best practices and lessons learned: private cloud deployment in the enterprise ryan sokolowski...

Best Practices and Lessons Learned: Private Cloud Deployment in the Enterprise

Best Practices and Lessons Learned: Private Cloud Deployment in the Enterprise Ryan SokolowskiSenior Consultant, Microsoft Consulting ServicesMicrosoft CorporationWSV3196/14/2012 10:49 AM 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

1Agenda

The Microsoft Private CloudPlanning the Private CloudMonitoring and OperationsInstallation and DeploymentInventoryMonitorAuditProcessAutomationIT Service Management

Self ServicePortal

IT InfraIT ToolsIT ProcessBusiness RequirementsDeployConfigureMigratePaaSIaaSVirtualPhysical

IT Tools

Service ProviderDatacenter Admin

Application OwnerService Consumer

Service Model

App ControllerPrivate Cloud Infrastructure3Planning the Private Cloud

5Getting Started with Private CloudDipping your toes in the waterPrivate Cloud is a paradigm shift for most organizationsNew way of doing (and thinking) about business for internal depts. and teamsCrucial to get buy-in from stakeholdersSell the experienceSolution: initially target non-mission critical workloadsTest / Development workloads can be ideal first focus

TechEd 20126/14/2012 10:49 AM 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6

Ready for DepartureGet all System Center components prerequisites together ahead of installationExample: Cloud Services Process Pack (CSPP)Management Pack Prerequisites = !!!Solution: Use a Management Pack bundleTechEd 20126/14/2012 10:49 AM 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7Service Accounts, Groups and PermissionsDefine upfront!Define all Service Accounts, Groups (and group memberships) and Permissions in advanceDont assume that installations will be done with Enterprise or Domain Admin accountLog on as a Service right (Orchestrator Service Account)Use principle of Least Privilege


8VMM Cross-Domain / Disjoint Namespace Account Considerations

The VMM installation account must be a member of the same domain as the domain membership of the VMM Management server to complete the installation Contoso\ and Contoso\ orCorp\ and Corp\


9VMM Distributed Key Management (DKM) Cross-Domain Permissions ConsiderationsUnderstand the permissions required for the account used for installation and for the Service Account for VMMAccount used for VMM installation must have Full Control permissions to the container in AD DS and the permissions must apply to This object and all descendant objects of the container.CN=VMMDKM,CN=System,DC=Corp,DC=Contoso,DC=comLeave these permissions in placeKey renewal happens at 1 year


10VMM Cross-Domain / Disjoint Namespace SPN and SCP ConsiderationsIf the VMM Service is not running under an account that has permissions to add a Service Principal Name, host addition will failSolution: Add the SPN manually post-installsetspn -A HOST/ Add the SPN value to HKLM\Software\Microsoft\Microsoft System Center Virtual Machine Manager Server\SetupService Connection Point registration will also fail Solution: Run ConfigureSCPTool.exe to configure the SCP


11Isolation of Management Functions from Cloud Infrastructure

Recommendation: Keep System Center 2012 Mgmt systems separated from actual managed Private Cloud systems/clustersWhy would you do this?ManagementSecurity separationPhysical separation (different datacenters)Impact to High Availability (HA) design


12Storage FabricDecisions made here impact the entire cloudFew CSV vs individual LUNsCSVs reduce # of LUNs to manage, butIndividual LUNs can be created and managed by VMM automaticallyDecision point may be SMI-S Provider supportIf Fibre Channel, triple-check your zoningAnomalies in zoning can produce unexpected results with VMM storage/SMI-S integration

Clemente


13Storage FeaturesVaries by hardware vendorDe-Duplication - good argument for categorizing CSVs by usageDedicated CSV for OS/System volumes Can result in huge storage allocation savings = 4000 x ~20 GB = ~80TB!Thin Provisioning plan for worst caseCalculate total space consumption w/o thin provisioning Decommissioning VMsAre you able to return LUNs to the array? Again, SMI-S Provider is key


14Data Protection Manager (DPM)Odd Man Out?Many organizations already have existing backup solutionsCaution: CONFIRM ahead of time that third-party products will support the cloud requirementsi.e. - ability to address and backup CSV


15

Service Manager vs. The WorldDealing with other Service Management systemsIs there another Service Mgmt system in place?If so, Service Manager can be used as the Service Catalog (CMDB) for just the Cloud and can push changes to the other third-party system(s)


16

SQL Server ConsiderationsThe foundation for all System Center componentsSettle on a collation for SMYou cant change this later!Determine DB sizing & instances ahead of timeRequires coordination with DBAs/SQL team


18Additional SQL Server ConsiderationsThe foundation for all System Center componentsUsing NTFS Mount PointsLet installer create DBs on Mount Points; dont pre-create empty DBsAvoid using Browse dialog if using Mount Points type in the path

SQL BrowserJust Start It Undocumented here: Supported Configurations for System Center 2012 - Operations Manager


19Additional SQL Server ParametersYet more things to know about SQL for System CenterRPO vs RTO what is the difference (and why do I care)?SQL Recovery Modes Simple, Full and Bulk-LoggedSC2012 components are agnostic to recovery modeexcept for Configuration Manager!Single stand-alone Primary site - Changes after most recent backup lost; will have to be recreated.Central Administration Site Hierarchy - simple recovery model is mitigated through data replication Deltas only if backup is within default change tracking retention period configured in SQL (default is 5 days for SCCM)If backup is > 5 days / not valid backup - full reinit via bulk copy (BCP)More here: Introduction to Backup and Restore Strategies in SQL Server


20

Jamiecat TechEd 20126/14/2012 10:49 AM 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21Portals Gateway to the CloudService Manager vs. AppController vs. Self-Service PortalWho is the intended audience for the portal?Out-of-the-box vs custom development?SharePoint, SilverlightSolution: Embed AC portal in SM Portal Exposes VM control featuresAppController portal = both Private Cloud and Windows Azure subscriptionsNot the right fit for all organizations


22Installation and DeploymentLions and Tigers and BearsOh, my!Virtual, Logical and Physical Adapters in VMMTurn off VMM default behavior of adding logical and physical networks when adding hostsWHY?Teamed Network AdaptersDefault VLAN = No trafficEasier to control network creation directly


24VMM LibrariesConsider proximity of VMM Library server(s) to managed hosts/capacityStorage in separate location; VMM Library traffic through the SAN core vs. local trafficCreating a HA LibraryInstall VMM; create default VMM LibraryEstablish HA File Share on separate clusterUse this File Share as additional (Primary) VMM Library

MatlTechEd 20126/14/2012 10:49 AM 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25VMM and Operations ManagerThe perfect unionSelect Enable Maintenance Mode Integration with Operations Manager in Properties of Operations Manager connection in VMMWhy?This reduces complexity in any Orchestrator runbooks that use Maintenance ModeCluster patching / updating


26High Availability ConsiderationsEnsure your cloud continues to runthe 50/50 ruleCluster across blade server chassis / enclosuresUse half the blades from one chassis and half from another to create a cluster (scale unit)Cross-Connect all network and storage connectionsHave each FCoE/CNA/Ethernet port connect to a different switchSplit your powerUse power from different circuits for each chassis power supply and into each rackCalculate max power draw per rack including compute and network components


27

The Cloud is Forming


28

Service Manager ConnectorsHitching up the System Center TrainThese turn the different System Center components into a coherent cloudActive Directory Domain Services (AD DS)System Center Configuration ManagerSystem Center OrchestratorSystem Center Operations ManagerSystem Center Operations Manager AlertsSystem Center Virtual Machine Manager (VMM)Connectors result in Configuration Items (CIs) in Service Manager

ShawnotronTechEd 20126/14/2012 10:49 AM 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29Tips for Orchestrator Connector(or how to avoid wasting time and making dumb mistakes)System Center Orchestrator Connector requires the SCO Web Service URL where do you find this?Default install = Web Service URL is Port 81 of the Orchestrator SQL Server / InstanceExample: http://SCO2012SQL:81/Orchestrator2012/Orchestrator.svcYou see Invalid when syncing runbooks into Service Manager?Runbook has changed its contract (parameter or data type changed)Avoid this = keep # of Initialize Data parameters small (i.e. just use the GUID of the Master Change RequestRead SCSM data into Orchestrator at run time using Get Object and Get Relationship activities


30Orchestrator Integration Packs (IPs)(How IPs are different from Service Manager connectors)Service Manager connectors populate the Service Catalog with CIsOrchestrator IPs enable automation of the various System Center components (VMM, Operations Manager, Service Manager, etc.) Errors with script output? Try Contains in place of EqualsFull list of System Center 2012 IPs available here:http://technet.microsoft.com/en-us/library/hh830706.aspx


31System Center OrchestratorFrom Proof of Concept to ProductionRunbooks, runbooks, everywhere!Use Variables in your runbooksWhy?Easier to deploy Private Cloud in Lab/POC environment firstVerify everything operates as expectedExport runbooks from labRedefine variables for Production


33Tips for AD DS Connector(or how to avoid blowing up Service Manager with CIs)AD Connector is going to pull in ALL users from ADSolution: Create groups that contain all Service Manager user accountsUse wildcard for group name prefixes in AD Connector propertiesI.E. cn=SM* for SMAdmins, SMUsers, etc.Select Automatically add users of AD groups imported by this connector


34A Note on Deployment Process ManagementIts RACI, not racy!Use the RACI model Responsible - who does the workAccountable sign off / approve work done (only 1/task)Consulted SMEs who provide input/opinion (2-way comms)Informed receive status updates, usually on completion (1-way)Good way to track/maintain communication touch points with customer(s) or stakeholdersSolid project management tenent


35Monitoring and OperationsElasticityYou cant have only growthCloud Services Process Pack (CSPP) has a de-commisioning runbookCaution: You must understand the ramifications of de-provisioning VMsImpact to business unitUse backup/secondary notification options to mitigate

: Bill EbbesenTechEd 20126/14/2012 10:49 AM 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37Custom MAC Address PoolsDont use the defaults!VMM uses default MAC address ranges for VMs on managed hosts00:1D:D8:B7:1C:00 00:1D:D8:F4:1F:FF for Hyper-V and Citrix XenServer hosts00:50:56:00:00:00 00:50:56:3F:FF:FF for ESX hostsUsing defaults can result in hard-to-diagnose, sporadic issuesMore here: http://technet.microsoft.com/en-us/library/gg610632.aspx


38Options for UpdatesConfiguration Manager or Virtual Machine Manager?What does the organization currently use?Do you want to leverage this or blaze a new trail?Will the Private Cloud be managed separately?VMM 2012 provides cluster updating in-the-box, butVMM = only Host and VM updates, not rest of organizationConfiguration Manager can be single administrative point


39

40

41Host MaintenanceSpeeding your live migrations LM Durations:1GbE network, typical VM = 2-5 min/VM10GbE = 10 to 15 seconds!Enable Jumbo Frames!Requires support / configuration throughout entire switch infrastructureCoordinate with Network team to confirm supportEnsure all VMs can live migrateInconsistent Virtual Network settings across Hosts will block Live Migration

42Workload MigrationsQuestions to answerWhich workloads make sense?Well-defined, repeatable (IIS/Web servers, DBs, App front-ends)Where does the data reside?If data is off-system in a separate DB = easierDoes the system require any hardware dongles (i.e. - CAD/CAM systems)?Not a good candidate to virtualize in generalDo Redbooks / Application Installation instructions exist?This can be a deciding factor for provisioning new VM and reinstall vs P2V/V2V decisionEnlist a friendly solution stack owner OpsMgr, ConfigMgr?Migrate entire stack over to the PC platform to help build critical mass Have a win to communicate to Mgmt and other solution users/owners

Angela Sevin43Bare-Metal Deployments for Scale Unit GrowthConfiguration Manager or Virtual Machine Manager?Configuration Manager and VMM have similar capabilitiesDetermine up-front which platform to use for the cloudIf SCCM is used for rest of organization, do you want to maintain separate images and processes?Separate MDT/WDS instances?Can share WSUS between Configuration Manager and VMM


44Managing Capacity/Load & Dynamic Optimizationor why wont my VMs migrate to this other host?Ensure you have sufficiently planned for capacity and host loadCalculate maximum density / host and size hardware appropriatelyVMM default is Manual optimization / 10 minutesCan change to AutomaticToo many VMs on one host?Solution:Increase the Aggressiveness setting to HighMore Aggressive = more migrations = more balanced

Gabriel SeahTechEd 20126/14/2012 10:49 AM 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

45Service Templates Controlled AutonomyManaging deployment of tiered servicesService Templates = the Holy GrailCombine multiple VM templates, Application profiles, Storage, Network, Load BalancingResult: Ability to provide self-service deployment of multi-tier environments to usersThink of a 3-tier SQL, App and Web front-end environmentTest and Dev users will love this and you will too!You have chosenwisely


46SIA, WSV, and VIR Track Resources

Talk to our Experts at the TLC#TE(sessioncode)DOWNLOAD Windows Server 2012 Release Candidate

microsoft.com/windowsserverHands-On Labs

DOWNLOAD Windows Azure

Windowsazure.com/teched

Resources

Connect. Share. Discuss.http://northamerica.msteched.com

Learning

Microsoft Certification & Training Resourceswww.microsoft.com/learning

TechNet

Resources for IT Professionalshttp://microsoft.com/technet

Resources for Developershttp://microsoft.com/msdn

48

Required SlideComplete an evaluation on CommNet and enter to win!

49MS TagScan the Tagto evaluate thissession now onmyTechEd Mobile

50

2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.6/14/2012 10:49 AM 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

516/14/2012 10:49 AM 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

52

best practices and lessons learned: private cloud deployment in the enterprise ryan sokolowski...

Documents

private cloud deployment

windows vista

waterprivate cloud

private cloudmonitoring

private clouddipping

product names

informational purposes

market conditions