From Windows Server Division WebLog here are 6 Steps to Get you Ready for Private Cloud.
IT Pros looking to delve into private cloud computing this year, should prepare with these 6 steps:
- Improve data quality in your identity infrastructure – audit existing users and groups to ensure your ad store is running only accurate data
- Enable Federated identity – self-explanatory, but it’s a big part of bridging the gap between public and private clouds
- Enable all the building blocks of a private cloud – that includes Windows Server 2008 R2 with Hyper-V, an optimized Active Directory store and System Center (notably Configuration Manager and Virtual Machine Manager).
- Standardize and automate your processes and workflows – to take the best advantage of a private cloud infrastructure, you’ll need to build standardized server, platform and application packages and templates. That’s only possible if you’ve done your homework and standardized the processes and workflows that those software packages will support.
- Think about how the IT Pro role needs to change – the cloud enables huge efficiencies in the data center. Be a hero today as you enable the cloud, but work to become a Director tomorrow. Combine a deep knowledge of your business’ needs, future directions and work processes with your expertise in technology. Use this combination and the power of the cloud to not just enable IT for your business, but to actually turn IT into a competitive edge the business can directly convert into new business and revenue. That’s the big win for tomorrow’s cloud IT pro.
- Last, take advantage of Microsoft guidance – We’ll be releasing lots of guidance, both technical and higher-level, regarding the journey to cloud computing in the coming months. Check the Microsoft cloud pages, TechNet’s cloud resources and especially the Hyper-V Cloud Fast Track pages for in-depth technical guidance. There’s much more to come, so check back often.
From Microsoft tech.ed online here’s an excellent video to help you with the Failover Clustering in Hyper-V.
Ben Armstrong explains in dep How Time Synchronization works in Hyper-V.
Problem #1 – Running virtual machines lose track of time.
While all computers contain a hardware clock (called the RTC – or real-time clock) most operating systems do not rely on this clock. Instead they read the time from this clock once (when they boot) and then they use their own internal routines to calculate how much time has passed.
The problem is that these internal routines make assumptions about how the underlying hardware behaves (how frequently interrupts are delivered, etc…) and these assumptions do not account for the fact that things are different inside a virtual machine. The fact that multiple virtual machines need to be scheduled to run on the same physical hardware invariably results in minor differences in these underlying systems. The net result of this is that time appears to drift inside of virtual machines.
UPDATE 11/22: One thing that you should be aware of here: the rate at which the time in a virtual machine drifts is affected by the total system load of the Hyper-V server. More virtual machines doing more stuff means time drifts faster.
In order to deal with time drift in a virtual machine – you need to have some process that regularly gets the real time from a trusted source and updates the time in a virtual machine.
Hyper-V provides the time synchronization integration services to do this for you. The way it does this is by getting time readings from the management operating system and sending them over to the guest operating system. Once inside the guest operating system – these time readings are then delivered to the Windows time keeping infrastructure in the form of an Windows time provider (you can read more about this here: http://msdn.microsoft.com/en-us/library/bb608215.aspx). These time samples are correctly adjusted for any time zone difference between the management operating system and the guest operating system.
Problem #2 – Saved virtual machines / snapshots have the wrong time when they are restored.
When we restore a virtual machines from a saved state or from a snapshot we put back together the memory and run state of the guest operating system to exactly match what it was when the saved state / snapshot was taken. This includes the time calculated by the guest operating system. So if the snapshot was taken one month ago – the time and date will report that it is still one month ago.
Interestingly enough, at this point in time we will be reporting the correct (with some caveats) time in the systems RTC. But unfortunately the guest operating system has no idea that anything significant has happened – so it does not know to go and check the RTC and instead continues with its own internally calculated time.
To deal with this the Hyper-V time synchronization integration service detects whenever it has come back from a saved state or snapshot, and corrects the time. It does this by issuing a time change request through the normal user mode interfaces provided by Windows. The effect of this is that it looks just like the user sat down and changed the time manually. This method also correctly adjusts for time zone differences between the management operating system and the guest operating system.
Read more here
When using Microsoft System Center Virtual Machine Manager 2008 to perform a Physical-to-Virtual conversion (P2V), the following error message appears during the Scan System phase.
VMM does not have appropriate permissions to access the resource on the %server.
Access is denied (0×80070005)
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.
Additional Information: The Source computer is the machine intended to be virtualized in the P2V conversion.
This failure is typically caused by either of the following conditions:
• The credentials provided during the P2V wizard is not a member of the local ‘Administrators’ group on the Source computer.
• The Source computer does not allow remote WMI calls to the CIMV2 namespace for the credentials entered during the P2V wizard.
To resolve the problem, follow these steps:
- Make sure that the account used during the P2V wizard is a member of the local ‘Administrators’ group on the Source computer. Note Pay particular attention to this if the SCVMM server and Source computer are in different domains.
- During the Scan System phase of the P2V conversion, SCVMM makes WMI calls to the CIMV2 namespace on the Source computer to pull basic system information. If these WMI calls fail, then the P2V conversion will also fail. To verify WMI connectivity to the CIMV2 namespace on the Source computer, perform the following actions from the SCVMM server:
- Click Start , point to Run and type ” WBEMtest” (without the quotes) in the Open box and click OK . This will open the WBEMtest window.
- Click Connect in the upper right hand corner.
- Now, connect to the CIMV2 namespace on the Source computer.
Note Be sure to use the name of your Source computer.
- Then click Connect to complete the connection. This should connect without any errors displayed.
- Just to confirm access to a sample object, select Open Class and type Win32_PhysicalMemory
- You should see objects populate in the Object Editor window. The actual content returned is not as important as the fact that a remote connection to the CIMV2 namespace was established.
- Open wmimgmt.msc and verify connectivity to the Local computer and also check the ‘Remote Enable’ permissions.
- Click Start , point to Run and type wmimgmt.msc and click OK . This will open the WMI Control (Local).
- Right click on the WMI Control (Local) node and select Properties .
- Select the Security tab, highlight Root and then open security by clicking the Security button in the lower right.
- Select “Remote Enable” permission for Everyone or the specific user account that you want to grant this permission to.
- This action does not require a reboot.
- Open dcomcnfg and verify that DCOM is running and also check the ‘Remote Activation’ permission.
- Click Start , point to Run and type dcomcnfg and click OK . This will open the Component Services snap-in.|
- Expand Component Service , then Computers , then My Computer . If My Computer has a red down arrow mark, it means that the service is not running. It will need to be started.
- Right click on My Computer and select Properties and select the COM Security tab.
- Click Edit Limits under the Launch and Activation Permissions section.
- For the Everyone user give the “Remote Activation” permission or add the specific user account that you want to grant this permission to.
Note The following error message may occur if the appropriate WMI permission is not granted to the user:
Access Denied” with Error Code: 0×80041003
- This problem can also occur if the OLE registry key is missing or has the incorrect value on the Source computer.
- Start Registry Editor.
- Locate the following path:
- This key should have a REG_SZ value EnableDCOM and a value of Y
KB2465160: Add Host or other action fails with (2916) 0×80338126 in System Center Virtual Machine Manager 2008
From Microsoft , KB2465160.
Adding a Host to System Center Virtual Machine Manager 2008 (SCVMM 2008) fails with a variation of Error (2916):
VMM is unable to complete the request. The connection to the agent ServerA.contoso.com was lost.
(The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. (0×80338126))
Ensure that the WS-Management service and the agent are installed and running and that a firewall is not blocking HTTP traffic. If the error persists; reboot ServerA.contoso.com and then try the operation again.
Specific content is being filtered by a non-Windows firewall. The firewall could be software installed on either the SCVMM 2008 Server or the Host that is being added. More likely, there is a hardware appliance firewall on the network between the two communicating servers.
Test multiple communication protocols between the two systems; the SCVMM 2008 Server and Host in this example. Some firewalls can have content filtering enabled despite showing that it is not. Remove all non-Windows software firewalls and bypass all hardware appliance firewalls entirely long enough to perform testing to verify whether or not they are contributing to the problem.
The following tests are examples of protocols that should always succeed. Test both directions always:
Ping by DNS name in both directions (NETBIOS and FQDN). The IP address returned must match.
Access to ‘\\ServerA.contoso.com\admin$’ from the ‘Run’ command in both directions. This must succeed.
From Server B: \\ServerA.contoso.com\admin$
From Server A: \\ServerB.contoso.com\admin$
WinRM basic connectivity in both directions. This must succeed. If it does not, execute ‘winrm qc’ on both servers, accepting all prompts, then test again.
Remote NETBIOS test: winrm id -r:remoteserver
Remote FQDN test: winrm id -r:remoteserver.contoso.com
WinRM successful reply example:
C:\>winrm id -r:ServerA
ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 6.1.7600 SP: 0.0 Stack: 2.0
Recently a firewall appliance sold by a major vendor showed content filtering disabled and not licensed to be turned on, yet was still filtering specific content. This was discovered through examination of network traces. Do not assume content, protocols or traffic are not being blocked. Perform tests to verify.
From Windows Storage Server blog here’s a list of useful documentation references:
New Technology: http://www.microsoft.com/windowsserver2008/en/us/whats-new.aspx
New in Windows File Services: http://www.microsoft.com/storage
Storage Technology Facts
Default cluster size for NTFS, FAT, and exFAT (256 TB NTFS limit) – http://support.microsoft.com/kb/140365
Large Logical Unit Support and Windows Server 2003 SP1 (GPT): http://www.microsoft.com/whdc/device/storage/LUN_SP1.mspx and http://www.microsoft.com/whdc/device/storage/GPT_FAQ.mspx
How NTFS works (256 TB limit) : http://technet.microsoft.com/en-us/library/cc781134.aspx
Reviewing Storage Limits: http://technet.microsoft.com/en-us/library/cc773268.aspx
Microsoft Storage: Fact and Fiction – http://www.microsoft.com/windowsserversystem/storage/getstorfacts.mspx
How to calculate the LUN limit per HBA – http://blogs.technet.com/b/filecab/archive/2008/10/20/storage-tip-how-to-calculate-windows-server-2008-lun-limit-per-hba.aspx
How dynamic disks and volumes work – http://technet.microsoft.com/en-us/library/cc758035.aspx
How basic disks and volumes work – http://technet.microsoft.com/en-us/library/cc739412.aspx
Windows Server 2008 R2 Whitepapers
Improve your understanding and get more in-depth information about Windows Server 2008 R2 in these whitepapers: http://www.microsoft.com/windowsserver2008/en/us/white-papers.aspx
Performance Tuning Guidelines
This guide describes important tuning parameters and settings that you can adjust to improve the performance and energy efficiency of the Windows Server 2008 R2 operating system. This guide describes each setting and its potential effect to help you make an informed decision about its relevance to your system, workload, and performance goals. http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv-R2.mspx
NFS Account Mapping Whitepaper
This paper covers Network File System (NFS) account mapping and the deployment in Windows Server 2008 R2. NFS is a network file sharing protocol that allows remote access to files over a network. NFS implementations include an NFS server component, which enables the sharing of files for use by other networked computers, and an NFS client component, which enables computers to access files shared by NFS servers. The Services for NFS role service in Windows Server provides the ability to function as an NFS server. Windows and UNIX operating systems use different account and security systems. Windows operating systems represent users and groups with a unique security identifier (SID), while UNIX operating systems represent users with user identifiers (UIDs) and group identifiers (GIDs). Account mapping is the process of correlating the UNIX UIDs and GIDs to corresponding Windows user and group SIDs.
Operational TCO Comparison:
Windows Server 2008 File Services vs. Dedicated Storage System Vendors (Done by the Edison Group)
Windows Storage Server 2008 R2
TechNet Overview: http://technet.microsoft.com/en-us/library/gg232660(WS.10).aspx
Getting Started Guide: http://technet.microsoft.com/en-us/library/gg214166(WS.10).aspx
Known Issues List: http://technet.microsoft.com/en-us/library/gg214171(WS.10).aspx
OEM Deployment Guide: Download the guide here.
OEM Partners: http://www.microsoft.com/windowsserver2008/en/us/wss08/partners.aspx
Find out more about Specialized Server Solutions and how to become an OEM Partner.
MSDN and TechNet Download: http://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx?pv=18:370
Embedded OEM Trial Software: The Embedded Server Evaluation Website now has the Windows Storage Server evaluation package available for IHVs, OEMs, ISVs, consultants and VARs to evaluate and test the product. The download is available after a quick registration page.
Windows Storage Server 2008 R2 and the Microsoft iSCSI Software Target 3.3 available on MSDN/TechNet
Microsoft has released the Windows Storage Server 2008 R2 for MSDN/TechNet subscribers this new version includes Microsoft iSCSI Software Target 3.3 that includes Windows PowerShell cmdlets and differencing virtual hard disk support for HPC boot scenarios.
Read more at:
Windows Storage Server
Jose Barreto’s Blog
PowerShell cmdlets for the Microsoft iSCSI Target 3.3 (included in Windows Storage Server 2008 R2)