windows server 2012 virtualization: notes from the field
DESCRIPTION
More info on http://techdays.be.TRANSCRIPT
Windows Server 2012 Virtualization:Notes from the FieldDidier Van Hoye, Architecthttp://workinghardinit.wordpress.com
Kurt Roggen, Technical Consultanthttp://trycatch.be/blogs/roggenk
Agenda
• WS 2012 Hyper-V & Failover Clustering• VM Priorities• Maintenance Mode• Failover & Failback• Anti Affinity• Live Migration• Cluster Aware Updating (CAU)
• SC 2012 SP1 Virtual Machine Manager• Cluster Management - Availability Sets• Fabric Patching• Maintenance Mode• Service Templates
Hyper-V & Failover Clustering
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
WS 2012 Failover ClusteringOptimize & automate placement logic
Virtual Machine Priority
Starting the most important VMs first
Ensure the most important VMs are running Preemption to shut down low
priority VMs to free up resources for higher priority VMs to start
Ideal for infrastructure servers (DCs) or tiered architecture (back-end, middle-tier, customer-facing)
Enhanced Failover Placement
Each VM placed based on node with best available memory resources
Memory requirements evaluated on a per VM basis Non-Uniform Memory Access (NUMA)
aware
HighMedium
Low
Priorities for Roles or Virtual MachineValues: High, Medium, Low
Default Priority: Medium Lowest Priority: No Auto Start
Starting Roles in Priority order Per Node
Placing Roles/VMs in Priority order Cold start Handling node crash
Moving Roles/VMs in Priority order Queuing Node Drain
High
Medium
Low
No Auto Start
Virtual Machine Priorities
Default Priority: Medium Default “Move Behavior”: Quick migration for Low &
below Defined by cluster parameter
“MoveTypeThreshold” which defaults to 2000 (Medium or Higher Priority)
Didier Van Hoye
VM Priorities & Live Migration Set all VMs to Live Migrate (instead of Quick
Migrate) Not only VM with Medium/High Priorities
VM Priority Values 3000 = High 2000 = Medium 1000 = Low 0 = Do not start automatically
Using PowerShell Get-ClusterResourceType "Virtual Machine" |
Set-ClusterParameter MoveTypeThreshold 1000
DEMO
Enhanced Failover Placement
• Enhanced memory aware placement of VMs• Check for most available Memory
• Failover is determined by Preferred Owners & Possible Owners
• Failback of VM now uses Live Migration instead of Quick Migration• Live Migration respects Preferred Owners & Possible Owners• Default Failback action: No Failback
Anti Affinity ClassNames• Property of ClusterResourceGroup• Identify ClusterGroups that should not be hosted on the
same node (where possible)• Impacts VM Placement and Live Migrations
• Configurable using PowerShell only• Configurable using SC2012 SP1 VMM using “Availibility
Sets”• Serves as basis for “Availibility Sets” in SC2012 SP1 VMM
More information:http://msdn.microsoft.com/en-us/library/aa369651(v=vs.85).aspx
Cluster Node Maintenance Mode
Drain all VMs off a nodeSupports all cluster roles Role-specific features Live migration or quick migration for VMs Uses VM Priority Moves other roles
Cluster Node Maintenance Mode Workflow – In Depth
Cluster Node Maintenance Mode - Automated Node Drain
Workload sorted based on Priority
VMs queued for live migration (using MaxLiveMigrations)
Enhanced memory aware placement of VMs
VMs’ live migrated concurrently along with built-in retry logic
Node is PAUSED
Automated Node Drain completed
Cluster Placement Policies (Preferred & Possible Owners, AntiAffinity)
Cluster Aware Updating(CAU)
Cluster Aware Updating (CAU)
Update orchestration across all nodes in a cluster CAU ships in box with Windows Server 2012 Not reinventing Windows Updates & patching Previews, applies and reports on updates for a cluster
Two modes: Self-updating & Remote-updating Self-updating: Workload reduction through increased automation, Updating itself is resilient Remote-updating scenarios where closer administrator attention is preferred or warranted
Extensible Integrate with your patching tools with plug-ins (API) Two inbox plug-ins: Windows Update & hotfix plug-in Per-node pre-update and post-update scripts
Didier Van Hoye
Where Does CAU Fit In?
Windows Update Services
Didier Van Hoye
Plug-ins & Supported Update TypesCAU ships with two plug-ins
1.Windows Update
1. Installs GDRs* => From Windows Update Or WSUS
2.Hotfix Plug-in
1. Installs QFEs** from a SMB 3.0 file share
2.3rd party updates such as BIOS & Firmware Updates from a SMB 3.0 File Share
*GDR = General Distribution Release**QFE = Quick Fix Engineering (nickname for hotfix)
Didier Van Hoye
Cluster Aware Updating Process
1. Scans, downloads and installs applicable updates on each node Windows Update or Hotfix plugin or both
2. Restarts node as necessary
3. One node at a time
4. Repeats for all cluster nodes
5. Customize pre- & post-update behaviorwith PS scripts
6. Easy manual or scheduled launch Via GUI
PowerShell
Works for both physical or virtualized clusters
Jenny Starts Updating Run
Node 64
Resume Node & Failback VMs
.
.
.
Node 1
Windows Server failover cluster
. . .
Windows Update, WSUS, QFE, …
Pause Node & Drain VMs
CAU
Apply updates on this cluster
Didier Van Hoye
Remote-Updating Mode
CAU Update Coordinator process remotely connects to the cluster
User-initiated Updating Run, allowing real time monitoring
Rich progress updates
Minimal Server Core (no .Net or PS dependency) on nodes
CAU Update Coordinator Failover Cluster
Node 1 Node 2
Node 3 Node 4
Didier Van Hoye
Node 1
Failover Cluster
Self-Updating Mode
Leverages a CAU cluster role that is resilient to planned and unplanned failures
Requires no real-time user
attention
Installs updates on a custom
schedule CAU Update Coordinator process
runs on a clustered node
Update Coordinator
Node 2 Node
3
Node 4
Didier Van Hoye
Strict ACL Checking (Optional)Kerberos Mutual Authentication (Required)
Data integrity checking (Required) SMB Signing or SMB Encryption
Privacy with SMB Encryption (Optional) SMB Encryption is new in Windows Server
2012
Hotfixes FolderStructure & Security
CAU Hotfix Root Folder
CAUHotfix_All
<Node Name 1>
Extension Rules<MSU><MSI><MSP>
Folder Rules<MySwUpdateType>
Hotfix Config File
MySwUpdateTypeSpecial software updates
.
.
.
Hotfixes applicable to all nodes
Hotfixes applicable just to <Node Name 1>
Hotfixes applicable just to <Node Name N>
<Node Name N>
MySwUpdateTypeSpecial software updates
MySwUpdateTypeSpecial software updates
Didier Van Hoye
Didier Van Hoye
“Hotfix” Support Internals
Rich/extensible Hotfix installation Microsoft QFEs, or third-party driver updates,
or even Firmware/BIOS updates…
Select hotfix behavior at start.Two key inputs:1. Root Folder: on an SMB File Share2. Configuration xml file: defines the Rules \
System32\WindowsPowerShell\v1.0\Modules\ClusterAwareUpdating\DefaultHotfixConfig.xml
Configuration Rules are the key to flexibility Easy to specify new Rules
hotfix installer name, install options, reboot behavior, return values etc.
Didier Van Hoye
NTFS permissions CAU File Share
First you’ll need to do your home work as described in the TechNet article
But that doesn’t quite cover it
Adjust NTFS Permissions on the CAU Share Give cluster node computer accounts (or
an AD group containing them, which makes for easier administration) Read/Execute permission to the location
If Not =>they can’t run the DUPs.
NTFS permissions Log File
DUPs allows logging with /L switch
Locally (per node) or to central share
Must use another share than the CAU
Share: Need to give the computer accounts (or
an AD group containing them, which makes for easier administration) write permission to the location
You’re not allowed to do that for other then specific accounts as described on TechNet
The log can grow quite large if used a
lot Keep an eye on it For clarities sake use different log per
cluster or folder type
CAU Hotfix plug-in in action
Cluster ManagementUsing SCVMM 2012 SP1
VMM 2012 SP1: Cluster Management• Supports “Possible/Preferred Owner”• Supports of “Availability Sets” (Anti-Affinity)• Supports VM Priority• Supports CSV2• Supports 64 cluster nodes, 4000 VM’s/cluster, 1024
VMs/node
Possible Owners & Preferred Owners
VM Priority
VMM 2012 SP1 support for Anti-Affinity = VMM ‘Availability Sets’Availability Set = configurable anti-
affinity rules for VMsEnsures VMs are placed on different hosts for better availability
VMM Placement algorithm offers suggestions based on availability sets
Works across: Standalone (non-clustered) Hyper-V
hosts* Hyper-V clusters* Xen Server hosts VMware hosts
Availability Set: “DCs”
* Windows Server 2008 R2 & Windows Server 2012 based hosts
Availability Sets
Availability Sets & VMM Services
VMM Services can leverage ‘Availability Sets’ Availability sets – configured at the machine tier level Ensures that VM instances of a machine tier are placed on different
hosts.
SSUs can request availability sets for their VMs Simple checkbox experience Available from the VMM Service Template Designer
Fabric PatchingUsing SCVMM 2012 SP1
Update Management
Feature of VMM 2012Keeps Windows Fabric Servers up-to-date• Limited to VMM managed infrastructure servers (HV, LIB,
WSUS, WDS)
Enable Featur
e
Manage
Baselines
Scan Servers
Remediate
Servers
Manage
Exemptions
Remediating Hyper-V Cluster
Orchestrated workflow Put a node in maintenance mode
Evacuates the node using Live Migration User can override this to save state the VMs on the node
Install missing updates based on baselines assigned Take the node out of maintenance mode Go to next node and repeat
Supports WS2008, WS2008 R2, WS2012 Hyper-V clustersAutomatable using PowerShell
VMM Services & Service Templates
Scale out & health policy
Scale out & health policy
Scale out & health policy
Service template (Multi-tier applications)
IIS
HW profile OS profile App profile
Application server
HW profile OS profile App profile
SQL
HW profile OS profile App profile
Web tier Application tier Data tier
Standardize Application Deployment using Service Templates
Compute Storage Network
Web (IIS)Web Deploy
App (Server App-V) Data (SQL)DAC Packs
Custom Scripts
Create Service Template with Service Designer
Use the ribbon for contextual actions within the Service Template Designer.
Use the designer canvas to build your service template from Virtual Machine Templates, Logical Networks and Load Balancers.
Set service-related properties such as cost center, description, release version.
Preview pane shows view of your service deployment.
Settings allow you to set deployment specific variables.
Ribbon bar for deploy activity or to check deployment ratings.
Deploy Service Through Deployment Preview
Why Use Services?
Standardized deployments (in dynamic way – multiple environments)
Manage multi-tier applications across multiple servers as a single unit
Scale out based on demand
Composibility of OS and Applications, allows users to manage fewer OS images
Automation using # GCEs (Generic Command Execution ~ scripts)
Generic Command Execution (GCE)
Execute custom scripts within Service instance VMs Can specify run as account,
script restart behavior, logging properties
Script parameters can leverage configurable service settings
Multiple entry points available Application level
Pre/post install, pre/post uninstall, pre/post service, save/restore state
Application Profile level Pre/post install, Pre/post
uninstall Pre/post install supports multiple,
ordered scripts (SP1)
SC 2012 SP1 VMM: ServicesService Deployment Support for Service deployment to untrusted domains and
workgroups Support for Service deployment to disconnected VMs
Application Host “Web Application Host” for deploying MS Web Deploy packages to
existing web servers (virtual, physical, farm, clustered)
SQL Server 2012 Complete installation of prepared SQL 2012 instances
Linux Guest support Supporting Linux Operating Systems for unattended deployment
In-VM/Guest Agent SP1 Changes
Requires .NET 4.0 Agent installation will take care of this (can sysprep as well) For Server Core, requires Windows Server 2008 R2 SP1 or above
Deployed via ISO All service instance VMs have a guest agent installed
Decoupled from VMM server Supports Service deployment to untrusted domains and
workgroups Supports Service deployment to disconnected VMs
Service Template Explorer
An add-in for your VMM Console, that allows you to discover, download and import pre-configured service templates directly to your VMM infrastructure
Service Templates available (soon) Windows Server 2008 R2 SP1 / Windows Server 2012
ADDS Domain Controller DNS, DHCP Web Server (IIS) File Server
* THIS IS BETA AT THE MOMENT AND MIGHT CHANGE TILL RTM
Service Template Explorer Experience