Cisco Nexus 1000V Switch for Microsoft Hyper-V

Cisco Nexus 1000V Switch for Microsoft Hyper-V provides following advanced feature in Microsoft Hyper-v and SCVMM.

  • Integrate physical, virtual, and mixed environments
  • Allow dynamic policy provisioning and mobility-aware network policies
  • Improves security through integrated virtual services and advanced Cisco NX-OS features

The following table summarizes the capabilities and benefits of the Cisco Nexus 1000V Switch deployed with Microsoft Hyper-V and SCVMM.

Capabilities Features Benefits
Advanced Switching Private VLANs, Quality of Service (QoS), access control lists (ACLs), portsecurity, and Cisco vPath Get granular control of virtual machine-to-virtual machine interaction
Security Dynamic Host Configuration Protocol (DHCP) Snooping, Dynamic Address Resolution Protocol Inspection, and IP Source Guard Reduce common security threats in data center environments.
Monitoring NetFlow, packet statistics, Switched Port Analyzer (SPAN), and Encapsulated Remote SPAN Gain visibility into virtual machine-to-virtual machine traffic to reduce troubleshooting time.
Manageability Simple Network Management Protocol, NetConf, syslog, and other troubleshooting command-line interfaces Use existing network management tools to manage physical and virtual environments.

The Cisco Nexus 1000V Series has two major components:

Virtual Ethernet Module (VEM)- The software component is embedded on each Hyper-V host as a forwarding extension. Each virtual machine on the host is connected to the VEM through a virtual Ethernet port.

Virtual Supervisor Module (VSM)- The management module controls multiple VEMs and helps in defining virtual machine (VM)-centric network policies.

Supported Configurations

  • Microsoft SCVMM 2012 SP1/R2
  • 64 Microsoft Windows Server 2012/R2 with Hyper-V hosts
  • 2048 virtual Ethernet ports per VSM, with 216 virtual Ethernet ports per physical host
  • 2048 active VLANs
  • 2048 port profiles
  • 32 physical NICs per physical host
  • Compatible all Cisco Nexus and Cisco Catalyst switches as well as switches from other vendors

Comparison between Cisco Nexus 1000V editions:

Features Essential

Free Version

VLANs, PVLANs, ACLs, QoS, Link Aggregation Control Protocol (LACP), and multicast Yes Yes
Cisco vPath (for virtual services) Yes Yes
Cisco NetFlow, SPAN, and ERSPAN (for traffic visibility) Yes Yes
SNMP, NetConf, syslogs, etc. (for manageability) Yes Yes
Microsoft SCVMM integration Yes Yes
DHCP snooping Yes
IP source guard Yes
Dynamic ARP Inspection Yes
Cisco VSG* Yes

Installation Steps for Cisco Nexus 1000V Switch for Microsoft Hyper-V are:

Step1: Download Cisco Nexus 1000v Appliance/ISO

Log on to Cisco using cisco account. Download software from this URL

Step2: Install SCVMM Components


Step3: Install and configure VSM


Step4: Configure SCVMM Fabric and VM Network


Step5: Prepare Hyper-v Hosts


Step6: Create 1000v logical switch


Step7: Create VMs or connect existing VMs with logical switch


References & Getting Started with Nexus 1000V

Cisco Nexus 1000v Quick Start Guide

Cisco Nexus 1000V Switch for Microsoft Hyper-V Deployment Guide

Cisco Nexus 1000v datasheet

Understanding VLAN, Trunk, NIC Teaming, Virtual Switch Configuration in Hyper-v Server 2012 R2


VMware vSphere 6.0 VS Microsoft Hyper-v Server 2012 R2

Since the emergence of vSphere 6.0, I would like to write an article on vSphere 6.0 vs Windows Server 2012 R2. I collected vSphere 6.0 features from few blogs and VMware community forum. Note that vSphere 6.0 is in beta program which means VMware can amend anything before final release. New functionalities of vSphere 6.0 beta are already available in Windows Server 2012 R2. So let’s have a quick look on both virtualization products.

Features vSphere 6.0 Hyper-v Server 2012 R2


Certificate Authority Active Directory Certificate Services
Certificate Store Certificate Store in Windows OS
Single Sign on VMware retained SSO 2.0 for vSphere 5.5 Active Directory Domain Services
Database vPostgres database for VC Appliance up to 8 vCenter Microsoft SQL Server

No Limitation

Management Tools Web Client & VI

VMware retained VI

SCVMM Console & Hyper-v Manager
Installer Combined single installer with all input upfront Combined single installer with all input upfront
vMotion Long distance Migration up to 100+ms RTTs Multisite Hyper-v Cluster and Live Migration
Storage Migration Storage vMotion with shared and unshared storage Hyper-v Live Storage Migration between local and shared storage
Combined Cloud Products Platform Services Controller (PSC) includes vCenter, vCOPs, vCloud Director, vCoud Automation Microsoft System Center combined App Controller, Configuration Manager, Data Protection Manager, Operations Manager, Orchestrator, Service Manager, Virtual Machine Manager
Service Registration View the services that are running in the system. Windows Services
Licensing Platform Services Controller (PSC) includes Licensing Volume Activation Role in Windows Server 2012 R2
Virtual Datacenters A Virtual Datacenter aggregates CPU, Memory, Storage and Network resources. Provision CPU, Memory, Storage and network using create Cloud wizard

Another key feature to be compared here that those who are planning to procure FC Tape library and maintain a virtual backup server note that vSphere doesn’t support FC Tape even with NPIV and Hyper-v support FC Tape using NPIV.


Multi-Site Hyper-v Cluster for High Availability and Disaster Recovery

In most of the SMB customer, the nodes of the cluster that reside at their primary data center provide access to the clustered service or application, with failover occurring only between clustered nodes. However for an enterprise customer, failure of a business critical application is not an option. In this case, disaster recovery and high availability are bonded together so that when both/all nodes at the primary site are lost, the nodes at the secondary site begin providing service automatically, or with minimal intervention.

The maximum availability of any services or application depends on how you design your platform that hosts these services. It is important to follow best practices in Compute, Network and Storage infrastructure to maximize uptime and maintain SLA.

The following diagram shows a multi-site failover cluster that uses four nodes and supports a clustered service or application.




The following rack diagram shows the identical compute, storage and networking infrastructure in both site.


Physical Infrastructure

  • Primary and Secondary sites are connected via 2x10Gbps dark fibre
  • Storage vendor specific replication software such as EMC recovery point
  • Storage must have redundant storage processor
  • There must be redundant Switches for networking and storage
  • Each server must be connected to redundant switches with redundant NIC for each purpose
  • Each Hyper-v server must have minimum dual Host Bus Adapter (HBA) port connected to redundant MDS switches
  • Each network must be connected to dual NIC from server to switches
  • Only iLO/DRAC will have a single connection
  • Each site must have redundant power supply.

Storage Requirements

Since I am talking about highly available and redundant systems design, this sort of design must consist of replicated or clustered storage presented to multi-site Hyper-v cluster nodes. Replication of data between sites is very important in a multi-site cluster, and is accomplished in different ways by different hardware vendors. You will achieve high performance through hardware or block level replication instead of software. You should contact your storage vendor to come up with solutions that provide replicated or clustered storage.

Examples are:

StarWind Software

Steeleye DataKeeper

EMC Recovery Point

HP Storage

Network Requirements:

A multi-site cluster running Windows Server 2008 can contain nodes that are in different subnet however as a best practice, you must configure Hyper-v cluster in same subnet. You applications and services can reside in separate subnets. To avoid any conflict, you should use dark fibre connection or MPLS network between multi-sites that allows VLANs.

Note that you must configure Hyper-v with static IP. In a multi-site cluster, you might want to tune the “heartbeat” settings, see for details.

Network Configuration Spread Sheet



NICs and Switch Ports speed







Live Migration



Storage Migration



Virtual Machine



iSCSI Network



Heartbeat network



Storage Replication

(Separate from Hyper-v)


Dark Fibre


Note that iSCSI network is only required if you are using IP Storage instead of Fibre Channel (FC) storage.

Cluster Selection: Node and File Share Majority (For Cluster with Special Configurations)

Quorum Selection: Since you will be configuring Node and File Share Majority cluster, you will have the option to place quorum files to shared folder. Where do you place this shared folder? Since we are talking about fully redundant and highly available Hyper-v Cluster, we have several options to place quorum shared folder.

Option1: Secondary Site

Option 2: Third Site

Visit for more details on quorum.

Storage Configuration:

Visit , and for clustered storage configuration for Hyper-v.

Hyper-v Cluster Configuration:

Visit for detailed cluster configuration guide.

Microsoft’s Hyper-v Server 2012 and System Center 2012 Unleash KO Punch to VMware

Hyper-V has been integral part of Windows Server 2008 and enhanced with great features in Windows Server 2012. According to Gartner’s magic quadrant Microsoft Hyper-v has been positioned in the leader category second to VMware. Combining Windows Server 2012 and System Center 2012 provide you a high performance Cloud Technology. Microsoft licensing model is highly flexible and charges only by physical processors and offer unlimited virtualization rights with Datacenter editions. With Hyper-v, your return on investment (ROI) increases as your workload density increases.

Pricing Comparison:

The pricing is based on the following assumptions:

  • Average consolidation ratio of 12 VMs per physical processor.
  • Number of physical hosts required 21. Each physical host contains 2 physical processors with six cores each.
  • Three years License and Maintenance; VMware cost includes Windows Server 2012 Datacenter edition for running guests
  • costs do not include hardware, storage or project cost
  • Pricing is based on published US prices for VMware and Microsoft as of September, 2012.
  • The cost above doesn’t include Microsoft Windows Server license cost for guest operating system.
  • Windows Server 2012 Datacenter allows you to run unlimited Windows Server 2012 on Hyper-v Server 2012 host.

Server Virtualization Environment:


Pricing Summary:


Microsoft Server Virtualization Cost break-down


VMware Server Virtualization Cost break-down


Features VS Cost Breakdown- Multi-Site Private Cloud Computing

Together with Windows Server 2012 and System Center 2012 is truly a cloud and datacenter management solution with eight separate components such as management, monitoring, provisioning, disaster recovery integrated into one unified product. A unified System Center management solution delivers greater OPEX cost savings than VMware in addition to CAPEX cost savings.


Number Game:


Breakdown in resources (/Host/Guest/Cluster):


Network Virtualization


DR Solutions


Truth about VMware lies:

You don’t have to be Einstein to understand that VMware is in significant pressure from all sides. Hence they are misleading Cloud market with biased information. I would strongly recommend you to assess your business position, compare apple to apple before renewing/buying your next Cloud products. Though VMware is still no.1 player in Cloud Computing market but their fear is real that VMware loyal Customer is switching continuously to Microsoft Cloud Technology. A declining enterprise market leads them to spread the following one sided information.

1. VMware claim: VMware vSphere 5.1 can achieve an 18.9% higher VM density per host than with Microsoft Hyper-V.

Facts: In one of VMware’s own tests, when provided adequate memory to support the number of users the performance variance between vSphere 5.1 and Hyper-V R2 SP1 was only 2% (using 24VM’s).

2. VMware claim: Hyper-V performance is poor. If performance is important to you, choose VMware.

Facts: In reality, Hyper-V offers near-native levels of virtualization performance, for which there are multiple supporting proof points (including independent third party validations):

  • Enterprise Strategy Group Report (2011) – SharePoint, Exchange, & SQL on Hyper-V Host.
  • Microsoft & Intel – 700,000 IOPS to a VM | Near Native with VMq: Windows Server and Hyper-V are not a limiting factor to IO performance. There shouldn’t be any significant concern around IO for virtualizing with Hyper-V.
  • Project Virtual Reality Check (Terminal Services on Hyper-V).

3. VMware claim: Hyper-V isn’t ready for the enterprise. It can’t handle the most intensive of workloads like VMware can.

Facts: Hyper-V offers near native levels of performance for key workloads, ensuring that customers can virtualize their mission critical, high-performance applications and workloads with confidence on Hyper-V. Additionally, a growing number of enterprise customers are running their businesses on Microsoft Hyper-V. Please read Microsoft Private Cloud success stories.

4. VMware claim: Hyper-V is lacking some of the key VMware features today. Features such as vMotion, HA, Memory Overcommit, DRS, Storage vMotion and Hot-Add are important features for us, and Hyper-V simple doesn’t come close.

Facts: Hyper-V R2 SP1 and System Center 2012 provide Live Migration, High Availability, Storage Live Migration, Dynamic Memory Allocation, Hot-Add and subsequent removal of storage.

5. VMware claim: VMware vSphere 5.1 is more secure than Hyper-V because it’s architecture and small code base.

Facts: Small footprint doesn’t equal a more secure hypervisor. Both vSphere and Hyper-V use the same memory footprint to run. The disk Footprint in ESXi 5.0 (144 MB) doubled from ESXi 4.0 (70 MB). Microsoft follows the rigorous, industry-leading Secure Development Lifecycle (SDL) for all its products. It is possible to achieve a 40-60% reduction in patches using Server Core based on historical data.

6. VMware claim: There is no virtual firewall in Hyper-V while VMware provides vShield Zones.

Facts: Windows Server 2012 also includes an integrated firewall with advanced security features. An old version of vShield Zones is included with vSphere 5.1 (details here) and vShield Zones has several limitations like every VM’s traffic passes through the Zones virtual appliances which slows down the traffic.

7. VMware claim: Microsoft doesn’t offer anything comparable to VMware Fault Tolerance.

Facts: VMware Fault Tolerance has limited applicability and severe limitations. It cannot function with:

  • Thin Provisioning and Linked Clones
  • Storage vMotion
  • Hot plug devices and USB Pass-through
  • IPv6
  • vSMP
  • N-Port ID Virtualization (NPIV)
  • Serial/parallel ports
  • Physical and remote CD/floppy drives
  • no more than 4 FT VMs per host be used

8. VMware claim: VMware significantly support for Linux operating systems than Hyper-V.

Facts: In production environment, Hyper-v supports Microsoft Windows Server and Linux Server without modifying any guest operating systems or installing tools.

9. VMware claim: VMware supports broad applications, while Hyper-V does not.

Facts: Since VMware does not have certified logo program for any application, they are not in position to dictate which application are supported or not. On the contrary, every single application that achieves a logo for Windows Server can be run on guest operating system on a Hyper-V, and is therefore inherently supported. There are over 2500 ISV applications listed on Microsoft Pinpoint that work with Hyper-V. Truth is neither Microsoft nor VMware mention which application you can install on a guest operating systems. It’s completely up to you what you would like to run on guest operating systems.

10. VMware claim: VMware’s Site Recovery Manager (SRM) enables us to simplify our DR story, and provides us with a solution to not only perform a planned failover, but test it whenever we like. Microsoft simply can’t deliver an alternative to this.

Facts: System Center 2012 components like Data Protection Manager and Orchestrator can provide tailored DR solutions. Windows Server 2012 includes an inbox replication capability, Hyper-V Replica, at no cost.

11. VMware claim: Microsoft Hyper-v isn’t ready for Hoster or Service Provider.

Facts: Hyper-v has been adopted by service provider industry to host their own infrastructure and public cloud simultaneously on Hyper-v utilizing Microsoft Network Virtualization. Click here and filter using hosting and public cloud to find the list of hoster. Examples: hostway, softsyshosting , hyper-v-mart , geekhosting , BlueFire and many more.

12. VMware Claim: Hyper-v does not fully comply with Trunking, VLANs

Facts: Microsoft Network virtualization is more advanced than VMware standard Switch and DV Switch. Microsoft Hyper-v is fully compliant with 802.1q trunking, VLANs, VIP, networking Tunneling, multitenant IP management. VMware is catching up on network virtualization. Being in back foot VMware advertised to hire a PR professional to campaign on network virtualization.

Bottom-line: Why Selecting Hyper-v Over VMware

Other than cost savings, the following reasons why you should select Hyper-V and System Center 2012 over VMware vSphere 5.1

1. Built-in Virtualization: Hyper-V is an integral part of Windows Server 2008 and Windows Server 2012

2. Familiarity with Windows: In-house IT staff can utilize their familiarity and knowledge of Windows environment to deploy Hyper-v minimizing training cost and learning time.

3. Single Platform Cloud Management Technology: System Center 2012 enables you to manage physical, virtual, private and public cloud using a common console view for multi-hypervisor management, 3rd party integration and process automation, ability to manage applications via a single view across private and public clouds, and deep application diagnostics and insights.

4. Running common Microsoft Application: It is obvious that Microsoft application will run better on Hyper-v 2012. Still Microsoft has published third-party validated lab results that prove best-in-class performance for Microsoft workloads on Hyper-V.

5. Private, Public or Hybrid Cloud: Microsoft provides complete solutions for Private, Public or Hybrid cloud with next generation computing technology like IaaS, PaaS, SaaS.

6. Value for Money: Microsoft Private Cloud provides value for money. You will receive unrestricted virtualization license once you buy Windows Server 2012 Datacenter and System Center 2012.

7. Easy Migration: Convert VMware virtual machine to Microsoft Hyper-v virtual machine in few easy steps. See this link.

8. Single Vendor: Since your existing virtualization workload is mostly Windows Server, from vendor communication and contract management point of view, having Microsoft Hyper-v make more sense.


Microsoft Cloud Summit Australia

Microsoft Private Cloud Cost Calculator

Microsoft Private Cloud Success Stories

Microsoft Cloud Computing

System Center 2012

Windows Server 2012

Hyper-v Server 2012

Download Microsoft System Center Private Cloud Evaluation Software

FF TMG 2010—Can future be altered?

I read the following articles about Microsoft Forefront TMG 2010. I was shocked by the news. TMG 2010 is one of the beautiful product Wintel Engineers and Security Administer can be proud off. I believe I am one of the biggest admirer of Forefront Product lines.

                                                                    Death of TMG? by Deb Shinder 

What will happen with TMG?

The demise of Threat Management Gateway: Is Microsoft backing away from the edge?

I would like to voice my own opinion on this matter. I am sure I will find lots of similar minded techie out there who would love to share same opinion as me. I would like to send an open request to Microsoft Corp and MVPs to pursue for an advanced version of TMG that incorporate cloud security and address modern day security challenges.

I decided to write on a different perspective of TMG 2010 what I would like to see next service pack of Forefront Threat Management Gateway or in a future version if there is one. This is not an official account of Microsoft Corp. This is just my wish list. I hope and cross my finger that Microsoft will listen to those who are on the field working for a better and even bigger Microsoft community.   

FF TMG 2010: Here is details of evolution of today’s TMG 


TMG 2010 can be more advanced in terms Firewall Policy, Publishing Rules and Cloud Security. TMG 2010 may be available in Downloadable virtual Appliance build on Windows Server “Code name 8” and physical appliance through the Microsoft partners program. Microsoft declared TMG 2010 is in sustainable mode and will not invest on TMG for further development so my dream to administer TMG administration console via internet explorer and Silverlight will be just a dream. I would like to see TMG service pack as separate installed and TMG 2010+SP3 integrated together in a installer for those who wants to refresh TMG and adopt as a new customer.

Topology and Installation Changes: I would like to see a Hyper-V network incorporated into TMG. As you all know when installing TMG, TMG installer prompt you for subnets of Local area network. The new version will prompt you to add your cloud networks in an installation window. The installer will secure the local area network and private cloud network using default configuration which you will be able to modify and align later on with your desired topology and network layout.  


Incorporating Cloud Security:

clients and partners have serious concern over the years about Service provides who sells cloud solutions. For example, service provider selling Exchange cloud, SharePoint cloud, Anti-Spam  and Security Cloud Solution. There are questions to be asked when you buying public cloud solutions. This is not just having a hypervisor and virtual center. what about application security, identity and governance. How would to address your client’s concern of internal threat and external threat. How client will trust a provider when they place their data in somewhere service provider’s cloud.

Microsoft can/should/must address these issues by providing Security as a service. Forefront TMG can play a key role if Microsoft is willing take a step ahead to the bottom line.

  • Application security
  • Privacy
  • Legal issues
  • Availability
  • Identity management
  • Compliance
  • Business Continuity and data recovery
  • Data Security

Firewall Rules: New Publishing Tools in Tasks pan should include

  • Publish FTP Servers
  • Publish Lync Server
  • Publish Streaming Media Server
  • Secure Cloud Network


Configure IM and Social media policy: Web Access Policy Tasks Pan should include

  • Configure IM Access (Allow/Deny Skype/Lync/MSN/Yahoo Messenger)
  • Configure Social Media Access (Allow/Deny Social Media such as Twitter/FaceBook/Google+/Youtube)


Networks: Network rules incorporate a build-in cloud network and network rules establishing communication from LAN to Cloud network and External to Cloud network. During installation of TMG; allow rules to be configured automatically when selecting Hyper-V Server in DMZ.


Multicast NLB Configuration: NLB Properties should be added another check box to create firewall rule for Multicast NLB in a virtualized environment. That means Multicast NLB mac address can communicate within array members in a virtualized environment if there is strict security policy deployed through out the infrastructure.


List of New Protocol available: New Protocols includes following protocols and many more:

  • Cloud Protocols
  • Lync Protocol
  • Hyper-v Protocols


Generate offline Certificate request: There should be an option to generate offline certificate request in Systems>Tasks pan.


Integrating Bing Search with TMG 2014 Cache: Search result cached in TMG from Bing Search Engine and presented to client.

Bandwidth Management: TMG should be able to manage bandwidth by single user, multiple users, AD Security groups, IP address, Computer Name, Department, Site, Branch.

Configure Branch or Site TMG Server: Option can be selected during installation of TMG 2010+SP3 (integrated installer) whether TMG is a primary site or branch site. Selecting Branch Site will auto configure site server with site to site VPN (if selected) and even replicate with primary sites firewall rules and policies (depending on topology). when installing a branch TMG branch TMG will automatically create branch cache depending on selection of topology .

Reporting: Following are the examples of the reports will be available in TMG 2010 SP3. there will be many more.


  • User based report
  • AD Security Group Based report
  • Web Site Visited
  • IP Address visited
  • Web/Content Uses report
  • Download reports by users/Group/Department
  • Bandwidth Uses report
  • Caching report
  • Search Engine Visitor by Search Engine report
  • Real Time/Custom Traffic report
  • Traffic Trending report
  • Top 20 Net users
  • Top 20 Site Visited
  • Default Monthly report
  • Default Yearly report
  • TMG Health report

Audit and Change Management: TMG will include complete change manage and recording of Tasks/Events generated by role based user and systems itself.

Role based TMG management: TMG Workgroup Deployment and Domain Member deployment should include RBAC management.

  • Administrator
  • Organization Administrator (member of this group manages cluster of Arrays )
  • Backup operator (Commvault/Symantec Client/SCDPM client integrated)
  • Auditor/User (view permission)
  • Firewall Rules and Web Access Policy Operator
  • Single or Multiple array administrator

Tool Box: Pre-installed BPA, Troubleshooting, Monitoring & Capturing  Real Time Traffic.

Learn more about TMG here .