How to deploy VDI using Microsoft RDS in Windows Server 2012 R2

Remote Desktop Services is a server role consists of several role services. Remote Desktop Services (RDS) accelerates and securely extends desktop and applications to any device and anyplace for remote and roaming worker. Remote Desktop Services provide both a virtual desktop infrastructure (VDI) and session-based desktops.

In Windows Server 2012 R2, the following roles are available in Remote Desktop Services: 

Role service name Role service description
RD Virtualization Host RD Virtualization Host integrates with Hyper-V to deploy pooled or personal virtual desktop collections
RD Session Host RD Session Host enables a server to host RemoteApp programs or session-based desktops.
RD Connection Broker RD Connection Broker provides the following services

  • Allows users to reconnect to their existing virtual desktops, RemoteApp programs, and session-based desktops.
  • Enables you to evenly distribute the load among RD Session Host servers in a session collection or pooled virtual desktops in a pooled virtual desktop collection.
  • Provides access to virtual desktops in a virtual desktop collection.
RD Web Access RD Web Access enables you the following services

  • RemoteApp and session-based desktops Desktop Connection through the Start menu or through a web browser.
  • RemoteApp programs and virtual desktops in a virtual desktop collection.
RD Licensing RD Licensing manages the licenses for RD Session Host and VDI.
RD Gateway RD Gateway enables you to authorized users to connect to VDI, RemoteApp

For a RDS lab, you will need following servers.

  • RDSVHSRV01- Remote Desktop Virtualization Host server. Hyper-v Server.
  • RDSWEBSRV01- Remote Desktop Web Access server
  • RDSCBSRV01- Remote Desktop Connection Broker server.
  • RDSSHSRV01- Remote Desktop Session Host Server
  • FileSRV01- File Server to Store User Profile

This test lab consist of 192.168.1.1/24 subnets for internal network and a DHCP Client i.e. Client1 machine using Windows 8 operating system. A test domain called testdomain.com. You need a Shared folder hosted in File Server or SAN to Hyper-v Cluster as Virtualization Host server. All RD Virtualization Host computer accounts must have granted Read/Write permission to the shared folder. I assume you have a functional domain controller, DNS, DHCP and a Hyper-v cluster. Now you can follow the steps below.

Step1: Create a Server Group

1. Open Server Manager from Task bar. Click Dashboard, Click View, Click Show Welcome Tile, Click Create a Server Group, Type the name of the Group is RDS Servers

2. Click Active Directory , In the Name (CN): box, type RDS, then click Find Now.

3. Select RDSWEBSRV01, RDSSHSRV01, RDSCDSRV01, RDSVHSRV01 and then click the right arrow.

4. Click OK.

Step2: Deploy the VDI standard deployment

1. Log on to the Windows server by using the testdomain\Administrator account.

2. Open Server Manager from Taskbar, Click Manage, click Add roles and features.

3. On the Before You Begin page of the Add Roles and Features Wizard, click Next.

4. On the Select Installation Type page, click Remote Desktop Services scenario-based Installation, and then click Next.

clip_image002

5. On the Select deployment type page, click Standard deployment, and then click Next. A standard deployment allows you to deploy RDS on multiple servers splitting the roles and features among them. A quick start allows you to deploy RDS on to single servers and publish apps.

clip_image004

6. On the Select deployment scenario page, click Virtual Desktop Infrastructure, and then click Next.

clip_image006

7. On the role services page, review roles then click Next.

clip_image008

8. On the Specify RD Connection Broker server page, click RDSCBSRV01.Testdomain.com, click the right arrow, and then click Next.

clip_image010

9. On the Specify RD Web Access server page, click RDSWEBSRV01.Testdomain.com, click the right arrow, and then click Next.

clip_image012

10. On the Specify RD Virtualization Host server page, click RDSVHSRV01.Testdomain.com, click the right arrow, and then click Next. RDSVHSRV01 is a physical machine configured with Hyper-v. Check Create a New Virtual Switch on the selected server.

clip_image014

11. On the Confirm selections page, Check the Restart the destination server automatically if required check box, and then click Deploy.

clip_image016

12. After the installation is complete, click Close.

clip_image018

 

 

Step3: Test the VDI standard deployment connectivity

You can ensure that VDI standard deployment deployed successfully by using Server Manager to check the Remote Desktop Services deployment overview.

1. Log on to the DC1 server by using the testdomain\Administrator account.

2. click Server Manager, Click Remote Desktop Services, and then click Overview.

3. In the DEPLOYMENT OVERVIEW section, ensure that the RD Web Access, RD Connection Broker, and RD Virtualization Host role services are installed. If there is an icon and not a green plus sign (+) next to the role service name, the role service is installed and part of the deployment

clip_image020

 

Step4: Configure FileSRV1

You must create a network share on a computer in the testdomain domain to store the user profile disks. Use the following procedures to connect to the virtual desktop collection:

  • Create the user profile disk network share
  • Adjust permissions on the network share

Create the user profile disk network share

1. Log on to the FileSRV1 computer by using the TESTDOMAIN\Administrator user account.

2. Open Windows Explorer.

3. Click Computer, and then double-click Local Disk (C:).

4. Click Home, click New Folder, type RDSUserProfile and then press ENTER.

5. Right-click the RDSUSERPROFILE folder, and then click Properties.

6. Click Sharing, and then click Advanced Sharing.

7. Select the Share this folder check box.

8. Click Permissions, and then grant Full Control permissions to the Everyone group.

9. Click OK twice, and then click Close.

Setup permissions on the network share

1. Right-click the RDSUSERPROFILE folder, and then click Properties.

2. Click Security, and then click Edit.

3. Click Add.

4. Click Object Types, select the Computers check box, and then click OK.

5. In the Enter the object names to select box, type RDSVHSRV01.Testdomain.com, and then click OK.

6. Click RDSVHSRV01, and then select the Allow check box next to Modify.

7. Click OK two times.

Step5: Configure RDSVHSRV01

You must add the virtual desktop template to Hyper-V so you can assign it to the pooled virtual desktop collection.

Create Virtual Desktop Template in RDSVHSRV01

1. Log on to the RDSVHSRV01 computer as a Testdomain\Administrator user account.

2. Click Start, and then click Hyper-V Manager.

3. Right-click RDSVHSRV01, point to New, and then click Virtual Machine.

4. On the Before You Begin page, click Next.

5. On the Specify Name and Location page, in the Name box, type Virtual Desktop Template, and then click Next.

clip_image022

6. On the Assign Memory page, in the Startup memory box, type 1024, and then click Next.

clip_image024

7. On the Configure Networking page, in the Connection box, click RDS Virtual, and then click Next.

clip_image026

8. On the Connect Virtual Hard Disk page, click the Use an existing virtual hard disk option.

clip_image028

9. Click Browse, navigate to the virtual hard disk that should be used as the virtual desktop template, and then click Open. Click Next.

clip_image030

10. On the Summary page, click Finish.

Step6: Create the managed pooled virtual desktop collection in RDSVHSRV01

Create the managed pooled virtual desktop collection so that users can connect to desktops in the collection.

1. Log on to the RDSCBSRV01 server as a TESTDOMAIN\Administrator user account.

2. Server Manager will start automatically. If it does not automatically start, click Start, type servermanager.exe, and then click Server Manager.

3. In the left pane, click Remote Desktop Services, and then click Collections.

4. Click Tasks, and then click Create Virtual Desktop Collection.

clip_image031

5. On the Before you begin page, click Next.

6. On the Name the collection page, in the Name box, type Testdomain Managed Pool, and then click Next.

clip_image033

7. On the Specify the collection type page, click the Pooled virtual desktop collection option, ensure that the Automatically create and manage virtual desktops check box is selected, and then click Next.

clip_image035

8. On the Specify the virtual desktop template page, click Virtual Desktop Template, and then click Next.

clip_image037

9. On the Specify the virtual desktop settings page, click Provide unattended settings, and then click Next. In this step of the wizard, you can also choose to provide an answer file. A Simple Answer File can be obtained from URL1 and URL2

10. On the Specify the unattended settings page, enter the following information and retain the default settings for the options that are not specified, and then click Next.

§ In the Local Administrator account password and Confirm password boxes, type the same strong password.

§ In the Time zone box, click the time zone that is appropriate for your location.

11. On the Specify users and collection size page, accept the default selections, and then click Next.

12. On the Specify virtual desktop allocation page, accept the default selections, and then click Next.

13. On the Specify virtual desktop storage page, accept the default selections, and then click Next.

14. On the Specify user profile disks page, in the Location user profile disks box, type \\FileSRV01\RDSUserProfile, and then click Next. Make sure that the RD Virtualization Host computer accounts have read and write access to this location.

15. On the Confirm selections page, click Create.

Step8: Test Remote Desktop Services connectivity

You can ensure the managed pooled virtual desktop collection was created successfully by connecting to the RD Web Access server and then connecting to the virtual desktop in the Testdomain Managed Pool collection.

1. Open Internet Explorer.

2. In the Internet Explorer address bar, type https://RDSWEBSRV01.Testdomain.com/RDWeb, and then press ENTER.

3. Click Continue to this website (not recommended).

clip_image039

4. In the Domain\user name box, type TESTDOMAIN\Administrator.

5. In the Password box, type the password for the TESTDOMAIN\Administrator user account, and then click Sign in.

6. Click Testdomain Managed Pool, and then click Connect.

Relevant Configuration

Remote Desktop Services with ADFS SSO

Remote Desktop Services with Windows Authentication

RDS With Windows Authentication

VMware vSphere 6.0 VS Microsoft Hyper-v Server 2012 R2

Since the emergence of vSphere 6.0, I would like to write an article on vSphere 6.0 vs Windows Server 2012 R2. I collected vSphere 6.0 features from few blogs and VMware community forum. Note that vSphere 6.0 is in beta program which means VMware can amend anything before final release. New functionalities of vSphere 6.0 beta are already available in Windows Server 2012 R2. So let’s have a quick look on both virtualization products.

Features vSphere 6.0 Hyper-v Server 2012 R2
Certificates

 

Certificate Authority Active Directory Certificate Services
Certificate Store Certificate Store in Windows OS
Single Sign on VMware retained SSO 2.0 for vSphere 5.5 Active Directory Domain Services
Database vPostgres database for VC Appliance up to 8 vCenter Microsoft SQL Server

No Limitation

Management Tools Web Client & VI

VMware retained VI

SCVMM Console & Hyper-v Manager
Installer Combined single installer with all input upfront Combined single installer with all input upfront
vMotion Long distance Migration up to 100+ms RTTs Multisite Hyper-v Cluster and Live Migration
Storage Migration Storage vMotion with shared and unshared storage Hyper-v Live Storage Migration between local and shared storage
Combined Cloud Products Platform Services Controller (PSC) includes vCenter, vCOPs, vCloud Director, vCoud Automation Microsoft System Center combined App Controller, Configuration Manager, Data Protection Manager, Operations Manager, Orchestrator, Service Manager, Virtual Machine Manager
Service Registration View the services that are running in the system. Windows Services
Licensing Platform Services Controller (PSC) includes Licensing Volume Activation Role in Windows Server 2012 R2
Virtual Datacenters A Virtual Datacenter aggregates CPU, Memory, Storage and Network resources. Provision CPU, Memory, Storage and network using create Cloud wizard

Another key feature to be compared here that those who are planning to procure FC Tape library and maintain a virtual backup server note that vSphere doesn’t support FC Tape even with NPIV and Hyper-v support FC Tape using NPIV.

References:

http://www.wooditwork.com/2014/08/27/whats-new-vsphere-6-0-vcenter-esxi/

https://araihan.wordpress.com/2014/03/25/vmware-vs-hyper-v-can-microsoft-make-history-again/

https://araihan.wordpress.com/2013/01/24/microsofts-hyper-v-server-2012-and-system-center-2012-unleash-ko-punch-to-vmware/

https://araihan.wordpress.com/2015/08/20/hyper-v-server-2016-whats-new/

How to configure SMB 3.0 Multichannel in Windows Server 2012 Step by Step

SMB Multichannel

The SMB protocol follows the client-server model; the protocol level is negotiated by the client request and server response when establishing a new SMB connection. Windows Server 2012 introduces a feature called SMB 3.0 Multichannel. Multichannel provides link aggregation and fault tolerance.

SMB 3.0 introduces multipath I/O (MPIO) where multiple TCP connections can be established with given SMB session. Benefits include increase bandwidth, enable transparent network interface failover and load balancing per session.

SMB Encryption

Open following registry key

HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters

  • If value of EncryptData DWORD is set to 0 then communication between SMB client and server is encrypted
  • If value of RejectUnencryptedAccess DWORD is set to 1 then communication between SMB client and server is rejected.

SMB Multichannel Requirement:

  • At least two computers that run on Windows Server 2012 R2, Windows Server 2012, or Windows 8 operating systems. No additional features have to be installed—SMB Multichannel is enabled by default.
  • Multiple network adapters in all hosts
  • One or more network adapters that support Receive Side Scaling (RSS)
  • One of more network adapters that are configured by using NIC Teaming
  • One or more network adapters that support remote direct memory access (RDMA)
  • Both NICs must be in different subnets
  • Enable NICs for client access
  • Dedicated subnets SMB storage
  • Dedicated Storage VLAN depending on if/how you do converged fabrics
  • VNX File OE version 7.1.65 and later or SMB 3.0 compliant storage
  • Port Channel Group configured in Cisco switch

TCP/IP session without Multichannel Session

  • No Automatic failover or Automatic failover if NICs are teamed
  • No Automatic failover if RDMA capability is not used
  • Only one NIC engaged
  • Only one CPU engaged
  • Can not use combined NIC bandwidth

TCP/IP session without Multichannel Session

  • Automatic failover or faster automatic failover if NICs are teamed
  • Automatic failover if RDMA capability is used. Multiple RDMA connection
  • All NICs engaged
  • CPU work load shared across all CPU cores
  • Combine NIC bandwidth

Which one to use, RDMA or RSS?

If you are looking fault tolerance and throughput then obvious choice is NIC teaming with RSS.

Adding a SMB Share in VNX Storage

  1. Create a network. Go to Settings -> Network -> Settings for File, Setup your network information
  2. Go to Storage -> Storage Configuration -> File Systems to create storage. Setup your storage configuration
  3. Go to CIFS Servers tab and create your Server configuration.
  4. Go back to your CIFS Share configuration and assign your CIFS Server as allowed and allow SMB protocol.
  5. Connect your CIFS Share with \\CIFSServer\CIFSShare and your new administrator password.

Adding a port channel group in Switch

Configuration of Cisco Switch with 2 network ports (If you have Cisco)

Switch#conf t
Switch(config)#Int PORT (a.e. Gi3/1)
Switch(config)#switchport mode access
Switch(config)#spanning-tree portfast
Switch(config)#channel-group <40> mode active
Switch(config)#Int port (a.e. Gi3/1)
Switch(config)#switchport mode access
Switch(config)#spanning-tree portfast
Switch(config)#channel-group <40> mode active

Configuration of HP Procurve with 2 network ports (If you have HP)

PROCURVE#conf ter
PROCURVE# trunk PORT1-PORT2 (a.e. C1/C2) Trk<ID> (a.e. Trk99) LACP
PROCURVE# vlan <VLANID>
PROCURVE# untagged Trk<ID> (a.e. Trk99)
PROCURVE# show lacp
PROCURVE# show log lacp

Adding SMB 3.0 Share in Hyper-v

  1. From Server Manager, click Tools and then click Hyper-V Manager
  2. Click Hyper-v Settings, Click Virtual Hard Disk, Type UNC path of SMB 3.0. Click Virtual Machine, Type UNC path of SMB 3.0
  3. Click Ok.
  4. Open PowerShell Prompt, Enable Multichannel using the following cmdlets.
  5. Configure SMB Multichannel using Windows PowerShell

Get-SmbClientConfiguration | Select EnableMultichannel

Get-SmbServerConfiguration | Select EnableMultichannel

    6. Enable Multichannel

Set-SmbServerConfiguration -EnableMultiChannel $true

Set-SmbClientConfiguration -EnableMultiChannel $true

   7. Verify Multichannel

Get-SmbConnection

Get-SmbMultichannelConnection

Data Deduplication in Windows Storage Server 2012 R2

Deduplication in Windows Server: Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder.

Enhanced Dedupe features in Windows Server 2012 R2

  • Data deduplication for remote storage of Virtual Desktop Infrastructure (VDI) workloads
  • Expand an optimized file on its original path.

When using the Data Deduplication feature for the first time or migrating from a previous version of Windows Server, be sure to consider the following related technologies and issues:

  • BranchCache
  • Failover Clusters
  • DFS Replication
  • FSRM quotas
  • Single Instance Storage or NAS Box

Install and Configure Data Deduplication using GUI

1. Open Server Manager, From the Add Roles and Features Wizard, under Server Roles, select File and Storage Services.

2. Select the File Services check box, and then select the Data Deduplication check box.

3. Click Next until the Install button is active, and then click Install.

4. From the Server Manager dashboard, right-click a data volume and choose Configure Data Deduplication. The Deduplication Settings page appears.

5. In the Data deduplication box, select the workload you want to host on the volume. Select General purpose file server for general data files or Virtual Desktop Infrastructure (VDI) server when configuring storage for running virtual machines.

6. Enter the number of days that should elapse from the date of file creation until files are deduplicated, enter the extensions of any file types that should not be deduplicated, and then click Add to browse to any folders with files that should not be deduplicated.

7. Click Apply to apply these settings and return to the Server Manager dashboard, or click the Set Deduplication Schedule button to continue to set up a schedule for deduplication.

Install and Configure Data Deduplication using Windows PowerShell

Start Windows PowerShell. Right-click the Windows PowerShell icon on the taskbar, and then click Run as Administrator.

Import-Module ServerManager | Add-WindowsFeature -name FS-Data-Deduplication

Import-Module Deduplication

Enable-DedupVolume E: -UsageType HyperV

Enable-DedupVolume E: -UsageType Default

Set-Dedupvolume E: -MinimumFileAgeDays 20

Get-DedupVolume | fl

Start-DedupJob E: –Type Optimization –Wait

References:

Windows Server 2012 R2 NAS Box with Deduplication Capacity

Introduction to Windows Deduplication

Windows PowerShell Cmdlet for Deduplication

Microsoft Virtual Machine Converter: Switching from vSphere to Hyper-v Made Easy

    Are you having difficulty funding a renewal license of expensive VMware vSphere? There is an alternative brand that adds greater value to the business reducing costs, and accelerating your journey to the cloud. Making the shift from VMware to Microsoft could be the wise decision you ever made after years of working as a CIO or IS Manager. By migrating from VMware to Microsoft, you gain a unified infrastructure licensing model and simplified vendor management, off course it gives you less pain in your wallet too.
    Whether you are looking to add value to your organisation, save cost, support grown or you are a fanatical environmentalist reducing carbon foot print, Hyper-V is the correct choice for you. A move to Microsoft’s virtualization and management platform can help you better meet your business needs. Simply buying Windows Server 2012 data center, you get the cloud computing benefits of unlimited virtualization and lower costs consistently and predictably over time.
    System Center 2012 enables physical, virtual, private cloud, and public cloud management using a single platform. It offers support for multi-hypervisor management, third-party integration and process management, and deep application diagnostics and insight. You can see what is happening inside the performance of your applications, remediate issues faster, and achieve increased agility for your organization.
    With the help of free tools like Microsoft Assessment and Planning Toolkit (MAP), and with the Microsoft Virtual Machine Converter (MVMC), you can quickly, easily and safely migrate over to Hyper-V.  For enterprise customers with large numbers of virtual machines to migrate, the Migration Automation Toolkit (MAT) provides the scalability to handle mass migrations in an automated fashion. System Center 2012 and Hyper-v Server 2012 support guest virtual machine of all major Linux and Unix distribution inclusive Microsoft OS off course.
    In a nutshell Microsoft Virtual Machine Converter:
  • Provides a quick, low-risk option for VMware customers to evaluate Hyper-V.
  • Converts VMware virtual machines to Hyper-V virtual machines.
  • Convert virtual hardware and keep same configuration of original virtual machine.
  • Supports a clean migration to Hyper-V with un-installation of VMware tools on the source virtual machine.
  • Provides GUI or scriptable CLI and Windows PowerShell, making it simple to perform virtual machine conversion.
  • Installs integration services for Windows 2003 guests that are converted to Hyper-V virtual machines.
  • Supports conversion of virtual machines from VMware vSphere 4.1 and 5.0 hosts.
  • Support migration of guest machine that is part of a failover cluster.
  • Supports offline conversions of VMware-based virtual hard disks (VMDK) to a Hyper-V-based virtual hard disk file format (.vhd file).
      • Relevant Articles
        Microsoft Virtual Machine Converter Solution Accelerator
        Migration Automation Toolkit (MAT)
        Cost Calculator
        Download Windows Server 2012
        Download System Center 2012
        Hyper-v vs vSphere
        Is VMware’s fate heading towards Novell?

        Windows Server Patching Best Practices

        This article provides actionable advice about how to manage patches to reduce downtime while still maintaining the security of software services through the proactive reduction of dependencies and the use of workaround solutions.

        Patching Requirements

        Windows Server patches, hotfixes and service pack is critical for compliance, service level agreement and security purposes. Keeping an operating systems and application up to date is the key to align your infrastructure with latest software. Patches and hotfixes also enable you to prevent any security breaches and malware infection.

        Windows Patch Classification

        The following are strongly recommended patches:

        1. Critical
        2. Security
        3. Definition Updates for malware
        4. Service packs

        Windows Product Classification

        It is highly recommended that you patch Windows Servers, Windows Clients, Office, Applications (Silverlight, .Net Framework, SQL, Exchange, SharePoint, FF TMG).

        Patching Groups

        Consultants should take time to test the patches in a non-production environment prior to being deployed to production. This will help to gauge the impact of such changes. Ideally you will have the following patching groups:

        1. UAT (UAT1, UAT2, etc)

        2. Test Environment (Test1, Test2, etc)

        3. Development Environment (Dev1, Dev2 etc)

        4. Production (Prod1, Prod2, etc)

        If you have clustered environment like SQL, Exchange and SharePoint then create Prod1, prod2 group and place each node on each group.

        Change Management

        System administrators should maintain a log, written or electronic, of all changes to the operating environment, to include hardware, system security software, operating system, and applications. Prior to any changes being implemented on a system, the system administrator should receive approval of stakeholders.

        Backup

        Why am I discussing backup with patching best practice? In case of emergency you can rollback completely and restore a server to its original state if necessary. It is very important that servers be backed up on a regular basis. Depending on the use of the server, it may be adequate to backup the server once per week. A backup of a more critical environment may be needed daily, and possibly continuously. The backup program provided with Windows is capable of backing up to virtually any writable media, which can include network drives provided by a server in another physical location. This program is also capable of scheduling backups which can ensure backups occur on a regular interval.

        Microsoft strongly recommends that you create the following backups before you install an update rollup, service pack and patch on Exchange and SQL:

        • A full backup of all databases on the server.
        • A full backup of transaction log and log backup
        • A system state backup of the server.
        • A snapshot of virtualized exchange server. Delete snapshot after successful patching and updating.

        Application Compatibility

        Read release notes of each hotfixes you are going to apply so that you are compliant with the application installed on the server. Consult with application vendor before applying service pack to any server if the server is hosting specific business application. Consult with application engineer about the importance of server patching. Inform and educate application engineer as much as possible to avoid conflict of interest.

        Documentation

        Documentation released with the updates is usually in the form of web pages, attached Word documents and README.TXT files. These should be printed off and attached to change control procedures as supporting documentation.

        Back out Plan

        A back-out plan will allow the system and enterprise to return to their original state, prior to the failed implementation. It is important that these procedures are clear, and that contingency management has tested them, because in the worst case a faulty implementation can make it necessary to activate contingency options. Historically, service packs have allowed for uninstalling, so verify there is enough free hard disk space to create the uninstall folder. Create a back out plan electronically and attach with change management software.

        User Notifications

        You need to notify helpdesk staff and support agencies of the pending changes so they may be ready for arising issues or outages.

        Consistency across Servers

        Always install the same service packs or hotfixes to each SQL server node, Exchange DAG member and Domain Controller.

        Routine Maintenance Window

        A scheduled maintenance window must be agreed with business so that application outage and server reboot can maintain a respectable Service Level Agreement (SLA). If you have a large infrastructure with thousands of servers and many regions working round the clock then you must consider application dependencies. A patching schedule can be considered in between every Friday of every month at 6:00 P.M. Friday to 6:00 A.M Monday. Setup maintenance window in system center or deadline for WSUS to make sure patches are applied when you want instead of when patch is available. In this way you will have a complete control over change windows approved by change advisory board (CAB). Do not allow end users to update patches on their client machine according to their wishes and happiness! then user will never install any patch.

        Patching Tools

        I strongly recommend that you spend few $$$ to buy Microsoft System Center 2012 to manage and deploy Windows patches, service pack and hotfixes. However you can use Windows Server Update Services (WSUS) as poor man’s patching solutions.

        Patching DMZ server can be accomplished using WSUS offline patching solutions available for free to download from http://download.wsusoffline.net/.

        Automate, Automate and Automate!

        Automated patch management using System Center could enable a single IT administrator to access a pre-populated patch policy. He then could execute the command and with the press of a single button, download the patches from Microsoft’s website, install them on a test machine and test for compatibility issues. Meanwhile, an automatic inventory check could search for systems with the affected software, wake them up, check their readiness and push the verified patches out to waiting machines. The patches would then be automatically installed on each system, and they’d reboot as necessary. The final step is an automated report on the status of the remediated devices.

        Standardize Patch Management Processes

        Standardized patch management processes could allow for daily assessment and remediation of client devices and weekly assessment and remediation for servers. Reports can then be generated to validate system status on a weekly or bi-weekly schedule. A systems monitoring task that used to take days now takes minutes, and patches are deployed more completely and consistently across the entire IT environment. A single IT administrator can proactively manage thousands of systems tasks in the same amount of time it took an entire team to do the tasks manually.

        Reboot Windows Computer

        Some application may require reboot of server before patching such as RSA Secure Console. However most of the server must be rebooted after patching. Do not suppress reboot after patching in any circumstances or you will have a messy environment and broken clusters.

        X86 and X64 Windows Systems

        The most prominent 32-bit application you’re likely to see on a 64-bit Windows system is Office. In this sort of situation System Center benefits most because you can adjust and make decision based on architecture and compliance as well. You can approve patches based on “Needed and Not Installed”. If a server or client need update it will install if not then it will not installed. It’s safe to do so.

        Antivirus and Antispyware

        Servers are vulnerable to many forms of attack. Implementation and standardization of security methods should be developed to allow early and rapid deployment on servers. It’s important that a Windows server be equipped with a latest centrally managed Antivirus program. Antivirus update must be scheduled with the same maintenance window to update antivirus with latest definition.

        Audit Practices

        Servers have a powerful auditing feature built in. Typically, server managers would want the auditing system to capture logins, attempted logins, logouts, administrative activities, and perhaps attempts to access or delete critical system files. Auditing should be limited to gathering just the information that is needed, as it does require CPU and disk time for auditing to gather information. Log Management software should be used, if possible, for ease of managing and analysing information. Report can be generated from Systems Center and WSUS as proof of patching cycle.

        Log Retention

        Servers keep multiple logs and, by default, may not be set to reuse log file entries. It is a good practice to expand the size of the allowed log file and to set it to reuse space as needed. This allows logging to continue uninterrupted. How far back your log entries go will depend on the size of the log file and how quickly you are accumulating log data. If your server environment is critical, you may wish to ensure that the log file size is sufficient to store about 30 days of logging information, and then rotate log files once per month.

        Installing Updates on a single Exchange Server

        Download Exchange Update from Microsoft Download Center. Record Current Exchange Version information

        Check for publisher’s certificate revocation

        1. Start Internet Explorer.

        2. On the Tools menu, click Internet Options.

        3. Click the Advanced tab, and then locate the Security section.

        4. Clear the Check for publisher’s certificate revocation check box, and then click OK.

        5. After the update rollup installation is complete, select the Check for publisher’s certificate revocation option.

        Pre-check before installing

        1. Determine which update rollup packages are installed on your Exchange server roles

        2. Determine whether any interim updates are installed

        3. Review interim updates

        4. Obtain the latest update rollup package

        5. Apply on a Test Exchange Server

        Install Exchange Update

        1. Ensure that you have downloaded the appropriate rollup to a local drive on your Exchange servers, or on a remote network share.

        2. Run the Windows Installer *.msp Setup file that you downloaded in step 1.

        Install Exchange Update on DAG Member

        To update all DAG members, perform the following procedures on each DAG member, one at a time. Set the member server in maintenance mode using this PowerShell Command.

        .StartDagServerMaintenance.ps1 <ServerName>

        Install the update rollup

        1. Close all Exchange management tools.

        2. Right-click the Exchange update rollup file (.msp file) you downloaded, and then select Apply.

        3. On the Welcome page, click Next.

        4. On the License Terms page, review the license terms, select I accept the License Terms, and then click Next.

        5. On the Completion page, click Finish.

        Once installed exit from maintenance mode run the StopDagServerMaintenance.ps1 script. Run the following command to re-balance the DAG, as needed

        .RedistributeActiveDatabases.ps1 -DagName <DAGName> -BalanceDbsByActivationPreference -ShowFinalDatabaseDistribution

        When the installation is finished, complete the following tasks:

        • Start the Services MMC snap-in, and then verify that all the Exchange-related services are started successfully.
        • Log on to Outlook Web App to verify that it’s running correctly.
        • Restore Outlook Web App customizations, and then check Outlook Web App for correct functionality.
        • After the update rollup installation is complete, select the Check for publisher’s certificate revocation option in Internet Explorer. See “Certificate Revocation List” earlier in this topic.
        • Check Exchange 2010 version information
        • View Update rollup in Control Panel>Programs and Features

        Patching Microsoft Failover Cluster

        You can install Windows service packs on Windows Server Failover Cluster nodes using the following procedure. Administrative privilege is required to perform the following tasks.

        Procedure to install Windows service pack or hotfixes in Windows Server 2003:

        1. Check the System event log for errors and ensure proper system operation.
        2. Make sure you have a current backup and updated emergency repair disk for each system. In the event of corrupt files, power outage, or incompatibility, it may be necessary to revert back to the state of the system prior to attempting to install the service pack/hotfixes.
        3. Expand Node A, and then click Active Groups. In the left pane, right-click the groups, and then click Move Group to move all groups to Node B.
        4. Open Cluster Administrator, right-click Node A, and then click Pause Node.
        5. Install the service pack on Node A, and then restart the computer.
        6. Check the System event log for errors. If you find any errors, troubleshoot them before continuing this process.
        7. In Cluster Administrator, right-click Node A, and then click Resume Node.
        8. Right-click Node B, and then click Move Group for all groups owned by Node B to move all groups to Node A.
        9. In Cluster Administrator, right-click Node B, and then click Pause Node.
        10. Install the service pack on Node B, and then restart the computer.
        11. Check the system event log for errors. If you find any errors, troubleshoot them before continuing this process.
        12. In Cluster Administrator, right-click Node B, and then click Resume Node.
        13. Right-click each group, click Move Group, and then move the groups back to their preferred owner.

        Procedure to install Windows service pack or hotfixes in Windows Server 2008 and Windows Server 2012:

        1. Check the event log for errors and ensure proper system operation.
        2. Make sure you have a current backup and updated emergency repair disk for each system. In the event of corrupt files, power outage, or incompatibility, it may be necessary to revert back to the state of the system prior to attempting to install the service pack/hotfixes.
        3. On Node A, Expand Services and Applications, and then click the service or application
        4. Under Actions (on the right), click Move this service or application to another node, then choose the node or select Best possible.
        5. In the Failover Cluster Manager snap-in, right-click Node A, and then click Pause.
        6. Install the service pack/hotfixes on Node A, and then restart the computer.
        7. Check the event log for errors. If you find any errors, troubleshoot them before continuing this process.
        8. In Failover Cluster Manager snap-in, right-click Node A, and then click Resume.
        9. Under Actions (on the right), click Move this service or application to another node, then choose the node.
          Note: As the service or application moves, the status is displayed in the results pane (in the center pane). Follow the Step 9 and 10 for each service and application configured on the cluster.
        10. Install the service pack/hotfixes on Node B, and then restart the computer.
        11. Check the event log for errors. If you find any errors, troubleshoot them before continuing this process.
        12. From the Failover Cluster Manager snap-in, right-click Node B, and then click Pause.
        13. In Failover Cluster Manager, right-click Node B, and then click Resume.
        14. Right-click each group, click Move Group, and then move the groups back to their preferred owner.

        You can use the following PowerShell Cmdlet to accomplish the same.

        1. Load the module with the command: Import-Module FailoverClusters

        2. Suspend (Pause) activity on a failover cluster nodeA: Suspend-ClusterNode nodeA

        3. Move a clustered service or application (a resource group) from one node to another: Get-ClusterNode NodeA | Get-ClusterGroup | Move-Cluster Group

        4. Resume activity on nodeA that was suspended in step 5: Resume-ClusterNode nodeA

        5. Move a clustered service or application (a resource group) from one node to another: Get-ClusterNode NodeB | Get-ClusterGroup | Move-Cluster Group

        6. Suspend (Pause) activity on other failover cluster node: Suspend-ClusterNode nodeB

        7. Resume activity on nodeB that was suspended in step 10 above: Resume-ClusterNode nodeB

        Conclusion

        It is critical that when service packs, hotfixes, and security patches are required to be installed, that these best practices be followed.

        Bottom line

        1. Read all related documents.

        2. Use a change control process.

        3. Apply updates that are needed.

        4. Test patches and hotfixes on test environment.

        5. Don’t get more than 2 service packs behind.

        6. Target non-critical servers first.

        7. Service Pack (SP) level consistency.

        8. Latest SP instead of multiple hotfixes.

        9. Apply only on exact match.

        10. Subscribe to Microsoft email notification.

        11. Always have a back-out plan.

        12. Have a working Backup and schedule production downtime.

        13. Consistency across Domain Controllers and application servers.

        Additional Readings:

        SQL Server failover cluster rolling patch and service pack process

        Patch Management on Business-Critical Servers

        Windows Server 2012 R2—First Look

        Visit What’s New in Windows Server 2012 R2 to find more about Windows Server 2012 R2.

        Download Windows Server 2012 R2

         image

        image

        image

        image

        image

        image

        image

        image

        image

        Changes in Windows Tasks Bar.

        image

        Start Window presents necessary administrative Tile

        image

        What’s New in Windows Server 2012 R2

        Technology

        What’s New

        iSCSI

        • Prevent data corruption during power failure.
        • sessions per target has increased to 544, and logical units per target has increased to 256.

        SMB

        • Support for Hyper-V Live Migration over SMB
        • Support for using shared VHDX files as shared storage for guest clustering
        • improved SMB bandwidth management
        • Support for multiple SMB instances on a Scale-Out File Server
        • Automatic rebalancing of Scale-Out File Server clients

        WDS

        PowerShell cmdlet scripting

        Active Directory

        Working anywhere approach, access protected data, multi-factor authentication

        DFS

        • Windows PowerShell module for DFS Replication
        • DFS Replication WMI provider
        • Database cloning for initial sync
        • Cross-file RDC disable
        • Database corruption recovery
        • Preserved file restoration
        • File staging tuning

        DHCP

        DNS suffix based policies

        DNS PTR registration options

        MSCS Cluster

        • Virtual machine network health detection
        • Virtual machine drain on shutdown
        • Shared virtual hard disk (for guest clusters)
        • Deploy a cluster without network names in Active Directory Domain Services
        • Dynamic witness
        • Force quorum resiliency
        • Tie breaker for 50% node split
        • Configure the Global Update Manager mode
        • Turn off IPsec encryption for inter-node cluster communication
        • Cluster dashboard

        GPO

        Policy Caching

        Item-Level Targeting,

        Hyper-v

        • Shared virtual hard disk
        • Storage Quality of Service
        • Virtual machine generation
        • Enhanced session mode
        • Automatic Virtual Machine Activation

        IP Address Management (IPAM)

        • Role based access control
        • Virtual address space management
        • External database support
        • Upgrade and migration support

        Supported Upgrade Path

        From

        To

        Windows Server 2008 R2 Web, Datacenter or enterprise with SP1

        Windows Server 2012 R2 Datacenter, standard

        Windows Server 2012 Standard, datacenter

        Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter

        Hyper-V Server 2012

        Hyper-V Server 2012 R2

        In-place upgrade of the following is unsupported:

        • from 32-bit to 64-bit architectures
        • from one language to another
        • from one build type to another (fre to chk, for example)
        • Upgrades from pre-release versions of Windows Server 2012 R2 Preview are not supported. Perform a clean installation to Windows Server 2012.
        • switch from a Server Core installation to the Server with a GUI mode

        Feature Removed or Deprecated in Windows Server 2012 R2

        Removed features

        Alternative

        File Backup and Restore

        File History feature

        System Image Backup

        Reset your PC

        Drivers for tape drives

        Use manufacturer drivers

        Creation of recovery disk on CD or DVD

        Use the Recovery Disk to USB feature

        Windows Authorization Manager (AzMan)

        use new management tools for virtual machine

        Active Directory Rights Management Services (AD RMS) SDK

        AD RMS SDK 2.0

        The Application Server role

        Use features and roles

        IIS CertObj COM interface

        None

        GAA_FLAG_INCLUDE_TUNNEL_BINDINGORDER

        None

        Dfscmd.exe

        Use PowerShell

        Mount-IscsiVirtualDiskSnapshot, Dismount-IscsiVirtualDiskSnapshot

        Use PowerShell

        Nfsshare.exe

        Use PowerShell

        NFS 2

        NFS 3 or NFS4

        Network Access Protection (NAP)

        Windows Web Application Proxy

        Server for Network Information Services (NIS) Tools

        Use native LDAP, Samba client, Kerberos

        SMB 1.0

        SMB 2

        Telnet server

        Remote desktop

        Windows Identity Foundation (WIF) 3.5

        Use WIF 4.5 and .net framework 4.5

        SQL lite

        SQL LocalDb

        WMI version 1

        WMI version 2

        References:

        Release Notes: Important Issues in Windows Server 2012 R2 Preview

        System Requirements

        What’s New

        Windows 8: Configuring AppLocker Step by Step

        AppLocker is a customizable rules that allow/disallow applications, scripts and installers on a per user or per group basis. By using this feature, an administrators can ensure that security and licensing compliance needs are met, and to provide granular level security to align with corporate security compliance. You can configure the following rules in AppLocker via group policy object

        • Executable Rules
        • Windows Installer Rules
        • Script Rules
        • Packaged App Rules

        AppLocker can be found in Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesAppLocker location shown in picture

        image

        an administrator creates or edits a Group Policy Object based on business needs. Rules can be created to allow/deny any applications/scripts/installers to run per user or per group. The following is an example to create a rule allowing Adobe Acrobat using AppLocker.

        Right Click on Executable Rules, Click Create New Rule

        image

        On the Permission page, Click Allow, Click Next

        image

        Select Publisher, Click Next

        image

        Click Browse and go to the C:Program Files (x86)AdobeAcrobat 10.0Acrobat and select Acrobat.exe. If you would like to select specific version, Click Next otherwise drag mouse product name shown product name. in this way you have selected Adobe Acrobat and any version will be allowed by this rule.

        image

        image

        On the Exceptions page, Click Next

        image

        On the Name page, Click Create.

        image

        Now you will see the rule in the following screen

        image

        AppLocker is a robust tool to manage corporate compliance and security on the desktop and server platform.

        Windows 8.1

        Windows 8.1 code name “Windows blue” will be available to download as public preview on 26 June 2013.

        What’s new:

        1. Start Button is back again.
        2. Internet Explorer 11 allows user to show address bar, tabs similar to old IE.
        3. Improved search functionality for apps, program within OS.
        4. Ability to switch back to traditional windows desktop easily.
        5. Visibility of control panel let user manages power option, display settings, Windows update and join domain.
        6. Better personalization, built-in apps, Windows Store and cloud connectivity such as sky drive.
        7. Windows embedded version will allow connectivity to ATMs, point of service (POS) terminals and kiosks.
        8. Better mouse and keyboard option for desktop user.

        Microsoft sold 100 million Windows 8 license. Microsoft listened to user who complained that Windows 8 is a tablet version not a desktop. Again Microsoft will allow Windows 8 user to download and upgrade to Windows 8.1 for free via Windows store.

        Is VMware’s fate heading towards Novell?

        Previously I wrote a blog on comparing price and features of Hyper-v and VMware. I got lot of feedback and questions why I believe Microsoft will win the battle. Here is a short answer for this question.

        Living in mining city of Australia, its truth that most mining, oil and gas company isn’t adopting Microsoft Hyper-v yet excluding Fortescue Metals (FMG). FMG took a smart decision to go for Microsoft cloud than any other cloud technology. But wind is shifting quickly. Not just mining, oil and gas companies. Here are other examples: ING Direct case study and Suncorp Bank case study. There is nothing to hide that Microsoft came late to Hypervisor game. Slowly but surely Microsoft is gaining momentum.

        I worked in almost 15 years now. I have seen in many occasions that Microsoft crashes its opponent and gain market in their own business. This is what happening in Hypervisor battle. Let’s be honest VMware is THE leader in virtualization. I am sure there are skeptics who believe, beating VMware isn’t possible. Those skeptics betted their money on Novell Netware, IBM Lotus Notes and Corel Word Perfect in those days. If I had told you in year 2000 that Active Directory would beat Novell e-directory, you would have burst out of laugh. But now there’s nothing to comment on this. By now you rarely see and work e-directory, word perfect or lotus notes. These examples says it all. VMware’s fate is written when Microsoft released Windows Server 2012, Hyper-v Server 2012 and System Center 2012. By the next Windows, Hyper-v and System Center release VMware may extinct.

        If you need more evidence then you can find Microsoft’s Oil and Gas customer’s success stories on Microsoft View Point.

        Performing a Staged RODC Installation using the GUI

         

        Staging an RODC allows an administrator to perform installation without travelling to the site. You can stage a RODC installation in four steps. Step1, Step2 and Step3 are performed in Head office by a member of domain admin where authoritative domain controller is located. Fourth step is performed in site office where site admin and RODC is located.

        Assumption:

        · RODC NetBIOS Name: DC4

        · RODC Security Group: RODCAdmins

        · Forest: Superplaneteers.com

        Step1: Prepare Environment

        · Install Operating System on RODC Server

        · Activate Windows Server 2012

        · Configure TCP/IP Properties of the Server

        · Rename RODC Server to desired NetBIOS name (Example-DC4)

        Step2: Add Site Admin into RODCAdmins Security Groups in AD

        Open Active Directory Users and Computers, Right Click on desired OU, Click new, Click Group, Create a Security group named as RODCAdmins.

        clip_image002

        Add Site Admins into RODCAdmins group.

        Step3: Create an RODC Computer Account

        Open Active Directory users and Computers, Select Domain Controllers OU, Click on Action, Click Pre-create Read-only Domain Controller account

        clip_image004

        Click Next, On the Welcome to the Active Directory Domain Services Installation Wizard page, if you want to modify the default the Password Replication Policy (PRP), select Use advanced mode installation, and then click Next.

        clip_image006

        On the Network Credentials page, under Specify the account credentials to use to perform the installation, click My current logged on credentials, Click Next

        clip_image008

        On the Specify the Computer Name page, type the computer name of the server that will be the RODC.

        clip_image010

        On the Select a Site page, select a site from the list or select the option to install the domain controller in the site that corresponds to the IP address of the computer on which you are running the wizard, and then click Next.

        clip_image012

        On the Additional Domain Controller Options page, make the following select Domain Naming System (DNS), Global Catalog (GC), Read-only Domain Controller (RODC) and then click Next:

        clip_image014

        On the Delegation of RODC Installation and Administration page, type the name of the user or the group who will attach the server to the RODC account that you are creating. To search the directory for a specific user or group, click Set. In Select Users, Computers, or Groups, type the name of the user or group. When you are finished, click Next.

        clip_image016

        On the Summary page, review your selections. Click Back to change any selections, if necessary.

        clip_image018

        When you are sure that your selections are accurate, click Next to create the RODC account.

        clip_image020

        On the Completing the Active Directory Domain Services Installation Wizard page, click Finish.

        Step4: Attach a server to an RODC account using Server Manager

        This step is performed in the site office where the RODC is located. The server where you perform this procedure must not be domain member. In Windows Server 2012, you use the Add Roles Wizard in Server Manager to attach a server to an RODC account. Follow the procedure to promote a RODC at the branch office.

        1. Log on to Server DC4 as local Administrator. In Server Manager, click Add roles and features. On the Before you begin page, click Next.

        2. On the Select installation type page, click Role-based or feature-based installation and then click Next.

        3. On the Select destination server page, click Select the local server from the server pool, click Next.

        4. On the Select server roles page, click Active Directory Domain Services, click Add Features and then click Next.

        5. On the Select features page, select any additional features that you want to install and click Next.

        6. On the Active Directory Domain Services page, review the information and then click Next.

        7. On the Confirm installation selections page, click Install.

        8. On the Results page, verify Installation succeeded, and click Promote this server to a domain controller to start the Active Directory Domain Services Configuration Wizard.

        9. On the Deployment Configuration page, click Add a domain controller to an existing domain, type the name of the domain superplaneteers.com and specify an account who is a member of RODCAdmins group that is delegated to manage and install the RODC, and then click Next.

        10. On the Domain Controller Options page, click Use existing RODC account in this case DC4, type and confirm the Directory Services Restore Mode password, and then click Next.

        11. On the Additional Options page, select the head office domain controller that you want to replicate the AD DS installation data from or if you have correct sites configured then allow the wizard to select any domain controller and then click Next.

        12. On the Paths page, type the locations for the Active Directory database, log files, and SYSVOL folder, or accept default locations, and then click Next.

        13. On the Review Options page, confirm your selections, click Next.

        14. Once Prerequisites Check is successful then click Install.

        15. To complete the AD DS installation, the server will restart automatically.

        Deploy Windows 8 Enterprise using Lite Touch Deployment Method

        Gallery

        System Requirements: Windows 8 Enterprise Version Windows Server 2008 or Windows Server 2012 Microsoft .NET Framework version 3.5 with SP1 or later Windows PowerShell™ 2.0 or later Windows 7 Automated Installation Kit Active Directory Domain Services Dynamic Host Configuration Protocol … Continue reading

        Microsoft’s Hyper-v Server 2012 and System Center 2012 Unleash KO Punch to VMware

        Hyper-V has been integral part of Windows Server 2008 and enhanced with great features in Windows Server 2012. According to Gartner’s magic quadrant Microsoft Hyper-v has been positioned in the leader category second to VMware. Combining Windows Server 2012 and System Center 2012 provide you a high performance Cloud Technology. Microsoft licensing model is highly flexible and charges only by physical processors and offer unlimited virtualization rights with Datacenter editions. With Hyper-v, your return on investment (ROI) increases as your workload density increases.

        Pricing Comparison:

        The pricing is based on the following assumptions:

        • Average consolidation ratio of 12 VMs per physical processor.
        • Number of physical hosts required 21. Each physical host contains 2 physical processors with six cores each.
        • Three years License and Maintenance; VMware cost includes Windows Server 2012 Datacenter edition for running guests
        • costs do not include hardware, storage or project cost
        • Pricing is based on published US prices for VMware and Microsoft as of September, 2012.
        • The cost above doesn’t include Microsoft Windows Server license cost for guest operating system.
        • Windows Server 2012 Datacenter allows you to run unlimited Windows Server 2012 on Hyper-v Server 2012 host.

        Server Virtualization Environment:

        image

        Pricing Summary:

        image

        Microsoft Server Virtualization Cost break-down

        image

        VMware Server Virtualization Cost break-down

        image

        Features VS Cost Breakdown- Multi-Site Private Cloud Computing

        Together with Windows Server 2012 and System Center 2012 is truly a cloud and datacenter management solution with eight separate components such as management, monitoring, provisioning, disaster recovery integrated into one unified product. A unified System Center management solution delivers greater OPEX cost savings than VMware in addition to CAPEX cost savings.

        image

        Number Game:

        image

        Breakdown in resources (/Host/Guest/Cluster):

        image

        Network Virtualization

         image

        DR Solutions

        image

        Truth about VMware lies:

        You don’t have to be Einstein to understand that VMware is in significant pressure from all sides. Hence they are misleading Cloud market with biased information. I would strongly recommend you to assess your business position, compare apple to apple before renewing/buying your next Cloud products. Though VMware is still no.1 player in Cloud Computing market but their fear is real that VMware loyal Customer is switching continuously to Microsoft Cloud Technology. A declining enterprise market leads them to spread the following one sided information.

        1. VMware claim: VMware vSphere 5.1 can achieve an 18.9% higher VM density per host than with Microsoft Hyper-V.

        Facts: In one of VMware’s own tests, when provided adequate memory to support the number of users the performance variance between vSphere 5.1 and Hyper-V R2 SP1 was only 2% (using 24VM’s).

        2. VMware claim: Hyper-V performance is poor. If performance is important to you, choose VMware.

        Facts: In reality, Hyper-V offers near-native levels of virtualization performance, for which there are multiple supporting proof points (including independent third party validations):

        • Enterprise Strategy Group Report (2011) – SharePoint, Exchange, & SQL on Hyper-V Host.
        • Microsoft & Intel – 700,000 IOPS to a VM | Near Native with VMq: Windows Server and Hyper-V are not a limiting factor to IO performance. There shouldn’t be any significant concern around IO for virtualizing with Hyper-V.
        • Project Virtual Reality Check (Terminal Services on Hyper-V).

        3. VMware claim: Hyper-V isn’t ready for the enterprise. It can’t handle the most intensive of workloads like VMware can.

        Facts: Hyper-V offers near native levels of performance for key workloads, ensuring that customers can virtualize their mission critical, high-performance applications and workloads with confidence on Hyper-V. Additionally, a growing number of enterprise customers are running their businesses on Microsoft Hyper-V. Please read Microsoft Private Cloud success stories.

        4. VMware claim: Hyper-V is lacking some of the key VMware features today. Features such as vMotion, HA, Memory Overcommit, DRS, Storage vMotion and Hot-Add are important features for us, and Hyper-V simple doesn’t come close.

        Facts: Hyper-V R2 SP1 and System Center 2012 provide Live Migration, High Availability, Storage Live Migration, Dynamic Memory Allocation, Hot-Add and subsequent removal of storage.

        5. VMware claim: VMware vSphere 5.1 is more secure than Hyper-V because it’s architecture and small code base.

        Facts: Small footprint doesn’t equal a more secure hypervisor. Both vSphere and Hyper-V use the same memory footprint to run. The disk Footprint in ESXi 5.0 (144 MB) doubled from ESXi 4.0 (70 MB). Microsoft follows the rigorous, industry-leading Secure Development Lifecycle (SDL) for all its products. It is possible to achieve a 40-60% reduction in patches using Server Core based on historical data.

        6. VMware claim: There is no virtual firewall in Hyper-V while VMware provides vShield Zones.

        Facts: Windows Server 2012 also includes an integrated firewall with advanced security features. An old version of vShield Zones is included with vSphere 5.1 (details here) and vShield Zones has several limitations like every VM’s traffic passes through the Zones virtual appliances which slows down the traffic.

        7. VMware claim: Microsoft doesn’t offer anything comparable to VMware Fault Tolerance.

        Facts: VMware Fault Tolerance has limited applicability and severe limitations. It cannot function with:

        • Thin Provisioning and Linked Clones
        • Storage vMotion
        • Hot plug devices and USB Pass-through
        • IPv6
        • vSMP
        • N-Port ID Virtualization (NPIV)
        • Serial/parallel ports
        • Physical and remote CD/floppy drives
        • no more than 4 FT VMs per host be used

        8. VMware claim: VMware significantly support for Linux operating systems than Hyper-V.

        Facts: In production environment, Hyper-v supports Microsoft Windows Server and Linux Server without modifying any guest operating systems or installing tools.

        9. VMware claim: VMware supports broad applications, while Hyper-V does not.

        Facts: Since VMware does not have certified logo program for any application, they are not in position to dictate which application are supported or not. On the contrary, every single application that achieves a logo for Windows Server can be run on guest operating system on a Hyper-V, and is therefore inherently supported. There are over 2500 ISV applications listed on Microsoft Pinpoint that work with Hyper-V. Truth is neither Microsoft nor VMware mention which application you can install on a guest operating systems. It’s completely up to you what you would like to run on guest operating systems.

        10. VMware claim: VMware’s Site Recovery Manager (SRM) enables us to simplify our DR story, and provides us with a solution to not only perform a planned failover, but test it whenever we like. Microsoft simply can’t deliver an alternative to this.

        Facts: System Center 2012 components like Data Protection Manager and Orchestrator can provide tailored DR solutions. Windows Server 2012 includes an inbox replication capability, Hyper-V Replica, at no cost.

        11. VMware claim: Microsoft Hyper-v isn’t ready for Hoster or Service Provider.

        Facts: Hyper-v has been adopted by service provider industry to host their own infrastructure and public cloud simultaneously on Hyper-v utilizing Microsoft Network Virtualization. Click here and filter using hosting and public cloud to find the list of hoster. Examples: hostway, softsyshosting , hyper-v-mart , geekhosting , BlueFire and many more.

        12. VMware Claim: Hyper-v does not fully comply with Trunking, VLANs

        Facts: Microsoft Network virtualization is more advanced than VMware standard Switch and DV Switch. Microsoft Hyper-v is fully compliant with 802.1q trunking, VLANs, VIP, networking Tunneling, multitenant IP management. VMware is catching up on network virtualization. Being in back foot VMware advertised to hire a PR professional to campaign on network virtualization.

        Bottom-line: Why Selecting Hyper-v Over VMware

        Other than cost savings, the following reasons why you should select Hyper-V and System Center 2012 over VMware vSphere 5.1

        1. Built-in Virtualization: Hyper-V is an integral part of Windows Server 2008 and Windows Server 2012

        2. Familiarity with Windows: In-house IT staff can utilize their familiarity and knowledge of Windows environment to deploy Hyper-v minimizing training cost and learning time.

        3. Single Platform Cloud Management Technology: System Center 2012 enables you to manage physical, virtual, private and public cloud using a common console view for multi-hypervisor management, 3rd party integration and process automation, ability to manage applications via a single view across private and public clouds, and deep application diagnostics and insights.

        4. Running common Microsoft Application: It is obvious that Microsoft application will run better on Hyper-v 2012. Still Microsoft has published third-party validated lab results that prove best-in-class performance for Microsoft workloads on Hyper-V.

        5. Private, Public or Hybrid Cloud: Microsoft provides complete solutions for Private, Public or Hybrid cloud with next generation computing technology like IaaS, PaaS, SaaS.

        6. Value for Money: Microsoft Private Cloud provides value for money. You will receive unrestricted virtualization license once you buy Windows Server 2012 Datacenter and System Center 2012.

        7. Easy Migration: Convert VMware virtual machine to Microsoft Hyper-v virtual machine in few easy steps. See this link.

        8. Single Vendor: Since your existing virtualization workload is mostly Windows Server, from vendor communication and contract management point of view, having Microsoft Hyper-v make more sense.

        References:

        Microsoft Cloud Summit Australia

        Microsoft Private Cloud Cost Calculator

        Microsoft Private Cloud Success Stories

        Microsoft Cloud Computing

        System Center 2012

        Windows Server 2012

        Hyper-v Server 2012

        Download Microsoft System Center Private Cloud Evaluation Software

        Client Hyper-V in Windows 8

        Gallery

        Client Hyper-V on Windows 8 provides a rich virtual platform for developers and IT professionals. You can create and manage virtual machines using client Hyper-V leveraging the security, scale, and manageability of Windows 8 and Server Hyper-V platforms. This is … Continue reading

        Hardening Security of Server- The Bottom Line

        Gallery

        Securing Servers from internal and external threat is the key aspect of managing and administering Windows Servers. If you carefully design, implement and maintain IT Infrastructure you will have a better night sleep knowing you are safe. There will not … Continue reading