microsoft server virtualization und verwaltungdownload.microsoft.com › download › e › 6 › b...
TRANSCRIPT
Virtualisierung mit Windows Server
Uwe HoffmannSpecialist Windows Server & Datacenter
Microsoft Deutschland GmbH
Agenda
1. Überblick Windows Server & Microsoft
Virtualisierung
2. Presentation Virtualisierung
• Remote Desktop Services
3. Server Virtualization mit Hyper-V
Überblick Windows Server & Microsoft Virtualisierung
Windows Server 2008Features, Roles, & Terminology
WebVirtualization Security
Strong Foundation for Key Scenarios
Server Virtualization
Hyper-V
Presentation Virtualization
TS RemoteApp™
TS Gateway
EasyPrint, SSO, NLA
Internet Information Services 7.0 (IIS7)
Fast CGI / PHP
Deployment
Windows SharePoint Services
Windows Media Services
Network Access Protection (NAP)
Read-Only Domain Controller (RODC)
PKI Improvements
BitLocker Encryption
Federated Rights Management
Management
Server Manager, Windows PowerShell™, WinRM, WinRS, Snapshot Backup
Windows Deployment Services (WDS)
Storage Manager, Print Mgmt Console(PMC)
Reliability
Server Core & Kernel Improvements
Next Generation Networking
SMB 2.0, IPv6, Scalable Networking
WAN Optimizations (DFS-R)
Windows Failover Clustering
Windows Server 2008 R2 Features, Roles, & Terminology
WebVirtualization Security
Strong Foundation for Key Scenarios
Server Virtualization
Hyper-V for R2
Live Migration
Presentation Virtualization
TS for VDI
RDP Improvements
Internet Information Services 7.0 (IIS7)
Full .NET Support on Server Core
Integrated IIS Extensions
Configuration Tracing
Read-Only DFS
BitLocker to Go
AD Authentication Assurance
DNSSEC
Secure FTP
Management , Reliability, Scalability
PowerShell 2.0 AD Administrative Center Power Management - CoreParking New Best Practices Analyzers >64 Core CPU Support
Windows 7 Better-Together
Direct Access
Branch Cache for HTTP & SMB
RemoteApp & Desktop Connection feeds
Enhanced Group Policies
Windows Server – Key Workloads
*IB and Workload Analysis based on IDC server hardware history, independent MS server market research, and MS Server Hardware group analysis
CPU Neuerungen: Performance & PowerSingle OS, Many Processors
Support for 256 Logical Processors (LP)
New Scheduler
SQL Server Support
NUMA enhancements
System Topology APIs
Improved Processor Power Management Policies
Core-Parking Reduced
Power
Abhängigkeiten schaffen Komplexität
Virtualisierung: Vorteile
Server Konsolidierung
Hohe Anwendungsverfügbarkeit Flexibel
Performance Auslastung
ProfileVirtualizationDocument Redirection
Offline files
Ein vollständiges Portfolio an Virtualisierungs Produkten vom Rechenzentrum bis zum Desktop
Virtualisierungs Produkte von Microsoft
Infrastrukturen – sowohl virtuelle als auch physikalische – werden von einer Plattform administriert
Management
Application Virtualization
Desktop Virtualization
VDI
Presentation Virtualization
Server Virtualization
Remote Desktop (Terminal) Services
Windows Server 2008 R2Remote Desktop Service Architektur
RD Web Access
RD Gateway
RD Connection Broker & Publishing
Active Directory®
Licensing Server
RD Virtualization Host
Remote Desktop Client
RD Session Host
Remote Desktop Services bilden die Grundlage
RDS & VDI – eineintegrierte Lösung
Hyper-V Support fürVirtual Desktops
Gemeinsame Infrastrukturfür Session-Handling
SCVMM Support
Remote Application Zugriff
RemoteApp & Desktop RDP-Verbindungen
RemoteApp & Desktop Web Access
RD Gateway Sicherheitsverbesserungen
Full Fidelity RemoteApp& Desktops
Echte Multi-Monitor Unterstützung
Multimedia Support & Zweiwege-Audio
Enhanced Bitmap Remoting für Flash, , PPT, Silverlight etc.
Plattform & Management VerbesserungenNeue API, Connection Broker Erweiterungen,
Powershell Support, Best Practices Analyze, Volle MSI Unterstützung
Bis zu 16 Monitore
Pro Monitor bis zu 1920x1080
Komplett zentral konfigurierbar
Funktioniert für Remote Desktop und RemoteApp
Echter Multi-Monitor Support
RD Session Host /RD Virtualization Host
Windows Media Redirection
Video Stream wird auf dem Client verarbeitet
Nahezu keine CPU Last auf dem Server
Video Codec muss auf Client Device existieren
RDP Performance EnhancementsMultiple New Techniques Improve Performance of Bitmap & Command Remoting
0
2
4
6
Typing and Scrolling Scrolling
Bandwidth - Kbps
XP (RDP 5.2) Vista (RDP 6.0) Windows 7 (RDP 7.0)
0
100
200
Executive PPT
Bandwidth Improvement per release
Min. 20% Gain!
WS 2008 Kernel NeuerungenHohe Skalierbarkeit
5% mehr User WS03 -> WS08 @ 16cores
40+% mehr User supported pro Server bei Änderungvon 16 auf 32 Core x64 Svr
Keine Memory Limits
TS-KW workload description: http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv.mspx
Terminal Server Performance
870
890
910
1300
600
700
800
900
1000
1100
1200
1300
1400
16 core 32 core
WS2003
WS2008
Use
rs
Remote Desktop Services Landschaft
LAN – Managed
Fat Clients Provisioning & Software/OS Deployment
• Basis Anwendung Paketierung
• Zentrale Server Images / Templates
• Physical & Virtual Zielsystem-Mgmt
Connection Broker
Session Mgmt
Remote VPN Clients
Direct Access
Authentifizierung & Access
• Active Directory Domain Services
• Certificate Services
• Network Policy Services (NAP)
VDI
Hosts
Anwendungs-Virtualisierung
• Paketierung / Isolierung
• Streaming
• App-V for TS included in RDS CAL
Monitoring & Auditing
• PROaktives Monitoring
• End-to-End Monitoring
• Dynamische Regeln & Lastbasierende
Steuerung der Host Landschaft/Rollen
Clients
User Profiles
Folder Redir.
Management Dienste
ThinClients/NetPCs/
Terminals
File & Print
Services
Licensing
Services
Infrastruktur Dienste
Load
Balancing
Physical or Virtual
Connection Dienste
Services
Security
Services
Server Hosts
Terminal Server
Hosts / Farmen
Remote Desktop Services Landschaft
LAN – Managed
Fat Clients Provisioning & Software/OS Deployment
• Basis Anwendung Paketierung
• Zentrale Server Images / Templates
• Physical & Virtual Zielsystem-Mgmt
Connection Broker
Session Mgmt
Remote VPN Clients
Direct Access
Authentifizierung & Access
• Active Directory Domain Services
• Certificate Services
• Network Policy Services (NAP)
VDI
Hosts
Anwendungs-Virtualisierung
• Paketierung / Isolierung
• Streaming
• App-V for TS included in RDS CAL
Monitoring & Auditing
• PROaktives Monitoring
• End-to-End Monitoring
• Dynamische Regeln & Lastbasierende
Steuerung der Host Landschaft/Rollen
Clients
User Profiles
Folder Redir.
Management Dienste
ThinClients/NetPCs/
Terminals
File & Print
Services
Licensing
Services
Infrastruktur Dienste
Load
Balancing
Physical or Virtual
Connection Dienste
Services
Security
Services
Server Hosts
Terminal Server
Hosts / Farmen•Configuration Manager (CM)
•Virtual Machine Manager (VMM)
•Operations Manager (OM)
•Application Virtualization
Management Server (App-V)
Für Basis Dienste
Remote
Desktop
Protocol
(RDP)
7.x
fähige
Clients
Windows
Server
2008 R2
RDS (TS)
&
Hyper-V
Rollen
Microsoft
oder
Partner
Microsoft Server Virtualisierung mitHyper-V
Alleinstellungsmerkmale der Microsoft-Virtualisierungslösung
Hardware
Windows Hypervisor
VM 1“Parent”
VM 2“Child”
VM 3“Child”
VirtualHard Disks
(VHD)
Hardware
Windows Server 2003
Virtual Server 2005 R2
VM 2 VM 3
Server Virtualisierung
Kunden-Herausforderungen:
• Niedriger Auslastungsgrad von Servern
• Hohe Stromkosten
• Komplexe Verwaltung von physikalischen und virtuellen Servern
• Hardware-abhängigkeiten bei Legacy-Systemen
• Betriebssystem-abhängigkeiten von Legacy-Appliaktionen
Hyper-V ist integraler Bestandteil von Windows Server 2008 / 2008 R2
Eine Rolle von Windows Server 2008 x64 / 2008 R2In Standard, Enterprise, und DataCenter Editionen enthalten
“Minimale” Konfiguration mit Server Core möglich
Erfordert Hardware mit Virtualisierungs-Unterstützung
Intel VT oder AMD-V
Hypervisor-basierte Architektur
Flexible und dynamische Virtualisierungslösung
Einheitliches Patch Management basiert auf WSUS/SCCM
Verwaltet durch Microsoft System Center VMM
Auch verfügbar als Standalone Server:Microsoft Hyper-V Server
Kostenvorteil! Bei Einsatz von Windows Server 2008 in den virtuellen Servern muss kein zusätzlicher
Hypervisor beschafft werden.
Hyper-V Verwaltungskonsole
Integrated Components für …Windows 2000 SP4
Windows XP SP2/SP3
Windows Server 2003 SP2
Windows Vista SP1/SP2
Windows 7
Windows Server 2008/SP2
Windows Server 2008 R2
IC unter GPL – ab Linux Kernel Version 2.3.32
Novell SUSE Linux Enterprise 10 SP1/SP2 + 11
Redhat Enterprise 5.2/5.3/5.4
Hyper-V Rolle in Windows Server 2008: Features
32-bit (x86) & 64-bit (x64) Virtual Machine (VM)
Großer Memory Support (64GB) innerhalb der VMs
1 bis 4 CPU Gast-VM SMP Support
Installation auf Server Core
Pass-through Disk Zugriff von VMs
Neue Hardware Architektur (VSP/VSC – Synthetische I/O Treiber)Disk, networking, input, video
Netzwerk (z.B. VLAN support – 802.1q, etc.), Jumbo Frames*
Nicht-Microsoft Gast Betriebssystem Unterstützung
Virtual Machine Snapshots
Volume Shadow Services (VSS) Unterstützung für Backup
WMI Scripting Schnittstelle
Rollen-basierter Zugriff /AuthN
High Availability & Live* / Quick Migration (mit Enterprise oderDataCenter)
*nur mit Windows Server 2008 R2
Quick Migration: für geplante & ungeplante Downtime
Netzwerkverbindung
(Heartbeat)
Storage
Verbindung
VHDs
auf SAN
1. Virtuelle Maschine speichern
2. Storage Connectivity von einem Virtualization-Server zum anderen verlegen
3. Wiederherstellen der Virtuellen Maschine
Windows Server 2008 R2 mitHyper-V R2
Hyper-V R2 – Features
Live Migration
Cluster Shared Volume (NTFS)
64 LP CPUsMax. 384 VMs bei max. 512 vCPUs
Prozessor Kompatibilität Mode
Second Level Address TranslationIntel calls it Extended Page Tables (EPT)
AMD calls it Nested Page Tables (NPT) or Rapid Virtualization Indexing (RVI)
Core Parking
Hot Add/Remove Storage
Improved Network Performance
Improved Dynamic Disk Performance
etc
Hyper-V Live Migration
Basiert auf Windows Server Failover Cluster
Verschieben einer laufenden VM von einem Host
auf den anderen Host ohne Downtime
Für den Client ist es komplett transparent
Offene TCP Verbindungen bleiben erhalten
Clients bleiben verbunden
Geplanter AusfallFailover Clustering stellt die VM bei einem ungeplanten
Ausfall wieder her
Quick Migration vs. Live Migration
Quick Migration(Windows Server 2008 Hyper-V)
1. Save state
a) Create VM on the target
b) Write VM memory to shared storage
2. Move virtual machine
a) Move storage connectivity from source host to target host via Ethernet
3. Restore state & Run
a) Take VM memory from shared storage and restore on Target
b) Run
Live Migration(Windows Server 2008 R2 Hyper-V)
1. VM State/Memory Transfer
a) Create VM on the target
b) Copy memory pages from the source to the target via Ethernet
2. Final state transfer
a) Pause virtual machine
b) Move storage connectivity from source host to target host via Ethernet
3. Un-pause & Run
Host 1 Host 2 Host 1 Host 2
Live Migration
1. Erstellen einer VM auf dem Ziel Server
Host 1 Host 2Blue = Storage
Purple = Networking
Shared Storage
3. Abschließender Transfer
a) Pause Virtual Machine
b) Verschieben der Storage Verbindung vom Ausgangs- zum Ziel Server via LAN
4. Ausführen der neuen VM aus dem Ziel Server, Löschen der “alten” VM auf dem Ausgangsserver
2. Kopieren von Memory Pages vom Ausgangs- zum Ziel Server via LAN
Failover Cluster Management Console
Migration & Storage
Windows Server 2008 R2 Hyper-V
Cluster Shared Volume (CSV)
CSV provides a single consistent file name space; Alle Windows Server 2008 R2 Servers sehen den gleichen Storage
Einfaches Setup; Basiert auf NTFS
Keine Neuformatierung des SANs
Erstellt einen großen Datenbereich
Kein Laufwerksbuchstabenproblem mehr
Volume Typen Supported von Hyper-V
VHDVHD
Single VolumeLUN
VHD
LUN
VHD
LUN
VHD
LUN
VHD VHD
VHD VHD VHD
Clustered Shared Volume (CSV)
Many Volumes
Eine VHD per LUN Clustered Shared Volumes
Hot Add/Remove Storage
Überblick
Hinzufügen und Wegnehmen einer VHD oder Pass-through Disk zu einer laufenden VM ohne Reboot.
Hot-add/remove Disk setzt voraus das die VHDs oder Pass-through disks an einen virtual SCSI controller angeschloßen sind
Vorteile
Ermöglicht das Erweiteren von Storage ohne Downtime einer VM
Ermöglicht zusätzliche Backup Szenarien
Networking Improvements
Jumbo Frame Support
TCP Offload support
TCP/IP traffic in a VM can be offloaded to a physical NIC on the host computer.
Reduce CPU burden
Virtual Machine Queue (VMQ) Support
Allows the NIC to essentially appear as multiple
NICs on the physical host (queues) ,
performance gain
Networking
Jumbo Frame Support
Ethernet frames >1,500
bytes
Ad hoc standard is ~9k
Overview
Enables 6x larger
payload per packet
Benefits
Improves throughput
Reduce CPU utilization of
large file transfers
Intel® Xeon® Processor 5580 Platform, Windows Server 2008 R2 and Intel® 82599 10GbE Adapter
1,030,000 IOPs• Single Port
• 10GbE line rate
• 10k IOPs per CPU point
• Performance for real world apps
• Future ready: Performance Scales
552k IOPs at 4k represents• 3,100 Hard Disk Drives
• 400x a demanding database workload
• 1.7m Exchange mailboxes
• 9x transactions of large eTailers
• Jumbo frames: >30% CPU decrease is common for larger IO size (jumbo frames not used
here)
Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate perf ormance of Microsoft and Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance. Buyers should consult other sources of information to evaluate the per formance of systems or components they are considering purchasing.
Read/Write IOPs and CPU Test
Read/Write IOPs and Throughput Test
Breakthrough Performance at 10GbE
TCPTCP
DefaultQueue
Virtual NIC
TCP
Virtual NIC
Filter and Classifier
Virtual MachineSwitch
Virtual NIC
RoutingVLAN Filtering
Data Copy
Port 1 Port 2
PCI Express*
Intel® VT-d
Q1 Q2
Port 3
Intel® Ethernet with VMDq and Hyper-V R2 VMq off-loads mapping traffic flows directly to the virtual guest iSCSI initiator
Incoming packets sorted into multiple queues based on MAC Address and/or VLAN tags (VMDq).
NIC Sorted and queued data packets are routed to the VMs by the VM Switch
Shared Memory feature removes data copy and enables data packets to DMA directly into VMs’ memory (VMQ)
Intel® Ethernet 82559 with VMDq
Conserve resources for applications and guests
MSiSCSI MSiSCSI MSiSCSI
iSCSI Initiator Performance Optimizations
MPIO or MCS load balancing across multiple virtual NICs
Windows Network stack Performance optimizations
VM1 VM2 VM3
iSCSI Acceleration in Hyper-V
Example: Mixing FC & iSCSI for multiple VM hostingofferings on same infrastructure
High Availability - GeoClusterHigh Service Level Architecture – Automated Failover , Site Redundancy
Failover Cluster Config incl. Storage & Site Redundancy
vLANs (Corp, DMZ, etc.)
SAN Layer
VM 1 Disk
VM 2 Disk
VM 10 Disk
. . .
IO / VDS / MPIO
NIC
1
Adapter Adapter
VM 3 VM ... n
VM 1 VM 2
NIC
2
NIC
3
NIC
4
Host OS
IO / VDS / MPIO
NIC
1
Adapter Adapter
VM 3 VM ... n
VM 1 VM 2
NIC
2
NIC
3
NIC
4
Host OS
VM 1 Disk
VM 2 Disk
VM 10 Disk
. . .
IO / VDS / MPIO
NIC
1
Adapter Adapter
VM 3 VM ... n
VM 1 VM 2
NIC
2
NIC
3
NIC
4
Host OS
IO / VDS / MPIO
NIC
1
Adapter Adapter
VM 3 VM ... n
VM 1 VM 2
NIC
2
NIC
3
NIC
4
Host OS
Witness Node
3rd Site/Location
Partner PluginsSymantec Storage
Foundation for Windows (Veritas)
SteeleyeDoubletakeDataCore,
Sanbolic, etc...
Logical Disk Mirroring, or…
Disk Replication
(Symantec SF-Win)
Failover Cluster Mgr
Disk Replication
(Symantec SF-Win)
Failover Cluster Mgr
Disk Replication
(Symantec SF-Win)
Failover Cluster Mgr
Disk Replication
(Symantec SF-Win)
Failover Cluster Mgr
Physical Disk Mirroring: HDS, HP, EMC, NetApp….
Host 1
A
Host 2
A
Host 3
B
Host 4
B
Hyper-V Certifications / Zertifizierungen
Security / Sicherheit
BSI & CommonCriteria EAL4+ Zertifiziert
English version: http://www.bsi.de/zertifiz/zert/reporte.htm#Midsize_Systems
Deutsche Version:http://www.bsi.de/zertifiz/zert/report.htm#Mittlere_Systeme
SAP
SAP-Note 674851 – Virtualization on Windows
“We tested its application on Hyper-V on Windows Server 2008 as guest operating system with four virtual CPUs and on Windows Server 2003 as guest operating system with two virtual CPUs. All internal tests showed a high reliability and stability…“„During measurements of an individual virtual machine, 100% of the performance of the physical machine was reached. No overhead caused by virtualization could be detected.“
SAP-Note 124667 – Hyper-V configuration guidelines
Virtualization Validation Program
Windows Server Virtualization Validation ProgramDesigned to improve customers' support experiences when running Windows Server on virtualization technologies other than Hyper-V™ and Virtual Server
http://www.windowsservercatalog.com/svvp.aspx
Example participating vendors:
VMWare, Citrix, Novell, Oracle, RedHat, etc.
Microsoft server software and supported virtualization environments
http://support.microsoft.com/kb/957006
Examples: Specific versions of SQL, Exchange, System Center, etc.
Tools für Hyper-VMicrosoft Assessment and Planning Toolkit (MAP)
Offline Virtual Machine Servicing Tool (OVMST)
Remote Server Administration Tools (RSAT)
Core Configurator 2.0
Disk2vhd (P2V)
Hyper-V Remote Management Configuration Utility
VHD Creation Tool
Die Windows Server Version Konsolidierung
Hyper-V Server 2008 & 2008 R2
Was ist Microsoft Hyper-V Server? Microsoft Hyper-V
Server 2008 (HVS)
Beinhaltet den Windows
Hypervisor und weitere
Komponenten wie der Basis
Kernel und Treiber.
Windows hypervisor
Windowsor Linux
Hardware
Parent Partition
Windows or Linux
Microsoft Hyper-V Server
Windows Server 2008
Hyper-V (Windows Role)
Verfügbar als eine Rolle in
Server Core oder Full
Installation von Windows
Server 2008
Hyper-V
Windowsor Linux
Hardware
Windowsor Linux
Windows hypervisor
WindowsParent
Partition
Hyper-V Server 2008 R2
Microsoft Hyper-V Server ist als kostenfreier Download verfügbar:
http://www.microsoft.com/hyper-VServer
Technologisch gleich einem Windows Server 2008 R2 Enterprise
Edition
Arbeitsspeicher: Bis zu 1TB physischen Speicher pro System
Unterstützt bis zu 8 physischen Prozessoren (sockets) oder 64 logische
CPUs
Hochverfügbarkeit / Clustersupport
Unterstützt MPIO und div. Storage Optionen
Quick- und Live Migration
Boot von Flash oder USB
Security Option wie Bitlocker Support
Hvconfig Utility für einfache Konfiguration, siehe
HVconfig
• Automatischer Start bei der Anmeldung
• Einfaches Setup Utility für Konfigurationen
• Lokalisiert in 11 Sprachen
Remote Management…
Capabilities Microsoft Hyper-V Server
2008
Microsoft Hyper-V Server
2008 R2
Windows Server 2008 R2 EE,
DC
Processor Architecture x64 only Yes Yes Yes
Hypervisor-based Yes Yes Yes
Product Type Standalone product Standalone product Operating System
Number of Sockets (Licensing) Up to 4 Up to 8 Up to 8 = EE | Up to 64 = DC
Number of cores supported by the
hypervisor 24 (with QFE) 64 64
Memory Up to 32 GB Up to 1 TB Up to 1TB
VM Migration None Quick and live migration Quick and live migration (EE & DC)
Administrative UI
Command line, text based
configuration utility and remote
GUI management
Command line, text based
configuration utility and remote GUI
management
Command line, remote management,
and local GUI (Hyper-V Manager
MMC)
Management Existing management tools
Manageable by SCVMM Yes (SCVMM 2008) Yes (SCVMM 2008 R2) Yes (SCVMM 2008 R2)
Virtualization Rights for Windows
Server guests0* 0 *
EE = 4 VM
DC Edition = unlimited VM per proc
Number of running VM GuestsUp to 192, or as many as physical
resources allow
Up to 384, or as many as physical
resources allow
Up to 384, or as many as physical
resources allow
Storage Direct Attach Storage (DAS): SATA, eSATA, PATA, SAS, SCSI, Firewire, Storage Area Networks (SANs): iSCSI, Fiber
Channel, SAS
Planned Guest OS support Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 SP2, Windows 2000 Server, Novell SUSE
Linux Enterprise Server 10, Windows 7, Windows Vista SP1 & Windows XP SP3/SP2
Vergleich Microsoft Hyper-V Server 2008 , R2 und WS 2008 R2
Hyper-V Server does not require CALs
Architektur
Hyper-V Architecture
Hardware
Microsoft Hypervisor
Parent Partition Child Partition
Windows Server 2008
Virtualization
Service Provider
(VSP)
Device Drivers
Virtualization
Service
Consumer (VSC)
Enlightenments
Hyper-V Aware Windows OS
VMM Service
Ring -1
Ring 0Kernel
Mode
Ring 3User
Mode
VM Worker
Processes
WMI Provider
HypercallsHypercalls
Child Partition
3rd
party VSC
Device Drivers
Hyper-V Aware Non-Windows OS
3rd
party Hypercall
Interface
Child Partition
Device Emulation
Non-Hyper-V Aware OS
WinHv WinHv
Intercepts
Virtualization
Infrastructure
Driver
Hypercalls
VMBusVMBus VMBus
Hypervisor Design Goals
Strong Isolation
Security
Performance
Virtualization Support
…and …
Simplicity– Restrict activities to monitoring
and enforcing
– Where possible, push policy up
Hardware
Microsoft Hypervisor
Parent Partition Child Partition
Windows Server 2008
Virtualization
Service Provider
(VSP)
Device Drivers
Virtualization
Service
Consumer (VSC)
Enlightenments
Hyper-V Aware Windows OS
VMM Service
Ring -1
Ring 0Kernel
Mode
Ring 3User
Mode
VM Worker
Processes
WMI Provider
HypercallsHypercalls
Child Partition
3rd
party VSC
Device Drivers
Hyper-V Aware Non-Windows OS
3rd
party Hypercall
Interface
Child Partition
Device Emulation
Non-Hyper-V Aware OS
WinHv WinHv
Intercepts
Virtualization
Infrastructure
Driver
Hypercalls
VMBusVMBus VMBus
Parent partition
Parent Partition ist verantwortlich für:Managing und Zuweisung von Hardware Ressourcen
Power Management, „plug and play“ und Hardware Fehler Events
Erstellung und Managen von weiteren Partitionen
Laden und Starten des Hypervisor
Virtualization Stack innerhalb der Parent Partition
Virtual Machine Management Service (VMMS)
Virtual Machine Worker Process (VMWP)
Virtual Devices (VDEVs)
Virtualization Service Providers (VSPs)
Virtualization Infrastructure Driver (VID)
Windows Hypervisor Interface Library (WinHv)
Parent Partition
Windows Server 2008
Virtualization
Service Provider
(VSP)
Device Drivers
VMM Service
VM Worker
Processes
WMI Provider
Hypercalls
WinHv
Virtualization
Infrastructure
Driver
VMBus
Child Partition
Emulated Devices
Virtualization Service Clients (VSC)
Guest Integration Components
VMBus
WinHv
Virtual devices
Integration Services
Heartbeat
Key/Value Pair Exchange
Time Synchronization
Shutdown Gast Betriebssystem
Volume Shadow Copy Service (VSS)
Enlightenments
Emulated Devices
Motherboard Chipsatz mit IDE Controller
Legacy Network Adapter“Ältere Netzwerkkarte”
Video Chip
Verwendet wird der original Inbox Treiber
Integration Services
Integration Components
Emulated Devices Synthetic Devices
Installation der Hyper-V Rolle
Windows Server 2008 ist secure out of the box.
Funktionalitäten werden hinzugefügt durch das Installieren von weiteren Rollen oder Funktionen
Installation von Hyper-V Rolle in Full Version von W2K8Initial Configuration Tasks (ICT) – Add Roles
Server Manager – Add Roles
Server Manager CLI – servermanagercmd.exe
Role ist Hyper-V
Ausführen von servermanagercmd.exe –query nach der Installation zum Verifizieren
Installation von der Hyper-V Rolle in Server COREAusführen bcdedit /set hypervisorlaunchtype auto
Install by running – start /w OCSetup Microsoft-Hyper-V and reboot
Verify install by running – OCList after reboot
Hyper-V – Virtual Machine Connection Client
Ersetzt VMRC von VS
RDP basierte Verbindung
Kein Remote Desktop/TS
Unterstützt Remote Verbindungen
Unterstützt nicht copy/paste
Verfügbar via RSAT für Vista SP1 / WS2008
Hyper-V Storage
Windows Server 2008 mit Hyper-V enthält folgende Storage Optionen:
Direct Attached Storage (DAS) (SATA, SAS), or Storage Area Network (SAN) (FC, iSCSI).
Hosting the Guest operating systemVirtual Hard Disk – files based, stored on a storage volume
Dynamic, Fixed disk are the choices
Pass-Through – allows virtual machine direct access to the storage
Disk must be offline in the parent partition
Storage connectionsIDE – enhanced from VS 2005, 48-LBA, 2048 Gigabyte disks
Performance on par with SCSI
Must be used to boot the OS
SCSI – synthetic device, requires Integration Services, 4/Guest with upto 64 disks per controller (Total =256); no LUN size limitation
iSCSI – must connect to the physical network, use iSCSI Client, no limitto number of disks, can „hot-add‟ disks.
Synthetic Disk Path
Parent Partition Child Partitions
Kernel Mode
User Mode
Windows hypervisor
Applications
Provided by:
Windows
ISV
OEM
Windows
Virtualization
VMBus
Windows File System
Volume
Partition
Disk
Fast Path Filter (VSC)
StorPortVirtual Storage
Miniport (VSC)
Virtual Storage
Provider (VSP)
StorPort
Hardware
StorPort
Miniport
VM Worker Process
Disk
IDE
SCSI
Emulated Disk Path
Parent Partition Child Partitions
Kernel Mode
User Mode
Windows hypervisor
Applications
Provided by:
Windows
ISV
OEM
Windows
Virtualization
StorPort
Hardware
StorPort
Miniport
VM Worker Process
Disk
Windows File System
Volume
Partition
Disk
Hyper-V Networking
Parent PartitionVirtual Netzwerkeverbunden mit physical NICs
External – limited by the number of NICs
Internal - unlimited
Private - unlimited
Ethernet NICs only
VLAN Support
Trunking at physical switch port
No Wireless NIC support
Virtual MachineSynthetic NIC
Legacy NIC
12 NICs per VM
8 synthetic
4 legacy
Up to 10Gb/s
VLAN support
Security & Administration
Virtualization Security: Windows Server Platform
Windows Server 2008 Logo HW - AMD-V / Intel VT
Windows Hyper-V
VM 1
“Parent”
VM 2
“Child”VM 3
“Child”
VirtualHard Disks
(or LUN)
Mgmt
Network
Server Core
VM Guest Network
Hypervisor SecurityMemory & CPU Protection
Buffer Overflow Protection
Data Execution Prevention
Code pages marked read-only
Limited exception handling
Digitally signed
Security Develop. Lifecycle
- Threat modeling
- Static analysis
- Fuzz testing
- Penetration testing
IO Protection-Host Controlled
Access
Delegated VM Adminstration- AzMan RBAC
Reduced Attack Surface-Server CoreLogical Isolation via IPSec-Firewall AuthN Rules-ex: Admin-only PCsSingle-Sign-On-AD integrationSecure Volumes-Bitlocker EncryptionEventlog Forwarding
File Permissions-Host Controlled SAN Permissions
Security und Roles
Virtual Server unterstützt NTFS und ACL um VM‟sabzusichern
Hyper-V verwendet via Authorization Manager Rollen basierte Security
AZMAN.MSC
ÖffnenInitialStore.xml
Diese Datei ist
HIDDEN
Defining Roles
Roles are task groups
Tasks define permissions
Users are assigned roles
AdministrationskonzeptFestlegen von benötigten Rollen wie:
Hyper-V Administrator (muss nicht lokaler Admin sein)
Administrator für bestimmte Gruppe von Hyper-V Server
„Self Service User“ die ihre eigenen Maschinen verwalten
Hyper-V ohne VMMBerechtigungen werden über Authorization Manager vergeben.
je Hyper-V Server eigene xml - kann auch als Store innerhalb des ADs zur Verfügung gestellt werden
VMM DelegationZwei zusätzliche Rollen vorhanden Self Service User und Delegated Administrator
Administration wird über Hostgruppen delegiert
Management
MMC
WMI Interface
Jedes Tool, welches mit WMI zusammen arbeitet, kann Hyper-V managen
VBScript
PowerShell
.NET
Command Line
Windows Server Core
Server Core ist eine neue Installation OptionErmöglicht die Basisfunktionen eines Servers (File, Print, DC, DNS, Hyper-V, Cluster, etc.)
Nur ein Kommandozeileneingabe verfügbar, keine GUI oder Shell (mit kleinen Ausnahmen)
VorteileWeniger Code resultiert in weniger Patches
Mehr Sicherheit und Stabilität bei weniger Management
Fewer Patches, Less Reboot?
Date IssuedMicrosoft Security Bulletins /
Updates - CRITICALServer Core
Relevant
Feb 10, 2009 MS09-002 No
Dec 17, 2008 MS08-078 No
Dec 9, 2008 MS08-073 No
Dec 9, 2008 MS08-071 Yes
Nov 11, 2008 MS08-069 No
Oct 14, 2008 MS08-058 No
Sep 9, 2008 MS08-052 No
Aug 12, 2008 MS08-045 No
Jun 10, 2008 MS08-033 No
Jun 10, 2008 MS08-031 No
Apr 8, 2008 MS08-024 No
All Updates (Apr-2008 to Oct-2008)
Core Configurator 1.0
Not included in Server Core
Developed byTony Ison (MCS Consultant)
Andrew Auret (MCS Consultant)
Was designed to
Accelerate adoption
Reduce IT Training
Reduce configuration errors
Script and WMI based
JAN-2010 Copyright Seite ITBF: Windows Server 2008 R2 - Deployment,
Core Configurator 2.0
Available at:http://www.coreconfigurator.comhttp://www.codeplex.com/coreconfig
Collection of scripts formanaging Server Core:Product LicencingNetworking FeaturesDCPromo ToolISCSI SettingsServer Roles and FeaturesUser and Group PermissionsShare Creation and DeletionFirewall SettingsDisplay SettingsAdd & Remove DriversScreensaver SettingsWindows Updates (incl.WSUS)
JAN-2010 Copyright Seite ITBF: Windows Server 2008 R2 - Deployment,
“Boot from VHD” provides . . .
As many unique clients/servers/roles as you have space for on a machine
No need to change drive partitioning
A reboot can completely change the role/function of the server
Backups=File Copies of VHDs
No real performance hitBCEDIT Command
Remote PowerShell Scenarios Fan-Out (1 to Many)
Send the script
Select properties – Allows you to
specify which properties to bring
back
Throttling – limits number of
concurrent operations
Async support – Runs the command
in background on client
Fan-In (Many to 1)
Hosting model
Share static data between sessions
(eg: cmdlet metadata from snap-in)
Send progress information to client
(eg: Connecting, Connected)
The PowerShell Graphical InterfacesGraphical PowerShell
Out-GridView
Integrated
development
environment
Multi-tabbed
interface
Syntax coloring
Backup (Disk Snapshot)
VSS basiert (Hyper-V VSS Writer)
Online Backup einer laufenden Virtual MachineBackup auch von Anwendungen die VSS unterstützen
Windows Server Backuphttp://blogs.msdn.com/taylorb/archive/2008/08/20/backing-up-hyper-v-virtual-machines-using-windows-server-backup.aspx
Anprogrammieren von VSSDiskshadow
Sample Script
http://virtuallyaware.spaces.live.com/blog/cns!549C424F228D6040!153.entry?wa=wsignin1.0
SCDPM 2007 SP1 / SCDPM 2010
3rd Party Produkte die den Hyper-V VSS Writer unterstützen
Hyper-V Features
Microsoft Server Virtualization – optimal in der Kombination
Managing Infrastruktur
• X-platform Support (Hyper-V, VMware)
• Intelligent Placement of VMs
• Performance and Resource Optimization
• Live Migration Management
• Queuing/Maintenance Mode
• Rapid Provisioning via Templates
• Storage Migration, SAN Enhancements
Virtualization Plattform
• Improved Scalability (64 Logical CPU)
• Remote Desktop Services (RDS)
• Live Migration– Clustered Shared Volumes (CSV)– Processor Compatibility Mode
• Performance Enhancements– New Processor Feature Support
– Core Parking - Power Efficiency– Hot Add/Remove of Storage– Networking Optimization
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.