My ramblings on the stuff that holds it all together
TechEd EMEA 2008 IT Pro – Day 3
3rd day out at TechEd, sorry for the delay in posting – have had lots of session time and work to slot in either side, plus it takes quite a long time to write this up, I hope you’re finding it useful.
I attended a number of sessions around SCVMM and Hyper V today, as well as some good chats with some people from the product teams. – the “ask the expert” booths are brilliant for this kind of thing as they are usually well staffed with people from the development or PS teams so you can usually get an answer to a complicated question; or be pointed in the right direction.
First session was Windows vista to Windows 7 desktop virtualization roadmap with Fei Lu, key points for me were;
- Microsoft are investing significant effort in application and desktop virtualization, the driver for this is that it makes it easier for people to deploy newer OS’es by de-coupling/virtualizing the integration between hardware/OS/applications/data – the pay-off for Microsoft is that they sell more licences and speed up adoption, to my mind this helps keep the traditional rich OS/app desktop in the game with adopters of Web 2.0 type on-line applications
- Wide range of products in this space now, Terminal Service/Desktop VM/central VDI and application virtualization which can all be mixed & matched to provide the required solution.
- Folder redirection/roaming profiles with good off-line caching is being positioned as data virtualization.
- VM Mobility and DR are popular scenarios for MS customers
- Windows 7 will provide even more off-line caching features for data and settings – data virtualization.
- The Kidaro acquisition becomes MED-V “Microsoft Enterprise Desktop Virtualization” which manages distributing VMs to PCs and provides offline use and desktop integration (more on this in a later session)
- VDI is also a popular scenario, Microsoft will not write an enterprise scale connection broker, they have partnered with Citrix to deliver this, Microsoft may provide a small scale connection broker in future.
- VDI and APP-V is nice solution for simple centralised desktop management, (I did hear later than there is no x64 support for APP-V as far as I know though)
- New VDI scenarios with Windows 7 RDP protocol support multi-monitor and bi-directional audio.
- Fei ran a very brave demo of speech recognition over RDP to a beta version of a Windows 7 VDI farm.. worked pretty well, and also played back some HD quality video which was pretty impressive (no details on bandwidth available/used though).
- In future Microsoft are considering a pure hypervisor based client device, and the ability to download a VM image and run it and support portability of the image to/from a VDI farm.
- Windows 7 will be able to boot a VHD directly, which must use the same code/logic as Server 2008 and Hyper V use to manage the parent partition.
Next up was a more detailed look at MED-V (Microsoft Enterprise Desktop Virtualization) this is the Kidaro product, integrated as part of the MDOP licencing programme, key points.
- It Manages and distributes virtual machines to client devices for local execution (think: running Virtual PC on a Vista machine with centralised management and distribution of the .VHD files.
- PC needs MED-V client (.MSI installer).
- Integrates start menu and seamless windows from the guest OS to the host like you get with VMWare Workstation’s Unity feature
- capable of distributing VMs over the network (delta based replication) or on media like USB/DVD.
- Policy control for expiry of a provided virtual machine; managing when it can be used etc.
- Maps printers back to local host
- Didn’t mention clipboard redirection explicitly but I assume it’s there?
- Configure which guest OS applications are published to the host OS start menu (nice)
- Integrated support for sysprep and setup scripts for things like domain membership if you have transient or persistent VMs.
- A very clever feature can redirect a MED-V presented IE window back to the guest OS instance of IE via an internal VPN tunnel (pretty sure that was what was said); based on the URL they are trying to reach. Which is good for a scenario where you are using a company supplied and secured MED-V VM on a home PC – ensuring that personal browsing does not traverse a company VM or VPN connection.
- MED-V isn’t available yet; beta out early Q1 2009 and RTM likely to be available 1st half of 2009.
Next up was a session on System Center Virtual Machine Manager (SCVMM) which is used to manage virtual machines on both Hyper-V hosts and VMWare ESX (Xen maybe too in the future)
- VMWare Virtual Center is required to manage ESX hosts and clusters, SCVMM proxies control requests for ESX hosts via virtual center (using the API and PowerShell it would seem).
- SCVMM can manage multiple VMWare Virtual Center instances as well as Hyper-V and present a single pane of glass across the whole estate with centralised provisioning etc.
- SCVMM provides a Performance & Resource Optimisation feature (PRO) which is similar to VMWare’s DRS functionality
- PRO Can distribute VM load across multiple Virtual Center instances; which VMWare VC can’t do itself (but assume can’t vMotion this way so would have to shutdown and move).
- Can only use DRS or PRO – not both as they will fight each other.
- Can use SCVMM without SCOM but it can’t do the PRO stuff without SCOM as it doesn’t have performance data.
- There SCVMM is available now will be a new release to support Server 2008r2 and Hyper-V quick migration (vMotion equivalent).
- All in, looks to be a good product with some nice integrations but until Hyper-V is more prevalent managing mixed environments isn’t a huge requirement (to me) it’s not necessarily anything you can’t do out of the box now with VMWare Virtual Centre and some Windows VM monitoring via SCOM but definitley worth having in the arsenal for when Server 2008r2 brings live migration to Hyper V as adoption will pick up.
Next session was on connecting Active Directory to cloud services; this focused on the work Microsoft have done to build a hub and spoke federation architecture to allow cross-authentication between internal directory services (in this case Active Directory) and external service providers.
- the core of this is Microsoft Live ID, this service is essentially a broker hub for passing around authentication tokens and requests.
- Will be released in 2009; CTP available now, beta early 2009.
- Built on “Geneva” technology which seems to be a wider development of AD-FS
- Key point is tokens/claims are passed around the cloud and your service providers but authentication is always done via your home directory (i.e AD)
- Wizard based setup to enroll users/groups to the Federated Hub service.
- Release will be targeted at Active Directory as the authentication source, but framework is open so other vendors could write providers (Netware, Linux etc).
- Need to find out more about “Geneva” which is geared to complex enterprise scenarios.
- Will maybe build in more granular control for your administrators to specify what service providers your credentials can be used on, you never send passwords etc. just tokens but you may not want your internal users using this service to authenticate to non-business (i.e dating/social networking) sites that also participate in the Live ID federation hub.
Last session of the day was on the new Server 2008r2 Cluster Shared Volume (CSV) feature.
- Disks on traditional windows clusters could only be owned and accessed by one host over the storage area network (FC/iSCSI etc.) at a time; if other nodes try to mount the disk they can’t and there can be a risk of corruption.
- This is a multi-access shared disk volume, a bit like VMFS or ZFS.
- Hyper V is the only supported workload (but others may work)
- This is how they will enable live migration in Server 2008 R2 Hyper V
- 1 co-ordinator node manages access to the CSV and owns it.
- nodes send their read/write data to the CSV volume by the most efficient path (determined by the controller node?) this can be down the storage path or over a Ethernet network between the nodes (using faster Win2008 R2 SMB protocols)
- Can provide an extra degree of fault tolerance for access to the volume if a FC-path or network fails as it can route around it.
- you can assign priorities to certain paths to the storage.
- It’s still NTFS, all the tools chkdsk etc. still work and ACL’s etc.
- Supports MPIO, Fibre channel, iSCSI.
- This looks promising but I’m not sure about this data routing idea – surely you’d rather keep your server, storage and networking separate for security and performance reasons… but it is a clever idea and I can see that it could provide burst capacity if you were to saturate a storage path on an individual host, you could hand it off to another host to proxy it for you via an alternative path.
During the day we also got to speak to some of the Ask the Expert people around Hyper V – we discovered
- They’re unsure if Hyper V supports Windows Network Load Balancing
- You can’t do NIC trunking with Hyper V like you can with ESX; it’s 1 NIC — 1 vSwitch which means you can’t consolidate your VM network traffic into a pool.
That wrapped up day 3 and was followed by the UK TechEd party at Opium Cinema; it was a pretty good turn-out and the drinks flowed into the small hours.