need to know and manage

-        VHD

-        VHDX

-        Dynamic Memory

-        vCPU

-        Measure VM Resources

4.      Hyper-V Clusters – The foundation in a Private Cloud infrastructure

-        Quorum

-        Storage Pools

-        Storage Spaces

-        Networking

-        VM Monitoring

-        SMB3.0

-        CSV2.0

5.      VM Migration – Configure your dynamic and flexible cloud environment for high availability and continuous availability

-        Live Migration

-        Live Migration over SMB3.0

-        Storage Migration

-        Shared-Nothing Live Migration

-        Export/Import

6.      Disaster Recovery – The idea behind disaster recovery and how to plan for reducing downtime when the shit hit the fans

-        Windows Server Backup

-        Hyper-V Replica and Hyper-V Replica Broker

-        Snapshots (checkpoints)

7.      Extend your Datacenter with Windows Azure and IaaS – Use Windows Azure in your future strategy to extend your private cloud with public cloud offerings

-        Windows Azure and it’s history

-        PaaS

-        IaaS

-        Management of Roles

-        Virtual Machine

-        Networking

-        Cloud Services