Explaining Network Virtualization with VMM part 1

Explaining Network Virtualization with VMM Part 1

Network virtualization in Windows Server 2012 is one of my favorites, because it’s just so technical and revolutionary for the entire industry.

I have blogged about both network virtualization in VMM SP1 (CTP2) before, and the extensible switch in Hyper-V.

It’s important to know that there’s several new features and options in System Center – Virtual Machine Manager 2012 SP1 – BETA related to network virtualization, so I will start to blog about it now and walk through the different configuration options.

This blog post will talk about the networking Fabric.

Fabric in VMM is a layer of abstraction above your physical and virtual infrastructure that should serve the purpose of cloud computing. Fabric will contain virtualization hosts, networks and network equipment, storage, and also some additional server roles that will maintain and support the life cycle of your fabric resources.

When you are configuring and deploying a Microsoft Private Cloud, Fabric in VMM is the place to start.

Network virtualization in VMM does also has its starting point here.
A logical network in VMM can contain several sites, subnets and VLANs that represents the physical network.

Each virtualization host must be physically connected and associated to the proper logical network before you continue with network virtualization. Check this blog post I wrote earlier about networking in VMM.

A logical network must be in place as it’s the foundation for network virtualization (CA’s and PA’S), no matter what kind of network virtualization technique you are using.

Default in SP1 is NVGRE – and not IP-rewrite as in CTP2.

When you enable networking virtualization on the logical network, you can see the following in the jobs pane:

And during this modification you’ll find an interesting agent installed on your Hyper-V hosts:

 

More on this in the next post.

Now, let’s check what the Beta bits are bringing to the table.

Logical Switch

The Hyper-V Extensible Switch is dramatically changed in Windows Server 2012 (previously known as networks) and VMM fully supports and leverage its capabilities. An extensible virtual switch provides several options and configurations in a natively fashion, and does also supports ‘add-ons’ from thir-parties.

A logical switch is meant to represent a single configuration for you to apply to many or every hosts for a consistent configuration in your cloud infrastructure fabric.
Included in the logical switch is Native port profiles for uplink ports – used to define logical network definitions that should be available on every physical NIC connected to the logical switch.

Native port profiles for virtual ports – are used to define settings to the virtual switches that your VMs are connected to.

Port classifications – works as an identity to classify virtual port profiles for particular networks. So a VM can be deployed to different logical switches where the name matches based on the virtual port profiles on each switch.

More to come in the near future.

-kn

 

Windows Server 2012 Hyper-V Cookbook

I’ve been busy lately. Busy, beyond recognition.

Unfortunately, there hasn’t been enough time for my regular community activities like forums and blogging, but I will soon catch up to share some good tips and tricks from the field, since that’s where I’ve been the last months, in the field.

As I have announced earlier, I have been the technical reviewer on my fellow MVP – Leandro Carvalho’s book: Windows Server 2012 – Hyper-V Cookbook

It has been a really interesting project since Hyper-V is my bread and butter, laying close to my heart.

So when Leandro reached out to me for a while ago, I was lucky and grateful to accept the honor without any doubt.

The book can be ordered now, and is scheduled for December this year. This is probably the best Christmas gift you can give your IT-friends, so I would strongly recommend this one for you all.

The book is not the usual theoretical stuff you would suspect, but is straight down to business from the first page, on the very first chapter.

This is the third book I am either writing myself or participating on as a reviewer, and I must say I enjoy to read the good work from my co-authors and MVP’s. So if you are planning to write a book on related subjects and need a helping hand, feel free to contact me.

Availability Set in System Center 2012 SP1 - Virtual Machine Manager

As you may be aware of, SP1 for System Center 2012 is now available in Beta.

The first thing I will dig into is the new features in VMM and share the good stuff with you.

First thing first is the ‘availability set’ on the hardware profile for the VMs.

Finally, we can have a deeper cluster integration with VMM and create and manage this with this premium management tool.

In other words, if you have a distributed application – or anything else that should not be located on the same cluster node, you can create an availability set.

So what does this give?

VMM have some optimization techniques like Dynamic Optimization and Power Optimization.

Especially the dynamic optimization option will be a good friend of you once you enable it, to distribute and re-balance the workloads among a Hyper-V Cluster.

If you have created an availability set, dynamic optimization will not mess up your configuration and place the VMs on the same node. Together with the option to set preferred and possible owners of virtual machines, VMM will always attempt to keep those virtual machines on separate hosts to secure uptime for your services.

This is a well-known cluster setting that we have wanted to see in VMM for a long time.

When you have created an availability set you might also be glad to know that you can also prioritize those virtual machines. When a virtual machines is defined as ‘high priority’, the cluster will then start and place those virtual machines before medium and low-priority virtual machines. Hyper-V uses values from CPU, Memory and also NUMA to give the virtual machines best possible performance compared to virtual machines defined as medium or low.

 

This is just one part of the goodie pack in SP1 for SC 2012.

More to come.

System Center 2012 SP1 Beta is now available!

Oh yes.

Finally, System Center 2012 SP1 Beta is now available and this is the version that will work together with Windows Server 2012 RTM.

What’s new? (From Server & Cloud blog at http://blogs.technet.com/b/server-cloud/archive/2012/09/10/system-center-2012-sp1-beta-available-evaluate-with-windows-server-2012.aspx ) :

 

Windows Server 2012 and SQL Server 2012 Support
With this Beta release, all System Center 2012 SP1 components are now enabled to manage and run in a Windows Server 2012 environment.  System Center 2012 SP1 Beta also now supports the use of SQL Server 2012. 

Network Virtualization
With System Center 2012 SP1 you can take advantage of the Virtual Machine Manager’s ability to manage Hyper-V network virtualization across multiple hosts, simplifying the creation of entire virtual networks. 

Hybrid Cloud Management and the Service Provider Foundation API
System Center 2012 already enables optimization of your organization’s private cloud and Windows Azure resources from a single pane of glass, using the AppController component. In System Center 2012 SP1 we’ve extended AppController’s capabilities to include cloud resources offered by hosting service providers, giving you the ability to integrate and manage a wide range of custom and commodity IaaS cloud services into the same single pane of glass.

Service Provider Foundation API
The Service Provider Foundation (SPF) API is a new, extensible OData REST API in System Center 2012 SP1 that enables hosters to integrate their System Center installation into their customer portal and is automatically integrated with customers’ on-premises installation of AppController. A simple exchange of credentials enables enterprises to add the Service Provider cloud to App Controller for consumption alongside private and public cloud resources. SPF also has multi-tenancy built-in enabling operation at massive scale, controlling multiple scale-units built around Virtual Machine Manager.

Windows Azure Virtual Machine management
System Center 2012 SP1 now integrates with Windows Azure Virtual Machines enabling you to move on-premises Virtual Machines to run in Windows Azure and then manage from your on-premises System Center installation enabling a range of workload distribution and remote operations scenarios

Enhanced backup and recovery options
System Center 2012 SP1 Data Protection Manager adds the option to host server backups in the Windows Azure cloud, helping to protect against data loss and corruption while integrating directly into the existing backup administration interface in System Center. More details.

Global Service Monitor Support
System Center 2012 SP1 includes support for a new Windows Azure-based service called “Global Service Monitor” (GSM). GSM extends the application monitoring capabilities in System Center 2012 SP1 using Windows Azure points of presence around the globe, giving a true reflection of end-user experience of your application. Synthetic transactions are defined and scheduled using your on-premises System Center 2012 SP1 Operations Manager console; the GSM service executes the transactions against your web-facing application and GSM reports back the results (availability, performance, functionality) to your on-premises System Center dashboard. You can integrate this perspective with other monitoring data from the same application, taking action as soon as any issues are detected in order to achieve your SLA. To evaluate System Center 2012 SP1 with GSM, sign up for the customer preview of GSM.

Begin your evaluation of System Center 2012 SP1 with Windows Server 2012 today:

• Download the Beta
• Visit the TechNet System Center 2012 SP1 Beta library for technical documentation to support your evaluation

I will test and play with every component, but first thing first: Virtual Machine Manager.

Oh, and you will of course not be able to Live Migrate a running VM from your private cloud to Windows Azure. You will have to store it in the library and make it accessible for Azure before you can run it in Microsoft’s cloud datacenter.

Until next time,

Kristian

Explaining the Hyper-V Extensible Switch

In previous versions of Hyper-V, we referred to Virtual Networks instead of switches when we talked about what’s now called the Hyper-V Extensible Switch. This often led to confusion for customers and engineers when dealing with networking in Hyper-V, especially in the TechNet Forums.

A virtual network could either be Private, Internal or External.

The Private network would not bind to a physical NIC on the parent partition, and only let the virtual machines connected to this network communicate. Since there was no binding to a physical NIC, the virtual machines was unable to communicate with other virtual machines on other hosts.

The Internal network did not bind to a physical NIC either, but created  virtual NIC in the parent partition so that the virtual machines and the host itself was able to communicate.

The External network was the only type of network that would bind to a physical NIC in the parent, meaning that this was the proper type of virtual network if you wanted your virtual machines to be able to communicate over the physical network and have LAN/WAN access.

The three different types still exists in Windows Server 2012, but have been renamed to virtual switches.

There’s been done a lot with the extensible switch in Hyper-V and the switch itself is now extensible for third parties to integrate and develop tools and solutions that interacts with this switch.

A Hyper-V virtual switch is a virtual layer-2 network switch that provides programmatically managed and extensible capabilities to connect virtual machines to the physical network. This will led to better solutions related to security, isolation, SLA’s and policy enforcements in a virtual environment, and is much better suited for cloud computing scenarios.

Normally when we think of cloud computing scenarios, we would also think of tenant isolation, protection of malicious virtual machines and traffic control. The Hyper-V Extensible switch will cover it all.

There’s built-in support for NDIS (Network Device Interface Specification) filter drivers and WFP (Windows Filtering Platform) callout drivers. This makes it possible for ISV’s to create plug-ins to provide enhanced networking and security capabilities. This will give organizations more options to secure their tenants, traffic and measure networking for virtual machines.

Functionality in Hyper-V Extensible Switch

DHCP Guard protection: Will help you to protect against malicious virtual machines that presents themselves as DHCP servers. Often referred to man-in-the-middle attachs.

Network traffic monitoring: let the cloud administrators have control and review the traffic over the network switch.

Port ACLs: Traffic filtering based on MAC (Media Access Control) or IP (Internet Protocol) addresses/ranges so that the cloud administrator can set up virtual network isolation.

ARP/ND Spoofing protection: Gives protection against malicious VMs using ARP spoofing to steal other VMs IP addresses, and provides protection against attacks that can be launched for IPv6 using ND spoofing.

Trunk mode to a VM: Let the cloud administrator set up a specific VM as a virtual appliance to direct traffic from various VLANs to that VM.

Isolated VLAN (PVLAN): Let the cloud administrator segregate traffic on multiple VLANs so that they can easily establish isolated tenant communities.

Bandwidth limit and burst support: Reserve guaranteed amount of bandwidth. Bandwidth maximum caps the amount of bandwidth a VM can consume.

ENC marking support: Explicit Congestion Notification (ECN) marking—also known as Data CenterTCP (DCTCP)—enables the physical switch and operating system to regulate traffic flow such that the buffer resources of the switch are not flooded, which results in increased traffic throughput.

Diagnostics: Let the cloud administrator easily trace and monitor events and packets through the virtual switch.

This will for sure ensure that you can meet the demand of cloud computing in the networking space as well, in conjunction with network virtualization.

There will be more blogging about switch extensions and network virtualization when SC VMM 2012 SP1 is available.

Windows Bootcamp in Norway

We’re getting close to a very exciting date. The date Windows Server 2012 becomes globally available.
Yes, there will be a virtual launch as a part of this, and I strongly recommend you to sign up for this event:

http://www.microsoft.com/en-us/server-cloud/new.aspx

And if you’re in Norway in September, you should also attend the Windows Bootcamp.

https://mspartner.microsoft.com/en/no/Pages/Training/WindowsBootcamp/Windows-bootcamp-speakers.aspx

We have a pretty awesome line-up of speakers this time, covering both the client and the server side.

In addition, some developers will be presenting for the developer community to teach and show what awesome applications you can create with the next generation of Microsoft’s operating systems.

I will have 4 sessions and cover Hyper-V and Windows Azure:

1.      Hyper-V for Everyone – come and see what’s hot and new and why you should start to virtualize your mother’s house.

2.      Overview of Networking in Hyper-V – See the enhancements in the extensible virtual switch, network virtualization and much more in this session.

3.      IaaS in Windows Azure – Exploring virtual machines and networking together with cloud services and resources on-premise.

4.      Hyper-V Replica – Do you suffer from insomnia? Join this session to see how I can help you out of your misery.

I am looking forward to see you at Fornebu in September!

Blogging at TechNet

For those of you who knows Norwegian, you can also find some great content at the norwegian TechNet site.
I will be blogging over there as well, covering stuff like Hyper-V, Windows Server, System Center and Windows Azure.
If that's not enough, you'll also find some other MVP Vikings covering the other areas in the IT industry:

Jan Egil Ring which is our PowerShell guru.
Ståle Hansen will take care of everything related to Unified Communication.
Olav Tvedt will deploy things everywhere, as usual.
Nicolai Henriksen will take you by your hand and force you into his client area, managed by Configuration Manager.

Follow our blog at http://blogs.technet.com/b/technetnorge/

And if you're into Facebook, you can like this page to participate with the Norwegian TechNet community: https://www.facebook.com/#!/TechNetNorge