Microsoft Virtual Server/Hyper-V Archives - Page 9 of 11

Low-cost enterprise virtualisation from XenSource

Posted on Wednesday 3 October 2007Thursday 4 October 2007 By Mark Wilson

This content is 17 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

As I write this, I’m on the train to attend a Microsoft event about creating and managing a virtual environment on the Microsoft platform (that’s something that I’m doing right now to support some of my business unit’s internal systems). I’m also on the Windows Server Virtualization TAP program (most of the information I get from that is under NDA – I’m saving it all up to blog when it becomes public!) and I have a good working knowledge of VMware’s product set, including some of the (non-technical) issues that a virtualisation project can face. With that in mind, I thought I’d take the time to attend one of XenSource‘s Unify Your Virtual World events yesterday to look at how this commercial spinoff from the open source Xen project fits into the picture.

From my point of view, the day didn’t start well: the location was a hotel next to London Heathrow airport with tiny parking spaces at an extortionate price (at least XenSource picked up the bill for that); there was poor signage to find the XenSource event; and stale pastries for breakfast; however I was pleased to see that, low key as the event was, the presenters were accessible (indeed John Glendinning, XenSource VP for Worldwide Sales, was actively floor-walking). And once the presentation got started things really picked up with practical demonstrations supplemented with PowerPoint slides (not OpenOffice Impress as I would expect from an open source advocate) only to set the scene and provide value, rather than the typical “death by PowerPoint” product pitch with only a few short demonstrations.

XenSource logo XenSource was founded in 2005 by the creators and leaders of the Xen hypervisor open source project and in that short time it has grown to the point where it is now a credible contender in the the x86 virtualisation space – so much so that they are currently in the process of being acquired by Citrix Systems. Rather than trying to dominate in the entire market, XenSource’s goal is clear – they provide a core virtualisation engine with partners providing the surrounding products for storage, backup, migration, etc., ensuring that there are multiple choices for enterprises that deploy the XenSource virtualisation products. The XenSource “engine” is a next generation hypervisor which delivers high performance computing through its use of paravirtualisation and hardware assist technologies. They also try to cast off the view of “it’s Linux so it must be difficult” with their 10 minutes to Xen model with no base operating system or RPMs to install, demonstrating the installation of a Xen server on bare metal hardware in around 10 minutes from a PXE boot (other deployment options are available).

From an architectural standpoint, the Xen hypervisor is very similar to Microsoft’s forthcoming Windows Server Virtualization model, providing an environment known as Domain 0. Memory and CPU access is facilitated by the hypervisor, providing direct access to hardware in most cases although for Windows VMs to make use of this the hardware must support Intel-VT or AMD-V (virtualisation hardware assistance). Storage and network access use a high performance memory bus to access the Domain 0 environment which itself makes use of standard Linux device drivers, ensuring broad hardware support.

One of the problems with running multiple virtual machines on a single physical server is the control of access to hardware. In a virtualisation environment that makes use of emulated drivers (e.g. VMware Server, Microsoft Virtual Server) the guest operating system is not aware that it is running in a virtual environment and any hardware calls are trapped by the virtual machine management layer which manages interaction with the hardware. The paravirtualised model used for Linux VMs allows the guest operating system to become aware that it is virtualised (known as enlightenment) and therefore to make a hypercall (i.e. a call to the hypervisor) that can interact directly with hardware. For non-paravirtualised operating systems that use the high performance memory bus (e.g. current versions of Windows), full virtualisation is invoked whereby the virtual machine believes it owns the hardware but in reality the hardware call is trapped by the virtualisation assist technology in the processor and passed to the hypervisor for action. For this reason, Intel VT or AMD-V capabilities are essential for Windows virtualisation with Xen.

XenSource view the VMware ESX Server model of hypervisor-based virtualisation as “first generation” – effectively using a mini-operating system kernel that includes custom device drivers and requires binary patching at runtime with a resulting performance overhead. In contrast, the “second generation” hypervisor model allows for co-operation between guests and the hypervisor, providing improved resource management and input/output performance. Furthermore, because the device drivers are outside the hypervisor, it has a small footprint (and consequentially small attack surface from a security standpoint) whilst supporting a broad range of hardware and providing significant performance gains.

XenSource claim that paravirtualised Linux on Xen has only a 0.5-2% latency (i.e. near-native performance) and even fully virtualised Windows on Xen has only a 2-6% latency (which is comparible with competing virtualisation products).

There are three XenSource products:

XenExpress – a production-ready, entry level system for a standalone server (free of charge).
XenServer – a mid-range multi-server virtualisation platform
XenEnterprise – high capacity dynamic virtualisation for the enterprise.

Because the three products share the same codebase (unlike Microsoft Virtual PC/Virtual Server or VMware Workstation/Server/ESX Server), upgrade is as simple as supplying a license key to unlock new functionality. For XenServer and XenEnterprise, there are both perpetual and annual licensing options (licensed per pair of physical CPU sockets) at a significantly reduced cost when compared with VMware Virtual Infrastructure 3 (VI3).

The version 4 XenSource products were released in August 2007 with an update planned for the last quarter of 2007. New features in version 4 include:

XenMotion (XenEnterprise only) for seamless movement of virtual machines between hosts without any noticeable downtime (cf. VMware VMotion).
XenResourcePools (XenEnterprise only) to join virtual servers and manage virtualised resources as a logical group, supporting automatic VM placement and XenMotion with shared storage (volume-based iSCSI and file-based NFS, using the .vhd disk format), authentication, authorisation and resource configuration (similar to the model in VMware Virtual Center).
Xen64, a true 64-bit hypervisor providing scalability and support for enterprise applications in either a 32- or 64-bit environment with quality of service controls on resources, dynamic guest configuration and supporting up to:
- 128GB RAM (32GB per guest, hotplug addition for supported Linux operating systems).
- 1-32 pCPUs (1-8 vCPUs per guest).
- 1-8 NICs (1-7 NICs per guest – hotplug addition and removal).
- 1-128 storage repositories (16TB per repository with hotpluggable disks).
XenCenter, which provides a graphical virtualisation management interface, with guided wizards and guest templates for host and resource pool configuration on multiple servers, storage and networking configuration and management, VM lifecycle management and import/export (cf. VMware Virtual Center). Whilst CLI commands are also available XenCenter is a Microsoft.NET application for Windows operating systems which makes use of the latest Windows user interface standards. Because XenCenter makes use of a distributed configuration database there is no dependency on a single SQL Server and management can fail over between virtual host servers.
XenAPI, a secure and remoteable programming interface for third-party and customer integration with existing products and processes including the xe commands for system control.

One example of the XenSource approach to providing additional functionality through partnerships is the agreement with Symantec whereby Symantec (formerly Veritas) Storage Foundation will be embedded into XenEnterprise (providing dynamic fibre-channel multipathing for redundancy, load balancing, resilience and speed); a new product called XenEnterprise High Availability will be developed for virtual machine failover; and Veritas NetBackup will be offered for data protection and backup of critical applications running on XenEnterprise virtual machines (via the NetBackup Agent, also supporting snapshots when used with Symantec Storage Foundation). Rather than re-certify systems for virtualisation, XenSource will accept Symantec’s certified plugins for common OEM architectures and, because Symantec Storage Foundation is already widely deployed, existing investments can be maintained.

In terms of demonstration, I was impressed by what I saw. XenSource demonstrated a bare metal installation in around 10 minutes and were able to show all the standard virtualisation demonstrations (e.g. running a ping, copying files, or watching a video whilst performing a live migration with no noticeable break in service). The XenCenter console can be switched between VNC and RDP communications and Xen makes use of is own .xva Xen virtual appliance format with Microsoft .vhd virtual hard disks. Conversion from VMware .vmdk files is possible using the supplied migration tools (there are Linux P2V tools included with the XenSource products but for Windows migrations it’s necessary to use products from partners such as PlateSpin and LeoStream) and templated installations can also be performed with simple conversion between running VMs and templates. When cloning virtual machines, there are options for “fat clones” whereby the whole disk is copied or thin provisioning using the same image and a differencing drive. Virtual machines can use emulated drivers or XenSource Tools can be installed for greater control from the console. Storage can be local, NFS or iSCSI based with fibre channel storage and logical volume management expected in the next release.

It’s clear that XenSource see VMware as their main competitor in the enterprise space and it looks to me as if they have a good product which provides most of the functionality in VMware VI3 Enterprise Edition (all of the functionality in VMware VI3 Standard Edition) at a significantly lower price point. The Citrix aquisition will provide the brand ownership that many sceptics will want to see before they buy an open source product, the partnership model should yield results in terms of flexibility in operations and it’s clear that the development pace is rapid. With XenSource going from strength to strength and Microsoft Windows Server Virtualization due to arrive around the middle of next year, VMware need to come up with something good if they want to retain their dominance of the x86 virtualisation market.

Mounting virtual hard disks in Windows Vista

Posted on Wednesday 12 September 2007Sunday 23 September 2007 By Mark Wilson

Microsoft’s Virtual PC Guy (Ben Armstrong) wrote a blog post last year about using the VHDMount utility from Virtual Server 2005 R2 SP1 with a few registry edits to enable right-click mounting/dismounting of virtual hard disk (.VHD) files.

As .VHD files become ever more prevalent, this is a really useful capability (for example, Windows Vista’s Complete PC Backup functionality writes to a .VHD file).

The trouble is that, as supplied, Ben’s script does not work on Windows Vista as attempting to run vhdmount.exe will return:

Access Denied. Administrator permissions are needed to use the selected options. Use an elevated command prompt to complete these tasks.

An elevated command prompt is fine for entering commands directly (or by running a script) but what about Ben’s example of providing shell-integration to mount .VHDs from Explorer? Thankfully, as Steve Sinchak noted in TweakVista, Michael Murgolo wrote an article about elevating commands within scripts using a free PowerToy called elevate which is available from the Microsoft website. After downloading and extracting the elevate PowerToy scripts, I was able to confirm that they would let me run vhdmount.exe using the command elevate vhdmount.exe

Following that, I edited Ben Armstrong’s registry file to read:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell] @="Mount"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Dismount]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Dismount\command] @="\"C:\\Program Files\\Script Elevation PowerToys\\elevate\" \"C:\\Program Files\\Microsoft Virtual Server\\Vhdmount\\vhdmount.exe\" /u /d \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Mount]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Virtual.Machine.HD\shell\Mount\command] @="\"C:\\Program Files\\Script Elevation PowerToys\\elevate\" \"C:\\Program Files\\Microsoft Virtual Server\\Vhdmount\\vhdmount.exe\" /p \"%1\""

[HKEY_CLASSES_ROOT\.vhd] @="Virtual.Machine.HD"

Note the /d switch in the dismount command. I had to use this (or /c) to allow the disk to be unmounted and avoid the following message:

The specified Virtual Hard Disk (VHD) is plugged in using the default Undo Disk option. Use /c to commit or /d to discard the changes to the mounted disk.

I chose the discard option as most of my .VHDs mounting is simply to extract files but others may prefer to commit.

A few more points to note about VHDMount:

VHDMount is an installable option in the Virtual Server 2005 R2 SP1 setup program (I installed it together with the virtual machine remote control (VMRC) client on my Vista client PC as I find the VMRC client to be much more responsive than managing VMs through a web browser).
Earlier versions of VHDMount did not use a signed driver, resulting in an error that says the device driver software was not successfully installed. The release version of the driver is signed.
If you try to expand a virtual hard disk beyond the limits of the physical hardware (e.g. copy a large file to a mounted volume), it will probably hang your system (pretty obvious really but see Microsoft knowledge base article 937366 for more details).
The VHD_MOUNT_TRACE environment variable can be used for troubleshooting issues with VHDMount.

Enabling multiple VMRC client connections with Virtual Server 2005 R2 SP1

Posted on Tuesday 14 August 2007Tuesday 2 October 2007 By Mark Wilson

I’ve just been building some virtual machines and I wanted to run multiple copies of the Virtual Machine Remote Control (VMRC) client to monitor progress (they just seem more responsive than the administration website). Each time I connected the VMRC client, I was presented with the following message:

Connection to the VM stopped as multiple connections are disabled

It turns out that Virtual Server 2005 R2 SP1 has disabled multiple VMRC connections as a security precaution. It’s just a simple checkbox on the VMRC server properties to re-enable but useful to know about.

More virtualisation tools from Microsoft

Posted on Wednesday 4 July 2007Wednesday 25 July 2007 By Mark Wilson

James O’Neill has an interesting post on some of the recent developments around Microsoft’s virtualisation products and strategy.

Get a Mac? Maybe, but Windows Vista offers a more complete package than you might think

Posted on Thursday 10 May 2007Wednesday 31 December 2008 By Mark Wilson

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ll freely admit that I have been critical of Windows Vista at times and I’ll stand by my comments published in Computer Weekly last November – Windows XP will remain in mainstream use for quite some time. Having said that, I can’t see Mac OS X or Linux taking the corporate desktop by storm and the move to Vista is inevitable, just not really a priority for many organisations right now.

Taking off my corporate hat one evening last week, I made the trip to Microsoft’s UK headquarters in Reading for an event entitled “Vista after hours”. Hosted by James Senior and Matt McSpirit it was a demo-heavy and PowerPoint-light tour of some of the features in Windows Vista that we can make use of when we’re not working. Not being a gamer and having bought a Mac last year, I’ve never really paid attention to Microsoft’s digital home experience but I was, quite frankly, blown away by what I saw.

The first portion of the evening looked at some of the out-of-the-box functionality in Windows Vista, covering topics like search, drilling down by searching within results, using metadata to tag objects, live previews and saving search queries for later recall as well as network diagnosis and repair. Nothing mind-blowing there but well-executed all the same. Other topics covered included the use of:

Windows Photo Gallery (which includes support for the major, unprocessed, raw mode formats as well as more common, compressed, JPEG images) to perform simple photo edits and even to restore to the original image (cf. a photographic negative).
Windows Movie Maker to produce movies up to 1080p.
Windows DVD Maker to produce DVD menus with support for both NTSC and PAL as well as 4:3 and 16:9 aspect ratios.
Windows Media Player to organise media in many ways (stack/sort by genre, year, songs, album, artist, rating, recently added, etc.) and share that media.

Apple Macintosh users will think “yeah, I have iPhoto, iMovie, iDVD and iTunes to do all that” and they would be correct but Apple says (or at least implies in its advertising) that it’s hard to do these things on a PC – with Vista it’s just not… which moves me on to backup – not provided (at least in GUI form) by the current Mac OS X release (only with a .Mac subscription) and much improved in Windows Vista. “Ah yes, but Leopard will include Time Machine!”, say the Mac users – Windows has had included the volume shadow copy service (VSS/VSC) since Windows XP and Windows Backup includes support for multiple file versions right now as well as both standard disk-based backups and snapshots to virtual hard disk (.VHD) images, which can then be used as a restore point or mounted in Virtual PC/Virtual Server as a non-bootable disk. Now that does sound good to me and I’m sure there must be a way to make the .VHD bootable for physical to virtual (P2V) and virtual to physical (V2P) migrations… maybe that’s something to have a play with another day.

Regardless of all the new Vista functionality, for me, the most interesting part of the first session was Windows Home Server. I’m a registered beta user for this product but must confess I haven’t got around to installing it yet. Well, I will – in fact I’m downloading the April CTP as I write this. Based on Windows 2003 Small Business Server, it provides a centralised console for management of and access to information stored at home. Microsoft claim that it has low hardware requirements – just a large hard disk – I guess low hardware requirements is a subjective term (and I figure that my idea of low hardware requirements and Microsoft’s may differ somewhat), nevertheless it offers the opportunity to secure data (home computer backup and restore, including scheduling), provide centralised storage (a single storage pool, broken out as shared storage, PC backups, operating system and free space), monitor network health (i.e. identify unsafe machines on the network), provide remote access (via an HTTPS connection to a defined web address) and stream media, all controlled through a central console. Because the product is aimed at consumers, ease of use will be key to its success and it includes some nice touches like scheduled backups and automatic router configuration for remote access. Each client computer requires a connection pack in order to allow Home Server to manage it (including associating account information for secuirity purposes) and, in response to one of my questions, Microsoft confirmed that there will be support for non-Windows clents (e.g. Mac OS X 10.5 and even Linux). Unfortunately, product pricing has not yet been released and early indications are that this will be an OEM-only product; that will be a great shame for many users who would like to put an old PC to use as a home server.

Another area covered in the first session was parental controls – not really something that I worry about right now but maybe I will over the next few years as my children start to use computers. Windows Vista includes the ability for parents to monotor their child’s activities including websites, applications, e-mail, instant messages and media. Web filters can be used to prevent access to certain content with an HTTP 450 response, including a link for a parent to approve and unblock access to the content as well as time limits on access (providing a warning before forcing a logout). Similarly, certain games can be blocked for younger users of the family PC. The volume and diversity of the questions at the event would indicate that Vista’s parental controls are fairly simplistic and will not be suitable for all (for example, time limits are on computer access as a whole and not for a particular application, so it’s not possible to allow a child access to the computer to complete their homework but to limit games to a certain period in the evening and at weekends).

If session one had whetted my appetite for Vista, session two (Vista: Extended) blew my mind and by the time I went home, I was buzzing…

I first heard of Windows SideShow as a way to access certain content with a secondary display, e.g. to provide information about urgent e-mails and upcoming appointments on the lid of a laptop computer but it actually offers far more than this – in fact, the potential for SideShow devices is huge. Connectivity can be provided by USB, Wi-Fi, Bluetooth – Windows doesn’t care – and the home automation possibilities are endless. I can really see the day when my fridge includes capabilities for ordering groceries via a SideShow display in the door. There is at least one website devoted to SideShow devices but James Senior demonstrated a laptop bag with a built-in SideShow controller including a cache for media playback. Typically used to expose information from a Windows Sidebar gadget, SideShow devices will wake up a sleeping computer to synchrosise content then put it back to sleep and can be secured with a PIN or even erased when logged off. Access is controlled within the Windows Control Panel and there is an emulator available to simulate SideShow devices.

As elegant as Apple Front Row is, for once Microsoft outshines the competition with Windows Media Center

Next up was Windows Media Center. Unlike with the Windows XP Media Center and Tablet PC editions, Microsoft no longer provides a separate SKU for this functionality, although it is not enabled in all Vista product editions. Media Center is a full-screen application that offers a complete home media hub – sort of like Apple Front Row but with support for TV tuners to include personal video recorder (PVR) functionality. As elegant as Apple Front Row is, for once Microsoft outshines the competition with Windows Media Center – multiple TV tuners can be installed (e.g. to pause live TV, or to record two items at once, as well as the elctronic programme guide (EPG), controls, etc. being displayed as an overlay on the currently playing content. As with Windows Media Player, visualisations are provided and in theory it ought to be possible to remote control a Media Center PC via Windows Home Server and set up a recording remotely. Individual programs, or whole series, can be recorded and many TV tuners include DVB-T (digital terrestrial) support (i.e. Freeview), with other devices such as satellite and cable TV decoders needing a kludge with a remote infra-red controller (a limitation of Sky/Virgin Media network access rather than with Windows). Other functionality includes RSS support as well as integration with Windows Live Messenger and some basic parental controls (not as extensive as elsewhere in Windows Vista but nevertheless allowing a PIN to be set on certain recordings).

The event was also my first opportunity to look at a Zune. It may be a rather half-hearted attempt at producing a media player (no podcast support and, crucially, no support for Microsoft’s own PlaysForSure initiative) but in terms of form-factor it actually looks pretty good – and it includes functionality that’s missing from current iPods like a radio. If only Apple could produce an iPod with a similarly-sized widescreen display (not the iPhone) then I’d be more than happy. It also seems logical to me that as soon as iTunes is DRM-free then the iTunes/iPod monopoly will be broken as we should be able to use music purchased from the largest online music store (iTunes) on the world’s favourite portable media player (iPod) together with Windows Media Center… anyway, I digress…

I mentioned earlier that I’m not a gamer. Even so, the Xbox 360‘s ability to integrate with Windows PCs is an impressive component of the Microsoft’s digital home experience arsenal. With its dashboard interface based around a system of “blades”, the Xbox 360 is more than just a games machine:

Xbox Live is an online platform for competitive gaming, based around a system of points and achievements.
Xbox Live Marketplace provides access to addition content, themes, trailers, updates, and demos (using a currency of Microsoft Points).
An Xbox 360 can be used as a Windows Media Center Extender to stream content from the PC to a TV (as well as from a Zune).
The external Xbox 360 HD-DVD player provides access to HD-DVD content and also works with Windows Vista (details of Paul Thurrott’s experience with Vista and the Xbox HD-DVD player can be heard in episode 24 of the Windows Weekly podcast).

As well as the Xbox 360 Core and Xbox 360 Pro (chrome) systems Microsoft has launched the Xbox 360 Elite in the United States – a black version with a 120GB hard disk and HDMI connectivity, although it’s not yet available here in the UK (and there are also some limited edition Yellow Xbox 360s to commemorate the Simpsons movie).

Finally, Microsoft demostrated Games for Windows Live – bringing the XBox 360 Live experience to Windows Vista-based PC gaming. With an Xbox 360 wireless gaming receiver for Windows, Vista PC gamers can even use an Xbox 360 wireless controller (and not just for gaming – James Senior demonstrated using it to navigate Windows Live maps, including the 3D and bird’s eye views). Not all games that are available for both PCs and the Xbox will offer the cross-platform live experience; however the first one that will is called Shadowrun (and is due for release on 1 June 2007) bringing two of the largest gaming platforms together and providing a seamless user experience (marred only by the marketing decision to have two types of account – silver for PC-PC interaction and gold for PC-XBox).

Apple’s Get a Mac campaign draws on far too many half truths that will only become apparent to users after they have made the decision to switch… and then found out that the grass is not all green on the other side

So, after all this, would I choose a Mac or a Windows PC? (or a Linux PC?) Well, like so many comparisons, it’s just not that simple. I love my Mac, but Apple’s Get a Mac campaign draws on far too many half truths that will only become apparent to users after they have made the decision to switch, splashed out on the (admittedly rather nice) Apple hardware and then found out that the grass is not all green on the other side. In addition, Apple’s decision to delay the next release of OS X whilst they try to enter the mobile phone market makes me question how committed to the Macintosh platform they really are. Linux is good for techies and, if you can support yourself, it has the potential to be free of charge. If you do need support though, some Linux distros can be more expensive than Windows. So what about Windows, still dominant and almost universally despised by anyone who realises that there is a choice? Actually, Windows Vista is rather good. It may still have far too much legacy code for my liking (which is bound to affect security and stability) but it’s nowhere near as bad as the competition would have us thinking… in fact it hasn’t been bad since everything moved over to the NT codebase and, complicated though the product versions may be, Windows Vista includes alternatives to the iLife suite shipped with a new Macs as well as a superior media hub. Add the Xbox integration and Windows SideShow into the mix and the Microsoft digital home experience is excellent. Consumers really shouldn’t write off Windows Vista just yet.

Looking forward to Windows Server Virtualization

Posted on Monday 12 March 2007Sunday 8 April 2007 By Mark Wilson

Okay, I’m English, so I spell virtualisation with an “s” but Windows Server Virtualization is a product name, so I guess I’m going to have to get used to the “z” in the title of this post…

Over the last year-or-so, much of my work has been concerned with server virtualisation technologies from both Microsoft and VMware (I haven’t really looked at the SWsoft Virtuozzo or Parallels products yet, although I am interested in some of the desktop integration that the latest version of Parallels Desktop for Mac offers). The majority of my efforts have been focused on consolidating server workloads to increase operational efficiency (hence the lack of focus on desktop products) and even though Microsoft Virtual Server 2005 R2 is a very capable product, it is severely constrained by two main factors – a hosted architecture and a lack of management products – consequently I find myself recommending VMware Virtual Infrastructure because Microsoft doesn’t have a product that can really compete in the enterprise space.

Yet.

A couple of years back, I wrote about Microsoft’s intention to move from hosted virtualisation to a hypervisor-based architecture (in VMware product terms, this can be compared to the differences between VMware Server and VMware ESX Server) and Windows Server Virtualization (codenamed Viridian) is the result.

Last week, I was alerted (by more than one Microsoft contact) to the presence of a video in which Jeff Woolsey – Lead Programme Manager Windows Server Virtualisation team – demonstrates Windows Server Virtualization and System Center Virtual Machine Manager and, if it does everything that it promises, then I see no reason not to use the Microsoft platform in place of VMware ESX Server and Virtual Center for the majority of enterprise clients.

I’ve never doubted Microsoft’s ability (given sufficient time) to grab a huge slice of the x86 server virtualisation market and later this year we should see a new version of Windows Server (codenamed Longhorn) arrive along with Windows Server Virtualization. Soon after that, unless VMware produce something pretty fantastic, I predict that we’ll start to see Microsoft increasing its dominance in the enterprise server virtualisation market.

In the video I mentioned above, Jeff demonstrates that Windows Server Virtualisation runs as a role on Windows Server Core (i.e. a lightweight version of the Windows Server operating system using fewer system resources), allowing for an increase in the number of running virtual machines. Because Windows Server Core uses a command line interface for local administration, most access will be achieved using remote management tools (VMware ESX Server users – does this sound familiar?). Microsoft are keen to point out that they can support an eight-core virtual machine, which they consider will be more than enough to cover the vast majority of enterprise-class workloads; however I imagine that VMware would release a patch to allow this on ESX Server should it become necessary (they already support 4-core virtual SMP).

Continuing to look at what Windows Server Virtualization will offer, according to Microsoft UK’s James O’Neill:

There will be no support for parallel ports and physical floppy disks – floppy disk images will be supported.
The remote management protocol will change from VMRC to RDP.
The virtualization layer will provide the RDP support (rather than the guest operating system) so there should be no more of a problem getting to the machine’s BIOS or accessing guest operating systems that don’t support RDP than there is today with VMRC.
The web console interface has been replaced with an MMC interface.
It will not be a chargeable product (as for Virtual Server 2005 R2 and Virtual PC 2004/2007); however what James doesn’t point out (and that I think is likely) is that the management products (see below) will have a cost attached.
Windows Server Virtualization will require 64-bit processors (in common with most of the Longhorn Server wave of products).
It will support 64-bit guests.
It won’t be back-ported to Server 2003 (even 64-bit).
It will support today’s .VHD images.

What I have not yet managed to ascertain is whether or not Windows Server Virtualization will allow the overcommitment of resources (as VMware ESX Server does today).

From a management perspective, Microsoft is planning to release a new product – System Center Virtual Machine Manager (VMM) to manage workloads or both physical and virtual resources including a centralised console and new functionality for P2V and live migrations. VMM will organise workload by owner, operating system or user-defined host group (e.g. development, staging and production) as well as providing direct console access to running virtual machines (very like VMware Virtual Center). For the other side of management – that of monitoring the health and performance of physical and virtual workloads – there will be System Center Operations Manager 2007 (a replacement for MOM).

In my experience of implementing virtualisation in an enterprise environment it’s not the technology that presents the biggest issues – it’s the operational paradigm shift that is required to make the most of that technology. Overcoming that hurdle requires a strong management solution, and that’s where Microsoft has been putting a lot of work in recent years with the System Center range of products.

Until now, it’s the management of Virtual Server that has been the product’s Achilles’ heel – the combination of VMM and Operations Manager will provide a complete solution for both physical and virtual workloads – and that is potentially Microsoft’s unique selling point – competing products from VMware require learning a new set of tools for managing just the virtual infrastructure, whereas Microsoft is trying to make it easy for organisations to leverage their existing investment in Windows Server administration.

Quoting Mike Neil, Microsoft GM for Virtualisation Strategy in a recent post on where [Microsoft’s] headed with [virtualisation] (via John Howard):

“We want to make Windows the most manageable virtualization platform by enabling customers to manage both physical and virtual environments using the same tools, knowledge and skills”

They may just pull it off – Windows Server Virtualization plus Virtual Machine Manager and Operations Manager may not be as all-encompassing as VMware Virtual Infrastructure but it will come close and it’s probably all that many organisations are ready for at the moment.

Refreshing the CD-ROM drive in Virtual Server

Posted on Saturday 6 May 2006Friday 9 March 2007 By Mark Wilson

This content is 19 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve been installing Exchange in a virtual machine this evening and ran into an interesting issue with Virtual Server and CD/DVD access. The virtual machine in question had a virtual CD/DVD drive was attached to the host computer’s CD-ROM drive but each time I switched CDs, the guest seemed unaware of the change.

I found a workaround on the microsoft.public.virtualserver newsgroup. It’s clumsy, but by releasing the guest’s virtual CD/DVD drive (connect to no media) and reconnecting to the host’s physical CD/DVD drive I was able to force the virtual machine to recognise the new disk (Virtual PC users can release and recapture the CD drive within Virtual PC).

Problem adding a virtual machine to Virtual Server 2005 R2

Posted on Friday 5 May 2006Friday 9 March 2007 By Mark Wilson

I’ve just been struggling to add a virtual machine back into the Virtual Server administration website (after I changed the search path). Each time I tried, Virtual Server highlighted the .VMC file as a known configuration file but then reported that:

The virtual machine configuration could not be added. A configuration with this name already exists.

Luckily enough, I found Mohammed Adenwala’s problem adding a virtual machine in Virtual Server 2005 blog post which described my problem exactly. After deleting C:\Documents and Settings\All Users\Application Data\Microsoft\Virtual Server\Virtual Machines\virtualmachinename.lnk I was able to add the virtual machine to the administration website and run it.

Problems accessing the Virtual Server administration website on a Windows Server 2003 domain controller

Posted on Thursday 4 May 2006Tuesday 15 May 2007 By Mark Wilson

Although I have several computers at home, most of my server roles are running on a single PC. That means Active Directory (AD) domain controller (DC), DNS, DHCP, RIS, WSUS, and print services are all on one box (file services are on my NSLU2) so I figured that adding Virtual Server 2005 R2 to the mix shouldn’t be too big a problem. It’s certainly not good practice, but it works.

Another bad practice is to run internet information services (IIS) on a DC, but I already have IIS installed for WSUS, so adding the Virtual Server administration website should have been reasonably straightforward. Following installation, existing websites on the server were working as expected but any attempt to access the Virtual Server 2005 administration website resulted in an HTTP Error 403 – Forbidden: Access is denied. message, despite entering the domain administrator credentials when prompted (and already being logged on as the domain administrator).

From checking the event log, I found that Virtual Server was logging the following event on startup:

Event Type: Warning
Event Source: Virtual Server
Event Category: Virtual Server
Event ID: 1130
Date: 01/05/2006
Time: 15:28:23
User: NT AUTHORITY\NETWORK SERVICE
Computer: SERVER1
Description:
The service principal names for Virtual Server could not be registered. Constrained delegation cannot be used until the SPNs have been registered manually. Error 0x80072098 – Insufficient access rights to perform the operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I tried the steps in Microsoft knowledge base article 890893 but adding the appropriate SPNs to AD didn’t seem to make any difference.

A bit of Googling turned up a blog entry from David Wang which although not completely relevant, contained a reference to a similar problem in the comments. Sure enough, when I checked the IIS logs, the error code was 403 19, as shown below:

#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2006-05-01 21:29:39 W3SVC2 ipaddress GET /VirtualServer/VSWebApp.exe view=1 1024 domainname\Administrator ipaddress Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 19 1314

I tried David’s advice of switching the IIS DefaultAppPool identity to LocalSystem and that worked (LocalSystem is a very highly-privileged account), but (despite my lackadaisical approach to co-hosting services and the probably security implications) I didn’t really feel that it was an ideal solution and I switched back to Network Service. I then set about trying to work out why the Network Service account (NT AUTHORITY\NETWORK SERVICE) didn’t have the appropriate permissions. Microsoft knowledge base article 332097 looked as if it might be relevant (Microsoft knowledge base article 842493 is similar) but didn’t seem to solve the problem (in any case the IIS_WPG group already had the correct permissions) so I fired up the Local Security Settings MMC snap-in and checked out the user rights assignment in the local security policy.

Because my IIS server is also a DC, many of the user rights normally associated with the Network Service account had been removed (and were overridden by the Default Domain Controllers Policy). NT AUTHORITY\NETWORK SERVICE was also missing from the IIS worker process group (IIS_WPG) membership (and could not be added as it is a local account) so I edited the local security policy and the Default Domain Controllers Policy (another bad practice – I should really have created a new policy for DCs running IIS) as follows:

Replace a process-level token (Default Domain Controllers Policy).
Adjust memory quotas for a process (Default Domain Controllers Policy).
Generate security audits (Default Domain Controllers Policy).
Log on as a batch job (Default Domain Controllers Policy).
Impersonate a client after authentication (local security policy).

The following user rights were already in existence:

Bypass traverse checking (inherited from Everyone).
Access this computer from the network (inherited from Everyone).
Log on as a service (Default Domain Controllers Policy).

After forcing a group policy refresh (using gpupdate /force) and issuing the iisreset command, I was able to access the Virtual Server administration website as expected; although the event 1130 warnings are still being recorded in the event log, along with event 1129 since I enabled the virtual machine remote control (VMRC) server:

Event Type: Warning
Event Source: Virtual Server
Event Category: Remote Control
Event ID: 1029
Date: 04/05/2006
Time: 21:19:18
User: NT AUTHORITY\NETWORK SERVICE
Computer: SERVER1
Description:
The service principal name for the VMRC server could not be registered. Automatic authentication will always use NTLM authentication. Error 0x80072098 – Insufficient access rights to perform the operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I stress that running multiple services on a single PC (even with proper server hardware) is not a good idea; nor is running IIS on a DC; and neither is editing either the Default Domain Policy or the Default Domain Controllers Policy. If you need to do it though, hopefully these notes will help to work out why processes that rely on the Network Service account are not working as they should.

Microsoft sets virtualisation free

Posted on Wednesday 19 April 2006Friday 9 March 2007 By Mark Wilson

Occasionally I blog about IT news items that interest me but I can’t cover everything (or even everything in my field of interest) due to time constraints. One thing I didn’t mention when the news broke a few weeks back was Microsoft’s release of Virtual Server 2005 R2 as a free download. This follows on from Microsoft’s licensing changes for Windows Server 2003 R2 Enterprise Edition and VMware’s move to make VMware Server (formerly VMware GSX) a free of charge product.

Interestingly, Microsoft has also released virtual machine additions for certain Linux distributions, which I feel is a real sign that Virtual Server is ready to take on VMware Server (don’t compare Virtual Server with Virtual PC – despite their virtual machine compatibility the two products are worlds apart). I’m not saying that Virtual Server is best for every situation – in many ways the VMware products are more mature – but Virtual Server is a serious option for those organisations running predominantly Microsoft environments.

We can also expect to see Virtual Server 2005 R2 service pack 1 released in early 2007 (a beta is due later this year), providing support for virtualisation in hardware. Further out, virtualisation software will move into the operating system within the Longhorn Server timeframe (along with Microsoft finally releasing a competitor to VMware ESX Server – codenamed Viridian).

markwilson.it

get-info -class technology | write-output > /dev/web

Microsoft Virtual Server/Hyper-V