Cisco Nexus 1000V Switch for Microsoft Hyper-V provides following advanced feature in Microsoft Hyper-v and SCVMM.
Integrate physical, virtual, and mixed environments
Allow dynamic policy provisioning and mobility-aware network policies
Improves security through integrated virtual services and advanced Cisco NX-OS features
The following table summarizes the capabilities and benefits of the Cisco Nexus 1000V Switch deployed with Microsoft Hyper-V and SCVMM.
Private VLANs, Quality of Service (QoS), access control lists (ACLs), portsecurity, and Cisco vPath
Get granular control of virtual machine-to-virtual machine interaction
Dynamic Host Configuration Protocol (DHCP) Snooping, Dynamic Address Resolution Protocol Inspection, and IP Source Guard
Reduce common security threats in data center environments.
NetFlow, packet statistics, Switched Port Analyzer (SPAN), and Encapsulated Remote SPAN
Gain visibility into virtual machine-to-virtual machine traffic to reduce troubleshooting time.
Simple Network Management Protocol, NetConf, syslog, and other troubleshooting command-line interfaces
Use existing network management tools to manage physical and virtual environments.
The Cisco Nexus 1000V Series has two major components:
Virtual Ethernet Module (VEM)- The software component is embedded on each Hyper-V host as a forwarding extension. Each virtual machine on the host is connected to the VEM through a virtual Ethernet port.
Virtual Supervisor Module (VSM)- The management module controls multiple VEMs and helps in defining virtual machine (VM)-centric network policies.
Microsoft SCVMM 2012 SP1/R2
64 Microsoft Windows Server 2012/R2 with Hyper-V hosts
2048 virtual Ethernet ports per VSM, with 216 virtual Ethernet ports per physical host
2048 active VLANs
2048 port profiles
32 physical NICs per physical host
Compatible all Cisco Nexus and Cisco Catalyst switches as well as switches from other vendors
Comparison between Cisco Nexus 1000V editions:
VLANs, PVLANs, ACLs, QoS, Link Aggregation Control Protocol (LACP), and multicast
Cisco vPath (for virtual services)
Cisco NetFlow, SPAN, and ERSPAN (for traffic visibility)
SNMP, NetConf, syslogs, etc. (for manageability)
Microsoft SCVMM integration
IP source guard
Dynamic ARP Inspection
Installation Steps for Cisco Nexus 1000V Switch for Microsoft Hyper-V are:
Step1: Download Cisco Nexus 1000v Appliance/ISO
Log on to Cisco using cisco account. Download software from this URL
Step2: Install SCVMM Components
Step3: Install and configure VSM
Step4: Configure SCVMM Fabric and VM Network
Step5: Prepare Hyper-v Hosts
Step6: Create 1000v logical switch
Step7: Create VMs or connect existing VMs with logical switch
Since the emergence of vSphere 6.0, I would like to write an article on vSphere 6.0 vs Windows Server 2012 R2. I collected vSphere 6.0 features from few blogs and VMware community forum. Note that vSphere 6.0 is in beta program which means VMware can amend anything before final release. New functionalities of vSphere 6.0 beta are already available in Windows Server 2012 R2. So let’s have a quick look on both virtualization products.
Hyper-v Server 2012 R2
Active Directory Certificate Services
Certificate Store in Windows OS
Single Sign on
VMware retained SSO 2.0 for vSphere 5.5
Active Directory Domain Services
vPostgres database for VC Appliance up to 8 vCenter
Microsoft SQL Server
Web Client & VI
VMware retained VI
SCVMM Console & Hyper-v Manager
Combined single installer with all input upfront
Combined single installer with all input upfront
Long distance Migration up to 100+ms RTTs
Multisite Hyper-v Cluster and Live Migration
Storage vMotion with shared and unshared storage
Hyper-v Live Storage Migration between local and shared storage
In most of the SMB customer, the nodes of the cluster that reside at their primary data center provide access to the clustered service or application, with failover occurring only between clustered nodes. However for an enterprise customer, failure of a business critical application is not an option. In this case, disaster recovery and high availability are bonded together so that when both/all nodes at the primary site are lost, the nodes at the secondary site begin providing service automatically, or with minimal intervention.
The maximum availability of any services or application depends on how you design your platform that hosts these services. It is important to follow best practices in Compute, Network and Storage infrastructure to maximize uptime and maintain SLA.
The following diagram shows a multi-site failover cluster that uses four nodes and supports a clustered service or application.
The following rack diagram shows the identical compute, storage and networking infrastructure in both site.
Primary and Secondary sites are connected via 2x10Gbps dark fibre
Storage vendor specific replication software such as EMC recovery point
Storage must have redundant storage processor
There must be redundant Switches for networking and storage
Each server must be connected to redundant switches with redundant NIC for each purpose
Each Hyper-v server must have minimum dual Host Bus Adapter (HBA) port connected to redundant MDS switches
Each network must be connected to dual NIC from server to switches
Only iLO/DRAC will have a single connection
Each site must have redundant power supply.
Since I am talking about highly available and redundant systems design, this sort of design must consist of replicated or clustered storage presented to multi-site Hyper-v cluster nodes. Replication of data between sites is very important in a multi-site cluster, and is accomplished in different ways by different hardware vendors. You will achieve high performance through hardware or block level replication instead of software. You should contact your storage vendor to come up with solutions that provide replicated or clustered storage.
A multi-site cluster running Windows Server 2008 can contain nodes that are in different subnet however as a best practice, you must configure Hyper-v cluster in same subnet. You applications and services can reside in separate subnets. To avoid any conflict, you should use dark fibre connection or MPLS network between multi-sites that allows VLANs.
Note that iSCSI network is only required if you are using IP Storage instead of Fibre Channel (FC) storage.
Cluster Selection: Node and File Share Majority (For Cluster with Special Configurations)
Quorum Selection: Since you will be configuring Node and File Share Majority cluster, you will have the option to place quorum files to shared folder. Where do you place this shared folder? Since we are talking about fully redundant and highly available Hyper-v Cluster, we have several options to place quorum shared folder.
Hyper-V has been integral part of Windows Server 2008 and enhanced with great features in Windows Server 2012. According to Gartner’s magic quadrant Microsoft Hyper-v has been positioned in the leader category second to VMware. Combining Windows Server 2012 and System Center 2012 provide you a high performance Cloud Technology. Microsoft licensing model is highly flexible and charges only by physical processors and offer unlimited virtualization rights with Datacenter editions. With Hyper-v, your return on investment (ROI) increases as your workload density increases.
The pricing is based on the following assumptions:
Average consolidation ratio of 12 VMs per physical processor.
Number of physical hosts required 21. Each physical host contains 2 physical processors with six cores each.
Three years License and Maintenance; VMware cost includes Windows Server 2012 Datacenter edition for running guests
costs do not include hardware, storage or project cost
Pricing is based on published US prices for VMware and Microsoft as of September, 2012.
The cost above doesn’t include Microsoft Windows Server license cost for guest operating system.
Windows Server 2012 Datacenter allows you to run unlimited Windows Server 2012 on Hyper-v Server 2012 host.
Server Virtualization Environment:
Microsoft Server Virtualization Cost break-down
VMware Server Virtualization Cost break-down
Features VS Cost Breakdown- Multi-Site Private Cloud Computing
Together with Windows Server 2012 and System Center 2012 is truly a cloud and datacenter management solution with eight separate components such as management, monitoring, provisioning, disaster recovery integrated into one unified product. A unified System Center management solution delivers greater OPEX cost savings than VMware in addition to CAPEX cost savings.
Breakdown in resources (/Host/Guest/Cluster):
Truth about VMware lies:
You don’t have to be Einstein to understand that VMware is in significant pressure from all sides. Hence they are misleading Cloud market with biased information. I would strongly recommend you to assess your business position, compare apple to apple before renewing/buying your next Cloud products. Though VMware is still no.1 player in Cloud Computing market but their fear is real that VMware loyal Customer is switching continuously to Microsoft Cloud Technology. A declining enterprise market leads them to spread the following one sided information.
1. VMware claim: VMware vSphere 5.1 can achieve an 18.9% higher VM density per host than with Microsoft Hyper-V.
Facts: In one of VMware’s own tests, when provided adequate memory to support the number of users the performance variance between vSphere 5.1 and Hyper-V R2 SP1 was only 2% (using 24VM’s).
2. VMware claim: Hyper-V performance is poor. If performance is important to you, choose VMware.
Facts: In reality, Hyper-V offers near-native levels of virtualization performance, for which there are multiple supporting proof points (including independent third party validations):
Microsoft & Intel – 700,000 IOPS to a VM | Near Native with VMq: Windows Server and Hyper-V are not a limiting factor to IO performance. There shouldn’t be any significant concern around IO for virtualizing with Hyper-V.
3. VMware claim: Hyper-V isn’t ready for the enterprise. It can’t handle the most intensive of workloads like VMware can.
Facts: Hyper-V offers near native levels of performance for key workloads, ensuring that customers can virtualize their mission critical, high-performance applications and workloads with confidence on Hyper-V. Additionally, a growing number of enterprise customers are running their businesses on Microsoft Hyper-V. Please read Microsoft Private Cloud success stories.
4. VMware claim: Hyper-V is lacking some of the key VMware features today. Features such as vMotion, HA, Memory Overcommit, DRS, Storage vMotion and Hot-Add are important features for us, and Hyper-V simple doesn’t come close.
Facts: Hyper-V R2 SP1 and System Center 2012 provide Live Migration, High Availability, Storage Live Migration, Dynamic Memory Allocation, Hot-Add and subsequent removal of storage.
5. VMware claim: VMware vSphere 5.1 is more secure than Hyper-V because it’s architecture and small code base.
Facts: Small footprint doesn’t equal a more secure hypervisor. Both vSphere and Hyper-V use the same memory footprint to run. The disk Footprint in ESXi 5.0 (144 MB) doubled from ESXi 4.0 (70 MB). Microsoft follows the rigorous, industry-leading Secure Development Lifecycle (SDL) for all its products. It is possible to achieve a 40-60% reduction in patches using Server Core based onhistorical data.
6. VMware claim: There is no virtual firewall in Hyper-V while VMware provides vShield Zones.
Facts: Windows Server 2012 also includes an integrated firewall with advanced security features. An old version of vShield Zones is included with vSphere 5.1 (details here) and vShield Zones has several limitations like every VM’s traffic passes through the Zones virtual appliances which slows down the traffic.
7. VMware claim: Microsoft doesn’t offer anything comparable to VMware Fault Tolerance.
Facts: VMware Fault Tolerance has limited applicability and severe limitations. It cannot function with:
Thin Provisioning and Linked Clones
Hot plug devices and USB Pass-through
N-Port ID Virtualization (NPIV)
Physical and remote CD/floppy drives
no more than 4 FT VMs per host be used
8. VMware claim: VMware significantly support for Linux operating systems than Hyper-V.
Facts: In production environment, Hyper-v supports Microsoft Windows Server and Linux Server without modifying any guest operating systems or installing tools.
9. VMware claim: VMware supports broad applications, while Hyper-V does not.
Facts: Since VMware does not have certified logo program for any application, they are not in position to dictate which application are supported or not. On the contrary, every single application that achieves a logo for Windows Server can be run on guest operating system on a Hyper-V, and is therefore inherently supported. There are over 2500 ISV applications listed on Microsoft Pinpoint that work with Hyper-V. Truth is neither Microsoft nor VMware mention which application you can install on a guest operating systems. It’s completely up to you what you would like to run on guest operating systems.
10. VMware claim: VMware’s Site Recovery Manager (SRM) enables us to simplify our DR story, and provides us with a solution to not only perform a planned failover, but test it whenever we like. Microsoft simply can’t deliver an alternative to this.
Facts: System Center 2012 components like Data Protection Manager and Orchestrator can provide tailored DR solutions. Windows Server 2012 includes an inbox replication capability, Hyper-V Replica, at no cost.
11. VMware claim: Microsoft Hyper-v isn’t ready for Hoster or Service Provider.
Facts: Hyper-v has been adopted by service provider industry to host their own infrastructure and public cloud simultaneously on Hyper-v utilizing Microsoft Network Virtualization. Click here and filter using hosting and public cloud to find the list of hoster. Examples: hostway, softsyshosting , hyper-v-mart , geekhosting , BlueFire and many more.
12.VMware Claim: Hyper-v does not fully comply with Trunking, VLANs
Facts: Microsoft Network virtualization is more advanced than VMware standard Switch and DV Switch. Microsoft Hyper-v is fully compliant with 802.1q trunking, VLANs, VIP, networking Tunneling, multitenant IP management. VMware is catching up on network virtualization. Being in back foot VMware advertised to hire a PR professional to campaign on network virtualization.
Bottom-line: Why Selecting Hyper-v Over VMware
Other than cost savings, the following reasons why you should select Hyper-V and System Center 2012 over VMware vSphere 5.1
1. Built-in Virtualization: Hyper-V is an integral part of Windows Server 2008 and Windows Server 2012
2. Familiarity with Windows: In-house IT staff can utilize their familiarity and knowledge of Windows environment to deploy Hyper-v minimizing training cost and learning time.
3. Single Platform Cloud Management Technology: System Center 2012 enables you to manage physical, virtual, private and public cloud using a common console view for multi-hypervisor management, 3rd party integration and process automation, ability to manage applications via a single view across private and public clouds, and deep application diagnostics and insights.
4. Running common Microsoft Application: It is obvious that Microsoft application will run better on Hyper-v 2012. Still Microsoft has published third-party validated lab results that prove best-in-class performance for Microsoft workloads on Hyper-V.
5. Private, Public or Hybrid Cloud: Microsoft provides complete solutions for Private, Public or Hybrid cloud with next generation computing technology like IaaS, PaaS, SaaS.
6. Value for Money: Microsoft Private Cloud provides value for money. You will receive unrestricted virtualization license once you buy Windows Server 2012 Datacenter and System Center 2012.
7. Easy Migration: Convert VMware virtual machine to Microsoft Hyper-v virtual machine in few easy steps. See this link.
8. Single Vendor: Since your existing virtualization workload is mostly Windows Server, from vendor communication and contract management point of view, having Microsoft Hyper-v make more sense.
I read the following articles about Microsoft Forefront TMG 2010. I was shocked by the news. TMG 2010 is one of the beautiful product Wintel Engineers and Security Administer can be proud off. I believe I am one of the biggest admirer of Forefront Product lines.
I would like to voice my own opinion on this matter. I am sure I will find lots of similar minded techie out there who would love to share same opinion as me. I would like to send an open request to Microsoft Corp and MVPs to pursue for an advanced version of TMG that incorporate cloud security and address modern day security challenges.
I decided to write on a different perspective of TMG 2010 what I would like to see next service pack of Forefront Threat Management Gateway or in a future version if there is one. This is not an official account of Microsoft Corp. This is just my wish list. I hope and cross my finger that Microsoft will listen to those who are on the field working for a better and even bigger Microsoft community.
TMG 2010 can be more advanced in terms Firewall Policy, Publishing Rules and Cloud Security. TMG 2010 may be available in Downloadable virtual Appliance build on Windows Server “Code name 8” and physical appliance through the Microsoft partners program. Microsoft declared TMG 2010 is in sustainable mode and will not invest on TMG for further development so my dream to administer TMG administration console via internet explorer and Silverlight will be just a dream. I would like to see TMG service pack as separate installed and TMG 2010+SP3 integrated together in a installer for those who wants to refresh TMG and adopt as a new customer.
Topology and Installation Changes: I would like to see a Hyper-V network incorporated into TMG. As you all know when installing TMG, TMG installer prompt you for subnets of Local area network. The new version will prompt you to add your cloud networks in an installation window. The installer will secure the local area network and private cloud network using default configuration which you will be able to modify and align later on with your desired topology and network layout.
Incorporating Cloud Security:
clients and partners have serious concern over the years about Service provides who sells cloud solutions. For example, service provider selling Exchange cloud, SharePoint cloud, Anti-Spam and Security Cloud Solution. There are questions to be asked when you buying public cloud solutions. This is not just having a hypervisor and virtual center. what about application security, identity and governance. How would to address your client’s concern of internal threat and external threat. How client will trust a provider when they place their data in somewhere service provider’s cloud.
Microsoft can/should/must address these issues by providing Security as a service. Forefront TMG can play a key role if Microsoft is willing take a step ahead to the bottom line.
Business Continuity and data recovery
Firewall Rules: New Publishing Tools in Tasks pan should include
Publish FTP Servers
Publish Lync Server
Publish Streaming Media Server
Secure Cloud Network
Configure IM and Social media policy: Web Access Policy Tasks Pan should include
Configure IM Access (Allow/Deny Skype/Lync/MSN/Yahoo Messenger)
Configure Social Media Access (Allow/Deny Social Media such as Twitter/FaceBook/Google+/Youtube)
Networks: Network rules incorporate a build-in cloud network and network rules establishing communication from LAN to Cloud network and External to Cloud network. During installation of TMG; allow rules to be configured automatically when selecting Hyper-V Server in DMZ.
Multicast NLB Configuration: NLB Properties should be added another check box to create firewall rule for Multicast NLB in a virtualized environment. That means Multicast NLB mac address can communicate within array members in a virtualized environment if there is strict security policy deployed through out the infrastructure.
List of New Protocol available: New Protocols includes following protocols and many more:
Generate offline Certificate request: There should be an option to generate offline certificate request in Systems>Tasks pan.
Integrating Bing Search with TMG 2014 Cache: Search result cached in TMG from Bing Search Engine and presented to client.
Bandwidth Management: TMG should be able to manage bandwidth by single user, multiple users, AD Security groups, IP address, Computer Name, Department, Site, Branch.
Configure Branch or Site TMG Server: Option can be selected during installation of TMG 2010+SP3 (integrated installer) whether TMG is a primary site or branch site. Selecting Branch Site will auto configure site server with site to site VPN (if selected) and even replicate with primary sites firewall rules and policies (depending on topology). when installing a branch TMG branch TMG will automatically create branch cache depending on selection of topology .
Reporting: Following are the examples of the reports will be available in TMG 2010 SP3. there will be many more.
User based report
AD Security Group Based report
Web Site Visited
IP Address visited
Web/Content Uses report
Download reports by users/Group/Department
Bandwidth Uses report
Search Engine Visitor by Search Engine report
Real Time/Custom Traffic report
Traffic Trending report
Top 20 Net users
Top 20 Site Visited
Default Monthly report
Default Yearly report
TMG Health report
Audit and Change Management: TMG will include complete change manage and recording of Tasks/Events generated by role based user and systems itself.
Role based TMG management: TMG Workgroup Deployment and Domain Member deployment should include RBAC management.
Organization Administrator (member of this group manages cluster of Arrays )