Thursday, July 26, 2012

Windows Azure Services for Windows Server - Part 2

In Part 2, we will take a closer look at the experience of this solution, already running in Windows Azure and the changes that were announced early in June. This is to help you to better understand Windows Azure in general, and to be able to use it in your strategy and also explain the long term goal of a common experience in cloud computing, no matter if it`s on-premise or public.

Windows Azure used to be PaaS – Only until recently.

I have blogged several times about Windows Azure and that it`s PaaS and not IaaS, even with the VM Role in mind.

A bit of history:

In the early beginning in 2007, Windows Azure did only support ASP.NET for the front-end and .NET in the back-end and was ideal for running Microsoft based code in the cloud and take advantage of Microsoft`s scalable datacenters. The only thing the developer had to focus on was to write code.

Based on feedback from customers, Microsoft had to open up a bit to support various workloads. People wanted to move to cloud computing but didn’t had the time or effort necessary to perform the transition. And of course, it was a huge question about costs as well.

In fact, If you needed to create a hybrid solution back then, you had to code everything. This also included the Service Bus for being able to communicate with on-premise resources or other roles in the cloud. Back in 2010 during PDC, Microsoft announced several new features like VM Role, Azure Connect and Admin mode among others.

Immediately people assumed that this was IaaS.

To make a long story short: Someone tried to move their VMs to Windows Azure (through Visual Studio, which they should consider as odd) and connected their VMs to on-premise resources by installing Azure Connect on their domain controller (also odd).

Things were running for a while, not fast as lightening but it did work, until Windows Azure did reset the image they uploaded. The reason for this was that the VM Role was stateless only.

The whole idea behind the VM role was to make it easier to move existing applications – that also required some manual configuration prior to launching the code for their applications. The developers knew this and was happy, but the IT pros who did misunderstand the concept, was failing beyond recognition. The really key to understand all this is to know cloud computing and its service models. PaaS is very different from IaaS when it comes to responsibility and functionality in the cloud stack. A rule to remember: if things are able to scale out, then it is stateless.

So what did change in June this year?

-        Windows Azure is now also considered as an IaaS cloud

When that said, the long term goal for your applications should be to be able to run in a PaaS environment which is considered as the most effective and modern pattern. But you have now an option for your server applications when using IaaS, since IaaS serves to the OS stack in the cloud stack. This means you can put whatever you want into your OS, and that IaaS is basically virtual machines – the most flexible service model in cloud computing.

Comparison of Virtual Machines (IaaS) vs. VM Role

Virtual Machine has persistent storage, included system partition

VM Role gives you a stateless VM with pre packed applications for advanced setup of applications

IaaS in Windows Azure introduces the following:

-        Support for key server applications

-        Easy storage manageability

-        High available features

-        Advanced networking

-        Integration with PaaS (as ‘Cloud Services’ in the new portal)

For us that have been working with infrastructure in general and private cloud, we know what this means. But we still need to dive into the PaaS offering in Windows Azure, although we’re not developers. The reason why I am saying this is because Windows Azure has a goal to deliver the same capabilities with their IaaS offering as with PaaS.
This will include things as VIP swap, fault domains and upgrade domains, affinity groups etc.

In the preview of the new Windows Azure portal you`ll find several images available.

-        Windows Server 2008 R2

-        Windows Server 2008 R2 with SQL Server 2012 Evaluation

-        Windows Server 2012 Release Candidate

-        Several versions of LINUX

Virtual Machine Architecture in Windows Azure

It was a question about storage for the persistent storage and Microsoft decided to used what they already had available in Windows Azure Storage, by leverage their Blobs which also creates at least three replicas. By using their existing Blobs in Azure Storage, they had to make several improvements for the overall performance as this was designed for PaaS. This has in turns lead to a greater performance for both PaaS and IaaS as a result of that.  (Amazon created a SAN solution for their VM storage).

You will find both Disks and Images in Windows Azure.

Image is a generalized VHD that you can clone and create VMs with.

Disks is the virtual hard disks associated with the VMs – as you already are familiar with through the concept of virtualization.

How many disks you can have attached to a single VM in Azure depends on the ‘VM Size’ like extra small, small, large and extrra large. The good thing though is that you only pay for what you are using (yeah, it`s cloud computing) so that every resources are dynamic.

By default, the OS disk in the VMs supports ReadWrite disk caching, and also ReadOnly.

The data disks supports None, ReadOnly and can be modified using ‘Set-AzureOSDisk’ or ‘Set-AzureDataDisk’ cmdlets. To connect to a VM in Windows Azure, you must use the ‘Connect’ button in the Azure portal to initiate a RDP session, and use the admin login you specified during creation. If it`s a Linux operating system you would use SSH to logon, that you installs on your client computer.

Cloud Service Architecture in Windows Azure

The concept of PaaS in Windows Azure is now called ‘Cloud Service’ and consists of Web Roles and Worker Roles which are running on VM instances.

In addition, when you create a stand-alone Virtual Machine in Windows Azure, it`s not bound to a cloud service. But when you are creating an additional VM you can then find an option to bound those VMs into a cloud service. So in other words, you can add virtual machines to existing cloud services.

Each cloud service has their own virtual private network where they can see each other and doesn’t have to communicate through the public IP/DNS name. The drawback for the moment is that it`s not possible that two different cloud services can communicate without going through the public IP/DNS name, but this is a feature that will come in the future. (Announced during TechEd)

Understanding High Availability in Windows Azure

SLA is an everlasting discussion between the vendor and the customer.

When we are talking about SLA we are always thinking about ‘how many nines do we need’. Windows Azure gives you 99,95% availability if you are following the rules and have at least two instances for your roles, and 99,9% for a single role instance.

We have something called Fault Domains and Upgrade Domains in Windows Azure.

Fault Domains represents hardware faults (rack) and default there is two fault domains for each role.

Update Domains represents how to service the roles during updates and default there is five update domains. You can create VM availability sets and spread the VMs on different fault domains

Windows Azure Virtual Networking

As I wrote in the beginning of this article, you could connect your cloud applications with on-premise resources by using Service Bus or Azure Connect. The last alternative was not ideal from an IT pros perspective, as you would have to install this agent on your domain controller. So let`s take a closer look at the enhancement in the networking space in Windows Azure.

You have now full control over VM names and can also take advantage of the Windows Azure provided DNS server, and resolve VMs by name within the same cloud service. If you want to be able to have name resolution between virtual machines and role instances located in the same virtual network but different cloud services, you must use your own DNS server (more about that in a later blog post).

One of the biggest benefit of Windows Azure DNS server is that you won’t get the degraded performance by lookup public IP/DNS when roles and VMs in the same cloud service must communicate, leading to fewer hops, since they are now communicating on the same virtual network, using internal IP`s/names.

As a ‘replacement’ for Azure connect, Windows Azure Virtual Network enables you to design and create secure site-to-site connectivity and protected virtual networks in the cloud.

Define your own address space for virtual networks and virtual networks gateways in the same manner as you would do when you`re working with branch offices.

We will not dive deep into all the details in this blog post, but you must take a moment and plan carefully when you are working with your network design, prior to publishing services and roles in Windows Azure. Consider the following:

-        DNS design

-        Address Space

-        Supported VPN gateway devices

-        Internet-accessible IP address for your VPN gateway device

And there`s more…
You can also take advantage of the new offerings like Web Sites and SQL Databases, and this will also be available in ‘Windows Azure Services for Windows Server’, but since this blog is mainly focusing on cloud computing and infrastructure, it will not be covered in this blog post.

Thursday, July 19, 2012

Introducing Windows Azure Services for Windows Server - Part 1

I had my first weeks of vacation for the first time in two years this summer.

And did I use my vacation well? It really depends. Of course, I had some amazing days with my son, playing around and do all the normal summer activity you would expect and also introduced him to the great world of Pink Floyd, mainly focusing on the “The Wall” album J
But of course, during the World Partner Conference in Toronto, Microsoft announced some news.

I had to pay close attention to this since I mainly work with the typical datacenter customers and partners, in other words: hosters and those organizations who`s adopting cloud computing.

“Bringing Windows Azure Services to Windows Server for Hosting Providers”.

Yes, they announced a very interesting project that will open some new doors for the service providers. With the SPF as part of the upcoming SP 1 release for System Center, this will lay the foundation for a very interesting year.

To get an overview of the announcement, the following will be available: 

·        Web Sites

·        Virtual Machines

·        Service Management Portal and API

Web Sites: Early in June, Microsoft announced several news related to their public cloud offerings through Windows Azure. The Web Sites functionality in “Windows Azure Services for Hosting Providers” use the same software as in Windows Azure. This is a shared web site hosting where you can easily scale up and down, as well as create reserved web sites. Quite interesting if you are considering to offer web hosting, or already does.

Virtual Machines: Is based on System Center (SPF) and Windows Server, providing APIs to VMM 2012 SP1 for the creation, updates and deletion of virtual machines. VMM is probably the most critical part in the private cloud environment and is essential to deliver IaaS.

Service Management Portal and API: Gives you an UI for both tenant and admin on Windows Server. Again, the same as in the new Windows Azure portal that was announced early in June. It`s based on IIS and the UI is created in HTML and is extensible and customizable for your own demands. The API uses a DB and provides services to tenants. Take a look at Apprenda that already has existing solutions based on this:

This will be brought to Windows Server (2012) and enables Hosting Service Providers to deliver Infrastructure as a Service and website hosting – in the same way as Windows Azure!
Before we`ll take a closer look at the “Windows Azure Services for Hosting Providers”, we will have to start with System Center 2012 – Service Provider Foundation, since this is a critical component in this architecture.

Service Provider Foundation (SPF) is currently available as a Community Technology Preview (2) and work together with System Center 2012 – Virtual Machine Manager SP1 CTP2.
SPF will expose the infrastructure of Virtual Machine Manager through a rich set of web services (supports REST-based requests using OData protocol) and gives you the ability to create, update and delete virtual machines (handled these requests through Powershell scripts) since SPF acts as an intermediary between web-based administration for client and server applications.

Question 1: When is SPF useful?

SPF is useful for service providers to offer IaaS to their customers, especially when they have already existing solutions like an in-house developed front-end portal, where their customers can interact. This means that SPF will allow the customers to access resources in the Service Provider Cloud (using this term to differ from Private and Public Cloud) without any changes to the existing solution.
The SPF uses a database for aggregation of tenant resources, and is managed with Powershell and Runbooks in Orchestrator.

Question 2: What if we don’t have any existing portal; can we still take advantage of SPF?

Consider SPF as a “cloud connection string”, which enable tenants to access cloud resources through a self-service portal. This means that System Center App Controller will be able to connect to SPF, letting the tenants create and deploy virtual machines and services in the Service Provider Cloud.

Also, if the tenants also have their own Private Cloud and a subscription in Windows Azure, they can deploy virtual machines and services in all those clouds by using their internal App Controller.

Examples of scenarios here is when they have reached their capacity in their Private Cloud, and also the limit on one of their Azure subscriptions. Instead of creating another Azure subscription and purchase hardware for their Private Cloud, they can scale out to the Service Provider Cloud – which may be closer to the tenants than one of Azure`s datacenters.

Question 3: As a Service Provider, what do we need in the backend and how is this interacting with SPF and “Windows Azure Services for Windows Server”?

If you are already familiar with System Center Virtual Machine Manager, you know that the Fabric must be prepared and available to function as foundation to deliver cloud services. Fabric includes hypervisors, storage and networking to host services and virtual machines.

Also, we will be introduced to something called Stamp, which represents a set of hardware for scaling the capacity in the datacenter and is allocated into groups, and assigned to tenants.

A tenant, which is a consumer of services from a service provider, will be accessing the portal (web site) where they can create and manage their own virtual machines and services, assigned to their user roles. The user roles will be a combination of a profile and scope that defines allowed actions and permissions to resources

SPF let the Service Provider present a seamless user experience to the tenants by using the SPF APIs to access the data, and is presented through the “Windows Azure Services for Windows Server” portal.

The Service Provider Foundation in System Center 2012 SP1 can be considered as a cloud gateway enabling tenants to access cloud resources through a self-service portal, and is requirement for the “Windows Azure Services for Windows Server”.

Windows Azure Services for Windows Server.

If we’re thinking of strategy, this a major enhancement In Microsoft`s way to deliver cloud services with a seamless experience, no matter where the services and virtual machines are running.

The Service Management API is meant for the service provider to offer services to tenants in a consistent way letting them subscribe to “plans” (service offerings). All this is delivered through the service management portal with the same metro-style that runs in Windows Azure, so that tenants can create and deploy services, VMs and also websites.

Both the portal and API are extensible and can be customized. Again, take a look at Apprenda ( ) if you`re looking for a good example.

Here`s an high-level overview of the architecture, and how this would look from a tenant and service provider perspective.

I`ll provide some examples in a blog series, where I also will cover the setup in the near future.

Thursday, July 12, 2012

Introducing Network Virtualization with Virtual Machine Manager

One of my favorite features for Hyper-V in Windows Server 2012 is Network Virtualization.

 In a nutshell:

You can virtualize any network and run them all on a single physical network fabric.

How is that even possible? We`ll get to that after we`ve gone through some information and explained the scenarios behind this new capability in Microsoft`s virtualization stack.

I`ve been working a lot with hosters in my career and a common challenge is a secure and scalable solution for multi-tenancy. First thing that you might think of in relation to network is to use VLAN`s. Fair enough, that`s a wide adopted technology to separate networks, but it is also complex and not suited to scale. When I say scale, I am thinking of big time scale, for those major hosters.
In these days when cloud computing is all over the place, we are expecting our service providers to provision infrastructure, platform and software as a Service quite rapidly, working together with anything else and without making any changes to our environment. Unfortunately this is very challenging and not practically realistic.
One additional challenge to VLAN`s is that when you need to scale your Fabric with new virtualization hosts, storage and networking, you are in some ways limited to one physical location.
VLAN can’t span multiple logical subnets and will therefore restrict the placement of virtual machines. So how can you get a solution that works for your customers – even when they have already existing solutions that they want to move to the cloud?

Note: When cloud is mentioned in this blog post, we are thinking of private clouds, public clouds and service provider clouds – which is related to hosters.

By using traditional networking and VLAN`s you will have to reassign IP addresses when moving to the cloud, since mostly of the configuration is relying on the IP configuration on those machines. This will include policies, applications, services and everything else that is used for layer 3 network communications. With the limitations of VLAN`s, the physical location will determine the virtual machine`s IP addresses.

This is where Network Virtualization in Windows Server 2012 – Hyper-V comes to the rescue.

It removes the challenges related to IaaS adoption for customers, and will provide the datacenter administrator an easy an effective way to scale their network fabric for virtual machines.

Network Virtualization will let you run several virtual machines – even with the same identical IP assigned, without letting them see each other, which sounds like the solution for multi-tenancy.

How does it work?

Network Virtualization is policy-based and will use a CA – Customer Address (for the virtual machines, this is the IP that each VM can see and know of) and a PA – Provider Address (this is the IP that the hypervisor will see, letting the VM be visible on the physical network only)

You have two options when it comes to Network Virtualization.

IP rewrite will modify the customer IP address of the packets on the virtual machine before they are transferred on the physical network fabric. One of the pros with IP rewrite is that it will provide better performance since VMQ (Virtual Machine Queue) will continue to operate.

IP encapsulation will encapsulate all the VM packets with a new header before they are sent on the physical network. If we are thinking of scalability, IP encapsulation is the best option since this will allow all of the VMs on a host to share the same provider IP address. The different tenants will be identified by checking the header of the encapsulated packet that will contain a tenant network ID. So since all of the VMs are sharing the provider IP address, the switches in the infrastructure will be smiling since they only need to know the IP address and MAC address for the provider address.     

With Network Virtualization in Windows Server 2012 – Hyper-V, any VM can run with any IP configuration and be reachable by the customer, without altering the existing IP configuration. This will ease the transformation to the cloud.
If you want to play around with Network Virtualization in Windows Server 2012 – Hyper-V, you have to brush of your Powershell skills, as there is no GUI to apply, manage or tweak around the settings.

This work quite well, in small environments, and I would recommend you to follow a fellow MVP blog posts on this subject. Brian Ehlert has just started a series of blog posts about Network Virtualization and it`s Powershell all the way:

Management with System Center 2012 SP1 – Virtual Machine Manager

But to manage this in large environments, you would appreciate a world class premium cloud management solution as Virtual Machine Manager.
With the upcoming release of Service Pack 1 for System Center 2012 – Virtual Machine Manager, you will be able to take this a step further and almost do everything without touching Powershell.

First thing first, you`ll have to prepare the Network Fabric in VMM prior to implement Network Virtualization.

If you are not familiar with Network Fabric in VMM, I`ll suggest that you read this blog post for a guidance on how to setup Logical Networks, Virtual Networks, IP Pools and more. This is related to PA – Provider Addresses – which is the IP addresses that the Hyper-V hosts will be able to see and use.

Once this is done, we can move further and configure Network Virtualization.

You`ll find ‘VM Networks’ in the VMs and Services workspace in VMM. VMM uses the IP pools associated with a VM network to assign CA – Customer Addresses to virtual machines that use network virtualization. Remember that the CA is only visible to the VMs and is used by customers to communicate with those VMs.

Default when you configure Network Virtualization in VMM, VMM uses IP rewrite, but you will be able to use IP encapsulation (with Generic Routing Encapsulation (NVGRE) by using Powershell.

We will create two VM Networks in the following procedure, and using both IP rewrite and IP encapsulation.

If you followed the blog post explaining how to set up the Network Fabric, you should at least have a single logical network containing IP pools, subnets and maybe VLAN`s. In addition, it`s important that you have associated the logical network with your Hyper-V hosts or/and clusters. If using a cluster, make sure that the virtual networks are associated with the correct interface on each node, and the logical network.


We will create two VM networks (Blue_VMNet and Red_VMNet). Both associated with the logical network (PA) in Network Fabric.
We will create two VM subnets (IP rewrite) for Blue_VMNet, and one VM subnet (IP encapsulation) for Red_VMNet.
Last, we will create IP address pools for each VM subnet in each VM network (Blue VMSubnet1 IPPool, Blue VMSubnet2 IPPool and Red VMSubnet1 IPPool).

 To create a VM network and VM subnets with IP rewrite

1.    Open the VMs and Services workspace.
2.    Click Create VM Network. Name the VM network as Blue_VMNet, type a description and click the logical network you created earlier for PA.
4.    On the VM Subnets page, click Add, and add a VM subnet for Blue_VMSubnet1 ( Repeat the process and create a VM subnet for Blue_VMSubnet2 (

To create a VM network and VM subnet with IP encapsulation

1.      Open the VMs and Services workspace
2.      Click Create VM Network. Name the VM network as Red_VMNet, type a description and click the logical network you created earlier for PA.
3.      Instead of creating a VM subnet here, we will finish the wizard and start the Powershell module within VMM.
Tye the following Powershell cmdlets:

PS C:\> $SubNetVLan = New-SCSubnetVLan -Subnet ""
PS C:\> $VMNetwork = Get-SCVMNetwork -Name "Red_VMNet"
PS C:\> New-SCVMSubnet -Name "Red_VMSubnet1" -SubnetVLan $SubnetVLan -VMNetwork $VMNetwork -VMSubNetType "IPEncapsulationWindowsNetworkVirtualization"
Verify that the subnets are created in the console afterwards.

The last thing to do before you are done is to create IP address pool for each subnet in each VM network.

1.    Open the VMs and Services workspace.
2.    Click VM Networks.
3.    In the VM Networks and IP Pools pane, right-click the VM network where you want to create the IP address pool, and then click Create IP Pool.
4.    Enter a name (Blue VMSubnet1 IPPool), and configure the IP range and settings.
Repeat this process for each VM subnet.

Congratulations! You have now enabled Network Virtualization with VMM.

During VM creation, you`ll have a couple of new options for the vNIC, connecting to a logical network and VM network.

Tuesday, July 10, 2012

Introducing SMB3.0 with Virtual Machine Manager

Virtual Machine Manager 2012 SP1 | Adding a SMB3.0 File Share to your Hyper-V Cluster

It`s been a long time since I`ve blogged detailed about Virtual Machine Manager.

I am a virtualization dude by heart, and I have spent most of the time on Hyper-V in Windows Server 2012 lately, and the rest of the components in System Center 2012.

But as we`re getting close to release of System Center 2012 SP1 (I guess, since Windows Server 2012 was announced to be RTM the first week in August today at WPC), it`s time to dive into the details once again.

Since there`s some major new features and changes in Windows Server 2012, and most of it is very tightly to the Hypervisor, we will see Virtual Machine Manager adopt these asap.

Today, we`ll take a look at the SMB3.0 protocol, and how it`s being used by VMM to create flexible Fabric solutions.


So what exactly is SMB3.0?

Server Message Block protocol operates as an application layer network protocol, for providing shared access to serial ports, printers and files. You have most likely been using this protocol for decades in your network. One of the good things with SMB3.0 in Windows Server 2012 is that you can now run virtual machines and SQL user databases from a SMB3.0 file share.

Needless to say, this will create some new options for your private cloud to host VMs.

And when we add Multi-channel and RDMA to the table, this will actually be able to scale out beyond traditional datacenter implementations.

To be able to scale out a SMB3.0 share, you would need a Failover Cluster with the SMB Scale Out File Server role. I will blog more about this in the future, but as an easy overview, the Hyper-V hosts will access the SMB share on the cluster, using every possible network route. This will also introduce us to something called CA – Continuous Availability – meaning no downtime for your VHDs.

Scale-Out File Server is designed to provide scale-out file shares for server applications.

Benefits of using Scale-Out File Server in Windows Server 2012:

Increased bandwidth by using the total bandwidth of all cluster nodes in the Scale-Out File Server Cluster. You`ll notice this during cluster creation when you add the Scale-Out File Server role, that you don’t assign an IP address to the cluster. You only define the subnet. This means that every possible route to the cluster will be used for maximum performance, and is quite simple, cheap and easy to scale out by adding more routes/servers/NIC`s.

This leads to the term “Active-Active file shares” since all nodes in the Scale-Out File Server Cluster can accept and serve SMB client requests, also known as Continuous Availability since this provides transparent failover during planned – and unplanned downtime.

Scale-Out File Server role is built upon Clustered Shared Volumes, meaning that you create your file shares on a CSV. This will also give some of the other new benefits like CHKDSK with zero downtime on your CSV (this is independent of the Scale-Out File Server role), without any impact on your applications. Another neat feature is the CSV cache for increased performance in your virtual environment, especially for VDI scenarios.

To summarize a bit before we focus on Virtual Machine Manager, we can recommend using Scale-Out File Server for the ability to scale in an easy, reliable, cost effective and reliable manner. It`s not recommended to use this role for workloads that generates a lot of metadata operations such as typical information workers. Think of it this way: If you have a large datacenter running many many many virtualization hosts and you would have to purchase a large volume of new virtualization hosts to respond to business requirements, and you`re using a FC SAN as storage. You would have to buy additional HBA ports for every single new host, increasing the cost additionally. If you had a SMB Scale-Out File Server Cluster, you would only need the HBA ports on these nodes, and could connect your virtualization hosts to the cluster using 10GBe.

You can easily set this up by using Failover Cluster Manager or Server Manager today, and point the locations for your VHD`s to be on this share in Hyper-V Manager, Failover Cluster Manager and Powershell.

But we will also need a solution on the management side. This is where Virtual Machine Manager comes handy.

A couple of important things to notice prior to adding your SMB share to your Hyper-V servers/clusters:

·    We recommend that you use a dedicated file server.

·    For SMB 3.0 files shares to work correctly with VMM, the file server must not be a Hyper-V host. This also applies to a highly available file server. Do not add the file server (stand-alone or cluster) as a managed host in VMM.

·    The file share must not be added as a VMM library share.

·    The VMM service account must have local administrative permissions on the file server where the SMB 3.0 share resides. You must assign these permissions outside of VMM.

·    If you used a domain account for the VMM service account, add the domain account to the local Administrators group on the file server.

·    If you used the local system account for the VMM service account, add the computer account for the VMM management server to the local Administrators group on the file server. For example, for a VMM management server that is named VMMServer01, add the computer account VMMServer01$.

·    Any host or host cluster that will access the SMB 3.0 file share must have been added to VMM by using a Run As account. VMM automatically uses this Run As account to access the SMB 3.0 file share.

Adding a SMB3.0 File Share to your Hyper-V Cluster

Navigate to your Fabric workspace in VMM and right click the Hyper-V Cluster you`d like to use a SMB3.0 File Share, and click properties.

Click ‘File Share Storage’, Add and type in the UNC path to your SMB share.

Once this is done, you should be able to specify the SMB share as the location for your VMs during creation.

You can also perform this task by using Powershell:

$hostCluster = Get-SCVMHostCluster -Name ""

Register-SCStorageFileShare -FileSharePath "\\smboslo\smb" -VMHostCluster $hostCluster