I continue to be amazed at the useful stuff on technet.com I ran across this the other day, looking something up about Hyper-V.
Security is always top of mind these days, so I thought I would share our Hyper-V Security Guide.
The Hyper-V Security Guide provides IT professionals with guidance, instructions, and recommendations to address key security concerns about server virtualization.
Microsoft Hyper-V technology allows consolidation of workloads that are currently spread across multiple underutilized servers onto a smaller number of servers. This capability provides a way to reduce costs through lower hardware, energy, and management overhead while creating a more dynamic IT infrastructure.
The Hyper-V Security Guide can help you elevate the security of virtualized Windows Server environments to address your business-critical needs.
This guide focuses on three key areas:
The download for the Hyper-V Security Guide includes the following components:
The Hyper-V Security Guide includes the following content:
The following resources provide additional information about security topics and in-depth discussion of the concepts and security prescriptions in this guide:
Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.
Register to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as
Are you ready to try the latest on System Center 2012 Betas and Release Candidates?
Go to http://aka.ms/syscntr and get the latest downloads.
Today Microsoft has made 4 new free virtual labs available. This gives you a great opportunity to try out some of the basic operations of some of the new suite of System Center tools.
TechNet Virtual Lab: System Center Operations Manager 2012: Infrastructure and Application Performance Monitoring
TechNet Virtual Lab: System Center Virtual Machine Manager 2012: Building Your Cloud Infrastructure
TechNet Virtual Lab: System Center Virtual Machine Manager 2012: Building a Service Template
TechNet Virtual Lab: Introduction to System Center Configuration Manager 2012
Try them out. And then if you’re interested in running these tools for yourself by building your own test environment, don’t forget to download the evaluations of these products HERE.
What in the world is this thing called Windows Intune?
Perform security and management tasks remotely from a web-based console.
Help secure PCs from malware and virus threats with endpoint protection.
Deploy most updates and line of business applications through the cloud.
Greater performance and security with available Windows 7 Enterprise upgrade.
Windows Intune simplifies and helps businesses manage and secure PCs using Windows®cloud services and Windows 7. Windows Intune includes both the cloud service for PC management and security and upgrade rights to Windows 7 Enterprise and future versions of Windows.
With the Windows Intune cloud service, IT staff can remotely perform a number of security and management tasks including manage updates, endpoint protection to help safeguard PCs from malware threats, and inventory management so IT and end-users can remain productive from virtually anywhere—all that’s required is an Internet connection. With the Windows 7 Enterprise upgrade included in the subscription, customers can get the best Windows experience with Windows 7 Enterprise or standardize on the Windows version of their choice.
Customers also have the option to purchase the Microsoft Desktop Optimization Pack (MDOP) add-on, a set of seven on-site advanced desktop management tools. MDOP can help further enhance security and control and help you resolve critical issues that could not be addressed by the cloud service, such as diagnosing and recovering unbootable PCs. For more information on the capabilities of the MDOP, please visit www.microsoft.com/windows/enterprise/products/mdop.
The Windows Intune cloud service is a single, easy-to-deploy solution to help manage and secure for PCs. A simple Web-based console gives you immediate visibility into what’s going on across all your managed PCs so that you can proactively identify and resolve problems with your PCs virtually anywhere.
Help manage and secure PCs anywhere
Protect PCs from malware: Help protect your customers’ PCs from the latest threats with centralized endpoint protection. You can even remotely initiate on-demand malware scans, forced restarts, or malware definition updates to take the extra step helping ensure your PCs are well-protected from potential threats.
Manage updates: Centrally manage the deployment of updates to Microsoft ® and most third-party software, keeping the applications your workers need current.
Distribute software: Deploy Microsoft and most third-party software, through the cloud, to PCs located nearly anywhere.
Proactively monitor PCs: Receive alerts on updates, threats, offline PCs and more so that you can proactively identify and resolve problems with your PCs virtually anywhere.
Provide remote assistance: Resolve PC issues, regardless of where you or your users are located, with remote assistance.
Track hardware and software inventory: Track hardware and software assets used in your business to efficiently manage your assets and compliance.
Manage your licenses: Manage many Microsoft volume license agreements and other license agreements to track how many licenses you’ve purchased against what you’ve installed.
Increase insight with reporting: Generate and save reports on updates, software, hardware, and licenses. Export data as a comma separated value file and import it directly into Microsoft Excel for further analysis.
Set security policies: Centrally manage update, firewall, and endpoint protection policies, even on remote machines outside the corporate network.
Note: For more details on any of these items, please refer to the Windows Intune Product Guide
So, Version 2 of Windows Intune just came out, what’s New?
The core architecture remains unchanged, and we’ve added a few of the top feature requests from users. We’ve also made usability improvements to the service to deliver a richer experience and help you proactively address the PC management and security needs of your business. These updates include:
Software Distribution: Deploy many Microsoft®, third-party, and your company’s own business applications and updates to Windows Intune managed PCs, as noted in Software Distribution section below.
Remote Tasks: Remotely perform the following tasks on Windows Intune managed PCs from the administration console: Full scan, Quick scan, Update Malware Definition, and Restart.
Robust license management: Manage your Microsoft Retail Licenses, Original Equipment Manufacturer (OEM) Licenses for Microsoft software, and third-party software licenses in addition to many Microsoft Volume License agreements. With 15 years of experience hosting some of the world's largest cloud services, such as Hotmail and Windows Update, Microsoft provides the reliability, availability, and security customers expect for their business: highly-secure, high-availability server architecture, 24x7 support, and a financially-backed 99.9% scheduled uptime SLA.
Enhanced Reporting: Create hardware reports based on new hardware filters for common hardware characteristics. Additionally, you can now create and save report parameters to make it easy and efficient to run a report again in the future.
Alerts + Monitoring: Configure alert types to be reported according to a specified threshold, frequency, or percent of computers affected.
Numerous usability and user interface enhancements: We continue to improve the design and usability based on user feedback. You will find updates like read-only access and new context menus, copy and paste, drag and drop, search, filter, and improved organization capabilities throughout the product.
Simplify cloud migration planning with MAP Toolkit 6.5
The Solution Accelerators team is pleased to announce the Microsoft Assessment and Planning (MAP) Toolkit 6.5 is now available for download.
The journey to the cloud is now smoother than ever with the Microsoft Assessment and Planning (MAP) Toolkit 6.5. The MAP Toolkit’s new capabilities help users to securely assess heterogeneous IT environments while enabling the evaluation of workloads for migration to Microsoft’s private and public cloud platforms. Consolidate existing server workloads using the updated Microsoft Private Cloud Fast Track capacity planning feature. The Database Consolidation Appliance Assessment allows you to simplify SQL Server migration planning for the private cloud. The revamped Azure Migration feature in MAP 6.5 provides more in-depth analysis of the suitability of migrating on-premises applications to the Windows Azure™ platform. Additional new features in MAP 6.5 include the discovery of active Windows® devices, Software Usage Tracking for Forefront® Endpoint Protection (FEP), and the discovery of Oracle instances on Itanium-based servers with HP-UX to assist in the planning of migration to SQL Server®.
Accelerate planning for the private cloud with Microsoft Private Cloud Fast Track Onboarding.
Planning your private cloud just got easier. Microsoft Private Cloud Fast Track Onboarding, an updated assessment available with MAP 6.5, provides consolidation guidance and validated configurations with preconfigured Microsoft Private Cloud Fast Track Infrastructures including computing power, network, and storage architectures. This updated feature provides greater flexibility in private cloud migration planning by allowing users to customize computer configurations and shared resources to target consolidation of both physical and virtual workloads. Get a quick analysis of server consolidation on Microsoft Private Cloud Fast Track Infrastructures to help accelerate your planning of physical to virtual (“P2V”) migration to Microsoft Private Cloud Fast Track.
Identify migration opportunities with heterogeneous server environment inventory.
MAP has expanded its heterogeneous server environment inventory to include VMware Server, VMware vSphere, and VMware vCenter. Inventory and reporting on the number of servers and guests deployed and managed by VMware infrastructure helps you identify migration opportunities and accelerates the migration planning process. SQL Server, SharePoint Server and Exchange Server run better on Hyper-V, so MAP 6.5 has the added capability of identifying Microsoft workloads deployed on VMware guests.
Simplify consolidation of SQL Server to the Database Consolidation Appliance
MAP 6.5 simplifies SQL Server consolidation planning and provides recommendations for migration to the Database Consolidation Appliance. Using MAP, you can measure the current database workloads, estimate the capacity required for migrating to Database Consolidation Appliance, and take the next steps in the process. The Database Consolidation Appliance provides better agility through a fully elastic database infrastructure and allows you to consolidate thousands of SQL Server instances into a single appliance resulting in exceptional operational cost savings.
Assess your software usage and evaluate your licensing needs.
The enhanced Software Usage Tracking feature in MAP 6.5 simplifies and reduces time and administrative costs associated with software license management and compliance by adding additional product coverage, as well as the ability to identify active devices. Forefront Endpoint Protection (FEP) usage tracking measures server and client usage for the FEP product, a recent addition to the Microsoft Core Client Access License (CAL) Suite. In addition to FEP, the Software Usage Tracking feature provides consistent software usage reports for key Microsoft server products (Windows Server, SharePoint Server, System Center Configuration Manager, Exchange Server, and SQL Server). With the addition of the new Active Devices scenario, organizations can now easily identify and report Windows devices that are active on the network. This information is particularly useful in Enterprise Agreement scenarios.
Discover Oracle instances on Itanium-based servers for migration to SQL Server.
MAP 6.5 adds to the heterogeneous database inventory and reporting capability with the discovery of Oracle instances on Itanium-based servers with HP-UX. The MAP Toolkit can help determine total cost of ownership for maintaining Oracle and the potential return on investment (ROI) from switching to SQL Server. MAP also allows users to discover, plan, and migrate to SQL Server. Along with reporting of the size and use of each schema, MAP provides an estimate of the complexity of migration and suggests candidates for migration to SQL Server. This heterogeneous database inventory and reporting capability will help you accelerate migration to SQL Server from MySQL, Oracle, and Sybase databases.
Assess your client environment for Office 365 readiness.
MAP 6.5 helps make your planning process easier and faster for business productivity solutions. MAP 6.5 includes an Office 365 client assessment that evaluates the compatibility of the Office suite software deployed in your environment. This assessment helps you quickly pinpoint the clients ready for upgrade to Office 365. The tool obtains machine-level details to determine the upgrade readiness and quickly identifies the compatibility of current Office suite software installed with Office 365.
Determine readiness for migration to Windows 7 and Windows Internet Explorer 9.
Simplify your organization's migration to Windows 7 and Windows Internet Explorer 9 with MAP 6.5. The MAP Internet Explorer migration assessment—now updated for Internet Explorer 9 migration—inventories your environment and reports on deployed web browsers, Microsoft ActiveX controls, and add-ons, and then generates a migration assessment report and proposal for easier migration to Windows 7 and Internet Explorer 9.
Accelerate planning and migration with new UI and usability updates in MAP 6.5.
MAP 6.5 offers an improved user experience to simplify and accelerate your planning needs. The improved MAP user interface streamlines the assessment and planning process by clearly identifying the sequence of steps that users must perform to successfully complete the migration planning process.
Back in September the team I am on got to visit our “Cloud” Data Center in San Antonio, Texas. Now they wouldn’t let us take pictures of the insides, but I have to tell you about some of the things I saw. You have all seen Data Centers, raised floor and lots of air conditioning especially here in HOT Texas in the summers. It takes a huge amount of electricity to cool a large data center. Well when we built San Antonio Data Center back in 2008, we wanted to be as Green as possible. Check out this Blog entry about the data center from http://www.greenm3.com/ Green Data Center Blog.
We use chilled water to provide the air conditioning or cooling. To chill water, you have evaporate water into the air to cool the water. This could take millions and millions of gallons for a Data Center of this size. We have a special arrangement with the City of San Antonio. We take “Grey water” from the city sewer system, and rain water collected on the massive roof to use to evaporate to created chilled water. More about this process on that Green Data Center Blog. The chilled water is 47 degrees. We store a huge amount of it, I think they said over 500,000 gallons of it. Look in this picture(courtesy of greenm3.com/San Antonio paper, and areo photo)
At the bottom of the picture is the white storage tank that stores the water for us. There is one at each end of the building. This is enough water to cool all the servers for about 12 minutes if we were to loose power. I know not a long time. So we would start up our generators, then we could start chilling water again within the 12 minute timeframe.
If I could show you the inside of the data center, the raised floor has water pipes running under the servers, air is blown over these pipes and that provides the chilling for each room of servers.
We put out lots of information about the design of our Data Centers. You can read more or watch the videos on www.globalfoundationservices.com
San Antonio is a V2 of our Data Centers, We are now building V4 of our Data Centers.
Check out this video from www.globalfoundationservices.com that we posted on youtube.com
So day three now of lessons learned within this blog series. Kevin started us out with his lessons here, then yesterday Brian Lewis told us what he learned, and now today is my turn. Part of this post originally appeared on my blog October 5, hey I wrote it so I gave myself permission to leverage here:
Last week I was part of a team that traveled To San Jose, CA. Our mission was to get some hands on experience, and build a test lab that we can use to demo System Center, Private Cloud, VDI, Clustering, etc. etc., etc. for our events over the few months.
Our Monday got off to a slow start, President Obama was in Silicon Valley to give a “LinkedIn” chat (not sure why he couldn’t have done this remotely), but do you know what happens to “the 101” when The President is on the move? I got out of the car in the middle of the lane on the 101 and took this picture.
We didn’t move 5 feet for about 15 minutes…..
Our plan was to build out these 5 Dell Servers we got. Document what we did, so the next two team could come in and repeat our steps.
Monday we installed Windows Server 2008 R2 SP1 on all 5 boxes, we thought we were cool doing for Thumb drives (much faster) than DVD installs.
Basically we took the defaults, didn’t really think about the drives, or partitions, or much. The Dell R710’s came with 2 or 6 TWO Terabyte drives. We just did install. Then realized the ones with 2 drives were striped, but why couldn’t we see the other drive? Yep Server has a 2 Terabyte boot partition limit. Oops. So we wanted to move around a couple of drives (add more to one machine, only leave one in others). So it was off to “undo the stripping” move the drives, and yes now Tuesday, start over with the installs, but BEFORE we did, we created a 2 Terabyte partition for the OS, and another partition for the rest of the storage. Ah learning's (or being stupid from the cold).
We also took the chance to make sure hardware virtualization was installed on all 5 servers. It wasn’t we thought we got them all. On Friday we had issues with the second server Hyper-v2. With a little research, Hyper-v service was failing (we even re-installed Hyper-v roll) Yes it would let us install the role of Hyper-v without hardware virtualization turned on. So always double check your BIOS and make sure hardware virtualization is turned on. We had to prove it ourselves that is what really happened, I took a screen shot of the server.
I will post more on the fun week, I learned a lot. I have more appreciation for all you Server Admins out there. Makes me realize how much worry the cloud will take out of this stuff.
Now we aren’t 100% of the time extremely hard work, we like to play also, so one evening we made it over to Santa Cruz and got a ride on this:
We survived “being Stupid” from the cold, Yes our test lab is up and running now. More later!
If you remember back to part 2 of this 30 part series, we defined Hybrid Cloud as just about anything you want it to do, it’s really a combination of Public, Private, or Traditional IT.
When we think about Private Cloud and combined with Traditional IT it makes logical combination. Many IT shops have embraced Virtualization as their current IT solution. Private Cloud is new compared to Public Cloud. But in most cases Private Cloud means taking that internal IT infrastructure to the next level, both in self service, and flexibility and automation. Very few companies are ready to go 100% Private Cloud. The question is how do you combine your traditional IT infrastructure with your new Private Cloud.
With this in mind, you need to think about Security and authentication as you move from traditional IT to the Cloud. If you aren’t already using Active Directory, now would be the time to deploy it across your networks so you are ready to manage access across your systems. You can extend your Active Directory with ADFS (Active Directory Federated Services) to allow you to work with partners and vendors that you want to share your security with.
In our ebook Cloud Power, they talk about Hybrid, as a great entry point for you to work with the cloud. It’s about deciding what part of your infrastructure you want to start with and make it work with Private Cloud and integrate with the rest of your network.This is a great proof of concept before deciding to move more things into the Cloud.
Another area of Hybrid to discuss in this space is working with public solutions like Windows Azure. There is a new feature coming with Azure called “Connect”. This will be part of the Azure Virtual Network, More information at http://www.microsoft.com/windowsazure/features/virtualnetwork/ This product isn’t available yet, we are testing it with many customers in our CTP program.
Yet more things to think about when considering Hybrid, Management of both parts of your solution, our System Center Application controller has a new download for Monitoring pack for Windows Azure applications. That download is available here: http://www.microsoft.com/download/en/details.aspx?id=11324
System Center Operations Manager 2007 R2, Microsoft’s end-to-end service-management product, is your best choice for Windows environments. It works seamlessly with Microsoft infrastructure servers, such as Windows Server, and application servers, such as Microsoft Exchange, helping you to increase efficiency while enabling greater control of the IT environment.
As a significant step towards fulfilling Microsoft’s common management vision, Operations Manager 2007 R2 also helps you monitor Windows Azure applications, thus allowing you to extend your familiar on-premises monitoring solution to public cloud scenarios.
Information on SCOM can be found at: http://www.microsoft.com/en-us/server-cloud/system-center/operations-manager.aspx
We also have a Tech Center for System Center Operations Manager on TechNet it is located here:
As I was starting to write this blog post on System Center Operations manager, I was reading today on the System Center Blog posted by Kevin Holman.
Details on System Center Operation Manager 2012 Release Candidate released 11-10-11
Full set of product documentation is available: http://technet.microsoft.com/en-us/library/hh205987.aspx
Details and features of the OM2012 RC: