This is the second of a 2-part series delivered at Prairie DevCon in Calgry on March 15. 2012. The sessions provided a quick overview of the new features of Hyper-V in Windows Server "8" Beta and how these compare to VMware vSphere 5.
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
What’s New in Windows Server“8” Beta for Hyper-V (Part 2)Damir BersinicSenior Platform AdvisorMicrosoft Canada Inc.firstname.lastname@example.orgTwitter: @DamirBhttp://blogs.technet.com/b/canitpro
Session Objectives and Takeaways• Why Windows Server "8" Hyper-V for Private Cloud • What did we learn from you and our Partners?• Networking• Hyper-V VM Mobility• Critical Cloud Security• Hyper-V Replica
The Definitive Platform for Cloud: Windows Server “8”.
Network ConsiderationsCustomers• How do I ensure network • Fully Leverage Network multi-tenancy? Fabric• IP Address Management is a • How do I integrate with pain. existing fabric?• What if VMs are competing • Network Metering? for bandwidth? • Can I dedicate a NIC to a workload?
Hybrid Clouds Windows Server "8" is optimized for Hybrid Clouds to host multi-tenant workloads Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center
Security In a multi-tenant environment … … customers want security and isolation Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center
Multi-Tenant Network Requirements• Tenant wants to easily move VMs to/from the cloud• Hoster wants to place VMs anywhere in the data center• Both want: Easy Onboarding, Flexibility & IsolationWoodgrove Bank Contoso BankBlue 10.1.0.0/16 Cloud Data Center Red 10.1.0.0/16
One Solution: PVLAN Green Blue Red1 Red2 10.1.1.31 10.1.1.21 10.1.1.11 10.1.1.12 Hyper-V Switch u Isolated Isolated Community Community 4, 7 4, 7 4, 9 4, 9 Win 8 Host• Isolation Scenario To Internet (10.1.1.1) • Hoster wants to isolate all VMs from each other and allow internet connectivity • #1 Customer Ask from hosters• Community Scenario • Hoster wants tenant VMs to interact with each other but not with other tenant VMs • Requires a VLAN id for each “community” (limited scalability, only 4095 VLAN IDs)
Introducing Hyper-V Network VirtualizationWoodgrove VM Contoso VM Woodgrove network Contoso network Physical Physical network serverHyper-V Machine Virtualization Hyper-V Network Virtualization• Run multiple virtual servers on a • Run multiple virtual networks on a physical network physical server • Each virtual network has illusion it is running as a physical• Each VM has illusion it is running fabric as a physical server
Reliability Even when hardware fails … … customers want continuous availability TEAMING Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center
Predictability Even when multiple VMs are competing for bandwidth … … customers want predictability 15 Tenant 1: Multiple VM Workloads $$ 25 Tenant 2: Multiple VM Workloads Data Center $$$$
Scalability Cloud admins want scalability … … and customers want performance Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center
Extensibility Customers want specialized functionality with lots of choice … … for firewalls, monitoring and physical fabric integration Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center
Hyper-V Extensible Switch Forwarding extensions direct traffic, defining the Filtering extensions can also be Capture extensions can inspect traffic and Windows Filter Platform (WFP) Extensions destination(s) of each packet generate new traffic for report insert APIs implemented using NDIS filteringpackets Root Partition VM1 VM2 can inspect, drop, modify, andpurposes VM NIC Host NIC VM NIC using WFP APIs BFE Service Firewall Forwarding extensions can capture and filter traffic Capture extensions do not modify Broadcom Example: VM DoS Prevention by existing Extensible Switch Filtering Engine Callout Extensible Switch traffic Firewall software Windows Antivirus and Examples: uses WFP for traffic filtering Extension Protocol – Cisco Nexus 1000V and UCS – Capture Extensions Example: sflow byFirewall by 5NINE Software Example: Virtual inMon NEC ProgrammableFlows vPFS OpenFlow WFP Extensions Filtering Extensions Forwarding Extensions Extension Miniport Physical NIC
Feature Rich Networking in the Box• Open, Extensible Virtual Switch• SR-IOV Network Support • Nexus 1000 Support – Reduce Latency & CPU • Openflow Support Utilization • Network Introspection – Supports Live Migration • Much more… • Network QoS• Advanced Networking – Per VNIC bandwidth • ACLs reservation & limits • PVLAN • …much more… • Network Metering• Windows NIC Teaming
Single-Root I/O Virtualization (SR-IOV)• Reduces latency of network path Root Partition Virtual Machine• Reduces CPU utilization for Hyper-V Switch processing network traffic Routing Virtual NIC• Increases throughput VLAN Filtering• Direct device assignment to Data Copy virtual machines without compromising flexibility Virtual Function Physical• Supports Live Migration SR-IOV Physical NIC NIC Network I/O path with SR-IOV Network I/O path without SR-IOV
SR-IOV Enabling & Live MigrationTurn On IOV Live Migration Post Migration Enable IOV (VM NIC Property) Break Team Reassign Virtual Function Virtual Function is “Assigned” Remove VF from VM Assuming resources are Team automatically created Migrate as normal available Traffic flows through VF Software path is not used Virtual Network Stack Machine “TEAM” Software NIC “TEAM” VM has connectivity even if Switch not in IOV mode Software Switch Software Switch (IOV Mode) IOV physical NIC not (IOV Mode) present Virtual Function Virtual Function Different NIC vendor Physical SR-IOV Physical NIC Different NIC firmware SR-IOV Physical NIC NIC
Cloud Admins Want Scale, Customers Perf DVMQ, IPsec Task Offload, SR-IOV IPsec Task Offload: Microsoft expectsDynamic Virtual Machine Queue deployment of Internet Protocol security(VMQ) is a feature available to (IPsec) to increase significantly in the coming years. The large demands placed on the CPUcomputers running Windows Server by the IPsec integrity and encryption2008 R2 with the Hyper-V server role algorithms can reduce the performance ofinstalled, that have VMQ-capable your network connections. IPsec Task Offloadnetwork hardware. VMQ uses is a technology built into the Windows operating system that moves this workloadhardware packet filtering to deliver from the main computers CPU to a dedicatedpacket data from an external virtual processor on the network adapter.machine network directly to virtualmachines, which reduces the SR-IOV is a specification that allows a PCIe device to appear to be multiple separateoverhead of routing packets and physical PCIe devices. The SR-IOVcopying them from the management specification was created and is maintainedoperating system to the virtual by the PCI SIG, with the idea that a standardmachine. specification will help promote interoperability. SR-IOV works by introducing the idea of physical functions (PFs) and virtual functions (VFs). Physical functions (PFs) are full- featured PCIe functions; virtual functions (VFs) are “lightweight” functions that lack configuration resources.
Advanced Network SecurityDHCP Guard, Router Guard, Monitor Port • DHCP Guard is a security feature that drops DHCP server messages from unauthorized virtual machines pretending to be DHCP servers. • Router Guard is a security feature that drops Router Advertisement and Redirection messages from unauthorized virtual machines pretending to be routers. • Monitor Mode duplicates all egress and ingress traffic to/from one or more switch ports (being monitored) to another switch port (performing monitoring)
Manage to a Service Level AgreementNetwork Bandwidth & QoS • Bandwidth Management allows you to easily reserve minimum or set maximums to provide QoS controls to manage to a service level agreement
Windows 8 Networking: It’s All ThereFeature rich, extensible, in the box, no compromises Windows Server 2008 Windows Server 2008 R2 Windows Server "8“ BetaNIC Teaming Yes, via partners Yes, via partners Windows NIC Teaming in box.VLAN Tagging Yes Yes YesMAC Spoofing Protection No Yes, with R2 SP1 YesARP Spoofing Protection No Yes, with R2 SP1 YesSR-IOV Networking No No YesNetwork QoS No No YesNetwork Metering No No YesNetwork Monitor Modes No No YesIPsec Task Offload No No YesVM Trunk Mode No No Yes
VMware Comparison Windows Server “8” VMware VMware vSphereCapability Beta Hyper-V ESXi 5.0 5.0 Enterprise PlusExtensible Switch Yes No Yes1Confirmed Partner Extensions 4 No 2Private Virtual LAN (PVLAN) Yes No Yes1ARP Spoofing Protection Yes No vShield App/Partner2DHCP Snooping Protection Yes No vShield App/Partner2Virtual Port ACLs Yes No vShield App/Partner2Trunk Mode to Virtual Machines Yes No NoPort Monitoring Yes Per Port Group Yes3Port Mirroring Yes Per Port Group Yes3 1. vSphere Distributed Switch (required for extensibility & PVLAN capability) is available only in the Enterprise Plus edition of vSphere 5.0 2. ARP Spoofing, DHCP Snooping Protection & Virtual Port ACLs require either vShield App or a Partner solution, all of which are additional purchases on top of vSphere 5.0 Enterprise Plus 3. Port Monitoring and Mirroring at a granular level requires vSphere Distributed Switch, which is available in the Enterprise Plus edition of vSphere 5.0. 23
VMware Comparison Windows Server “8” VMware VMware vSphereCapability Beta Hyper-V ESXi 5.0 5.0 Enterprise PlusDynamic Virtual Machine Queue Yes Yes YesIPsec Task Offload Yes No NoSR-IOV Yes DirectPath I/O1 DirectPath I/O1Storage Encryption Yes No No1. DirectPath IO, whilst not identical to SR-IOV, aims to provide virtual machines with more direct access to hardware devices, with network cards being a good example. Whilst on the surface, this will boost VM networking performance, and reduce the burden on host CPU cycles, in reality, there are a number of caveats in using DirectPath I/O: • Very small Hardware Compatibility List • No Memory Overcommit • No vMotion (unless running certain configurations of Cisco UCS) • No Fault Tolerance • No Network I/O Control • No VM Snapshots (unless running certain configurations of Cisco UCS) • No Suspend/Resume (unless running certain configurations of Cisco UCS) • No VMsafe/Endpoint Security support No such restrictions are imposed when using SR-IOV, ensuring customers can combine the highest levels of performance with the flexibility they need for an agile infrastructure. 24
Customers Discuss VM Mobility• Don’t provide new features • No Downtime Servicing that preclude Live Migration. – SAN Upgrades/Migrations• I want to be able to securely • When VMs migrate, move move any part of a VM the historical data with the anywhere at anytime. No VM Limits. • Fully Leverage hardware to speed migrations
Virtual Machine Mobility• Live Migration with High Availability• SMB Live Migration• Live Storage Migration
Live Storage Migration• Enables Storage Load Hyper-V Balancing Virtual Machine 1• No downtime VHD Stack 3 servicing 2• Leverages Hyper-V Offloaded Data 5 VHD VHD 4 Transfer (ODX) Source Device Destination Device
Wouldn’t it be great if you could Live Migrate a VM with nothing but an Ethernet cable? We think so too… Introducing: Share Nothing Live Migration
VM MobilityComplete mobility. Simply the best.• Live Migration with High Availability • Live Migrate among servers in a failover cluster• SMB Live Migration • Live Migrate VMs among servers with SMB storage• Live Storage Migration • Live Migrate VM storage from one volume to another without downtime• Share Nothing (SNO) Live Migration • Live Migrate VMs among servers with nothing, but an Ethernet connection
VMware Comparison Windows Server “8” VMware VMware vSphere Capability Beta Hyper-V ESXi 5.0 5.0 Enterprise Plus VM Live Migration Yes No1 Yes2 1GB Simultaneous Live Migrations Unlimited3 N/A 4 10GB Simultaneous Live Migrations Unlimited3 N/A 8 Live Storage Migration Yes No4 Yes5 Shared Nothing Live Migration Yes No No Network Virtualization Yes No No1. Live Migration (vMotion) is unavailable in ESXi 5.0 – vSphere 5.0 required2. Live Migration (vMotion) is available in Essentials Plus & higher editions of vSphere 5.03. Within the technical capabilities of the networking hardware4. Live Storage Migration (Storage vMotion) is unavailable in ESXi 5.05. Live Storage Migration (Storage vMotion) is available in Enterprise & Enterprise Plus editions of vSphere 5.0 31
Hyper-V ReplicaUnlimited Replication• Disaster Recovery Scenarios: • Planned, Unplanned and Test Failover • Pre-configuration for IP settings for primary/remote location• Key Features: • RPO/RTO in minutes • Seamless integration with Hyper-V and Clustering • Automatically handles all VM mobility scenarios (e.g. Live migration) • Supports heterogonous storage between primary and recovery • Integrates with Volume Shadow Services (VSS)
Hyper-V ReplicaComplements Array Based Replication Replication Cost Management Performance Provider Microsoft • Flexible Storage • VM Granularity • 5 minutes RPOs Hyper-V Options Available • Open APIs • Application Level Replica • Unlimited VM provide Consistency Replication included extensibility, • File Level interoperability Consistency and prevent vendor lock-in Storage Based NetApp, HP, Fujitsu, • High end replicating • LUN-VM Layout • Synchronous Replication IBM, Hitachi, FalconStor, storage • Coordination with Replication 3Par, EMC, LSI, • Additional storage team • High Data Compellent, EqualLogic replication software Volumes and more…
VMware Comparison Windows Server VMware VMware vSphereCapability “8” Beta Hyper-V ESXi 5.0 5.0 Enterprise PlusIncremental Backups Yes No Yes1VM Replication Yes No vCenter SRM2NIC Teaming Yes Yes YesIntegrated High Availability Yes No3 Yes4Guest OS Application Monitoring Yes N/A No5Failover Prioritization Yes N/A Yes6Affinity & Anti-Affinity Rules Yes N/A Yes6Cluster-Aware Updating Yes N/A Yes61. VMware Data Recovery is available in Essentials Plus and higher vSphere 5.0 editions2. vSphere Replication is a feature of VMware vCenter Site Recovery Manager (SRM), which is available in 2 editions and is a chargeable addition to vSphere 5.03. ESXi 5.0 has no high availability features built in – vSphere 5.0 is required.4. VMware HA is built in to Essentials Plus and higher vSphere 5.0 editions5. VMware have made APIs publicly available, but actual application monitoring is not included6. Features available in all editions that have High Availability enabled.
VMware Comparison Windows VMware VMwareCapability Server “8” Beta vSphere 5.0 ESXi 5.0 Hyper-V Enterprise PlusNodes per Cluster 64 N/A1 32VMs per Cluster 4,000 N/A1 3000Max Size Guest Cluster (iSCSI) 64 Nodes 02 02Max Size Guest Cluster (Fiber) 64 Nodes 2 2Max Size Guest Cluster (File Based) 64 Nodes 03 03Guest Clustering with Live Migration Support Yes N/A1 No4Guest Clustering with Dynamic Memory Yes No5 No5Support1. High Availability/vMotion/Clustering is unavailable in the standalone ESXi 5.02. VMware does not support VM Guest Clustering using iSCSI storage.3. VMware does not support VM Guest Clustering using File Based Storage i.e. NFS4. VMware does not support the vMotion of a VM that is part of a Guest Cluster5. VMware does not support the use of Memory Overcommit with a VM that is part of a Guest Cluster
Why Windows Server "8" Hyper-V for Private Cloud?
Windows Server "8" for Cloud• Most Manageable & Extensible • Hyper-V Extensible Switch • New Minimal Server Install (MinShell) • PowerShell Flexibility • HTTP • WSMan • DCOM • Persistent Metrics • Maintenance Mode in the Box
Windows Server "8" for Cloud• Most Scalable • Largest Virtual Disks • Native 4K disk support • Most NICs per Team • Most Virtual Disks per VM • Most Nodes per cluster • Most VMs per cluster
Windows Server "8" for Cloud• Most Secure • BitLocker integration with Failover Cluster • Secure Guest Fiber Channel • DHCP Guard, Router Guard • IPSec Task Offload • Secure Boot, Attestation, Measured Boot • Simple Authentication
Windows Server "8" for Cloud• Complete VM Mobility & In the Box • Share Nothing Live Migration • SMB Live Migration • Live Migration with High Availability • Live Storage Migration • Concurrent Live Migration • Concurrent Live Storage Migration
Windows Server "8" for Cloud• Most Feature Rich, All • More… Server Editions include: 7. Hyper-V Resource Pools 1. Hyper-V Extensible Virtual Switch 2. Hyper-V Replica 8. Hyper-V Offloaded Data 3. Live Storage Migration Transfer 4. Network I/O Control 9. GPU Accelerated VM 5. Storage I/O Control Video 6. SR-IOV 10. ….And… Hyper-V Network Virtualization
We Didn’t Even Get To…• New CPU Instruction Support • Simple Authorization• Dynamic Memory 2.0 • In Box Maintenance Mode• Network Resource Pools • Configurable Saved States• Storage Resource Pools • VDI• Persistent Metrics • RemoteFX 2.0• Secure Boot, Measured Boot, • Just scratching the surface.. Attestation
In Review: Session Objectives and Takeaways• Windows Server "8": The Definitive Cloud OS• Designed for Mission Critical, Scale Up• New Rich Industry Leading Networking • Hyper-V Extensible Switch • Hyper-V Network Virtualization• Unparalleled VM Mobility • Share Nothing Live Migration• Unlimited VM Replication with Hyper-V Replica
Download Windows Server “8” Beta• http://technet.microsoft.com/en-us/evalcenter/hh670538
Microsoft Virtual Academyhttp://www.microsoftvirtualacademy.com
Download System Center 2012 RC Eval http://technet.microsoft.com/en-ca/evalcenter/hh505660.aspx
Microsoft Virtualization Certifications Exam Number Core Exam for the Following Track and Title 70-659, TS: Windows Server 2008 R2, Microsoft Certified Technology Specialist Server Virtualization (MCTS) 70-669, TS: Windows Server 2008 R2, Microsoft Certified Technology Specialist Desktop Virtualization (MCTS) 70-693, PRO: Virtualization Administrator Microsoft Certified IT Professional 2008 R2 (MCITP) http://www.microsoft.com/learning/