System Center Virtual Machine Manager 2012: VMM Gets Major Upgrade
Expanded hypervisor support, virtual application support and a myriad of other upgrades are coming in the new VMM 2012.
Paul Schnackenburg
There’s no doubt that Microsoft is making System Center Virtual Machine Manager (VMM) a key component of the System Center suite. The scope of the product is being expanded so much that it could be renamed “System Center Virtual Datacenter Manager.” The new version of VMM is currently in beta and is scheduled for release in the second half of 2011.
VMM can now do bare-metal installations on fresh hardware, create Hyper-V clusters instead of just managing them, and communicate directly with your SAN arrays to provision storage for your virtual machines (VMs). The list of supported hypervisors has also grown—it includes not only Hyper-V and VMware vSphere Hypervisor, but also Citrix XenServer. The underlying hardware is part of the fabric in VMM 2012, which in turn supports the private cloud construct that lets certain users self-service their VM deployments.
There’s renewed focus on the applications running within VMs, with integrated support for Server App-V packages, SQL data acquisition, packages and others. There’s also a new service concept where you can deploy multiple VMs and associated settings as one unit. You can integrate Windows Server Update Services into VMM to allow for orchestrated cluster patching, and VMM now supports network load balancer appliances as objects. With all this centralized critical functionality, you can create a highly available VMM platform by running it on a separate cluster.
Component by Component
Like its predecessors, VMM 2012 is built on component architecture. All roles can coexist on the same system in a smaller environment. Larger datacenters will need to split roles across multiple servers, however.
The management server is the core of VMM. The library servers are file shares that store VM templates, ISO files, scripts and virtual hard drive files. The Web-based self-service portal lets authorized users launch and deploy their own VMs and services, and the database server runs SQL server and contains all the VMM data. Due to the crucial role VMM takes on in a virtualized datacenter, it can now run as a highly available cluster service (if running on physical hardware) in a small separate cluster, or as a highly available VM if virtualized.
You’ll need to have the Microsoft .NET Framework 3.5 SP1, Windows PowerShell version 2 (for the console), Windows Remote Management 2.0 and IIS (for the Web-based self-service portal), as well as Windows Automated Installation Kit (WAIK) for Windows 7. For an operating platform, you’ll need at least either Windows Server 2008 SP2 (only x64) or 2008 R2. The database only runs on SQL Server 2008 SP2 or 2008 R2 Standard or Enterprise (SQL Server Express is no longer supported).
For hypervisors, VMM supports the Hyper-V role in Windows Server 2008/2008 R2, either full installation or Server Core, as well as Hyper-V Server 2008 R2. It also supports VMware vSphere Hypervisor through vCenter (4.1 only) and hosts with ESXi/ESX 4.1 and 3.5 (ESX 3.0 is no longer supported). It now supports Citrix XenServer version 5.6 with Feature Pack 1. There’s also an Integration Suite supplemental pack to facilitate integration with VMM. Microsoft Virtual Server 2005 R2 is no longer supported.
Private Clouds
Perhaps the strongest evidence of the shift in the focus of VMM 2012 is the ability to create private clouds. This cloud architecture abstracts the underlying fabric from users, but lets them deploy VMs, applications and services.
Private clouds in VMM 2012 retain the characteristics of public clouds by allowing delegated users to perform self-service functions. It’s also opaque, as users have no visibility into the underlying hardware, and there’s uniform resource pooling. You can add more capacity for elasticity. It also supports private clouds across all three hypervisors. You can even create VMM clouds from VMware resource pools (see Figure 1).
Figure 1 The new private cloud and fabric concepts vastly expand the capabilities of VMM 2012.
The fabric in VMM is made up of hosts, host groups and library servers, as well as networking and storage configuration. Grouping hosts lets you control placement weights, power and dynamic optimization, reserves and networks, and storage resources for the group. You can aggregate one or more host groups into a cloud to present to your users, either through the Web-based self-service portal or through a locked-down version of the VMM console.
Optimize Your Cloud
Aiming for complete virtual datacenter management, VMM replaces the host load balancing available in earlier versions through Performance and Resource Optimization (PRO). This also features built-in Dynamic Optimization and Power Optimization. These features work across all three hypervisors.
Once a host group has Dynamic Optimization enabled, VMM live migrates VMs between hosts every 10 minutes (with the “low aggressiveness” setting—you can choose from high, medium and low) to balance the load. You can also manually optimize hosts for groups where Dynamic Optimization isn’t enabled.
If a host group has Dynamic Optimization enabled, you can also activate Power Optimization. As long as VMM can communicate directly with the hosts, it will evacuate VMs and shut down hosts in a group during times of lower load. As the need arises, it can then power them on later. This feature is enabled 24x7 by default, but you can limit it to certain times and days.
Services—the Real Business Benefit
The concept of services is one of the most exciting new aspects of VMM 2012. You can use a service template that contains all the settings for a group of VMs that work together at different tiers to provide users a service. You can deploy the whole service as one unit. If the load on that service increases, you can scale out selected tiers with additional VMs as needed.
Unlike traditional VM templates, VMM maintains a link to the original service template. Therefore, you can update the service by creating a new version of the template and pushing it out to select VMs. You can maintain and update your service in either conventional mode, where you only apply selected changes, or in image mode, where you update the entire VM with a new image.
The latter approach works particularly well for applications distributed with Server App-V. You can save the state of the application and reapply that state to the “new” VM. The new drag-and-drop Service Template Designer makes it easy to visually position VMs that comprise a service. You can also export service templates in an XML format, and then import them to other VMM environments (see Figure 2).
Figure 2 You can create services, VMs and their relationships simply by dragging them onto a canvas.
Hand in hand with services are new features for application deployment. A common problem in large environments is image bloat, where there might be numerous VM templates with the same underlying OS, but with particular applications/roles installed. All these images are hard to manage and keep up-to-date. With VMM 2012, there’s the possibility to pare down the number of images and install applications (as well as roles and features in Windows 2008-based VMs) after VM deployment with application packages. These can be Server App-V packages, SQL profiles or Web deploy packages for IIS applications (see Figure 3).
Figure 3 You can install one or more applications in various formats to your VMs.
Run As Accounts and Run As Profiles
The Run As Accounts and Run As Profiles are helpful additions for large environments. These are essentially securely stored credentials that let you delegate tasks to administrators and self-service users—without exposing sensitive credentials. You’d use the Profile accounts in application and OS profiles, SQL profiles, and for Run As Profiles that consolidate multiple accounts for a particular task into one profile.
There are several different types of Run As Accounts:
- Host computer accounts provide access to Hyper-V, ESX or XenServer hosts
- Baseboard Management Controller (BMC) accounts communicate with BMCs on hosts for out-of-band management
- Network device accounts connect to network load balancers
- External accounts are for external systems like Microsoft System Center Operations Manager
Network Logistics
Hyper-V network management is done at the individual NIC level. This can be mildly irritating in a smaller environment and a major hassle in a larger setup.
The new logical network assignments in VMM promise to significantly ease this burden. VMM groups one or more logical network definitions. Each definition contains an IP subnet (IPv4 or IPv6) and VLAN ID. They can also be represented in different geographies. The logical network name is all self-service users need to know.
When you provision a VM, it’s associated with one or more logical networks. VMM will automatically assign a fixed IP address in the right subnet, as well as a MAC address. If you don’t want to use VMM for this, you can use Dynamic Host Configuration Protocol (DHCP) instead.
Each network interface on a host is associated with a logical network in either trunk or access mode. In trunk mode, the NIC only uses a single VLAN ID. In access mode, different VMs use different IDs for their network connections. Logical network assignment for VMs works across all three hypervisors (see Figure 4).
Figure 4 New network assignments will save hours of manual work in large environments.
VMM also recognizes hardware load balancers and lets you create Virtual IP (VIP) templates. These templates specify the characteristics of a load balancer, either generically or for a specific model. Settings include controlling HTTP/HTTPS traffic, terminating at the load balancer with optional re-encryption to the back end, persistence and load-balancing algorithm. The beta release only recognizes BIG-IP from F5 and NetScaler from Citrix Systems Inc., but more will follow, including Network Load Balancing in Windows Server.
Storage Classification
VMM 2012 can discover and communicate with your SAN arrays through the Storage Management Initiative – Specification (SMI-S) version 1.4 protocol. You can thereby classify available storage for chargeback purposes. Working with your storage vendor’s software, VMM can create logical units (both GPT and MBR) and let you assign storage to hosts or clusters as Clustered Shared Volumes (CSVs).
Currently, supported storage providers include HP StorageWorks Enterprise Virtual Array (EVA), NetApp FAS and EMC Symmetrix & CLARiiON CX—more will follow. VMM also supports snapshot and clone functionality in your SAN. This lets you duplicate a LUN through a “SAN copy-capable” template to provision new VMs almost instantaneously. This integration is only available for Hyper-V platform. You’ll have to provision outside of VMM to use VMware or Citrix.
Bare Metal
If you’re running a large datacenter, one extremely welcome feature is the ability to provision new hardware without having to visit each server. VMM communicates with the BMC on each server and integrates with Windows Deployment Services (WDS) to deploy a Windows Server 2008 R2 through the boot from VHD feature. Your BMCs must support one of the following protocols:
- Data Center Management Interface (DCMI) 1.0
- Systems Management Architecture for Server Hardware (SMASH) 1.0
- Intelligent Platform Management Interface (IPMI) 1.5 or 2.0
- HP Integrated Lights-Out (iLO) 2.0 (which isn’t built into the beta but is available as a download)
VMM 2012 will integrate with an existing WDS server. It only responds to requests for hosts designated by you. This lets WDS continue servicing other OS installations. You could also provision a separate WDS server for VMM.
The logical step after configuring new hosts as Hyper-V hosts is to create clusters. In VMM 2008, you had to create clusters separately and then bring them under management. Now you can do this from within VMM with a simple wizard.
Library Services
To support all these new features, the VMM library can now share resources between self-service users in private clouds, driver storage for bare-metal deployments and application packages. If you add custom resources not normally recognized by VMM in folders with a .cr extension, they’ll be visible and indexed.
If you’re managing a distributed environment, you’ll appreciate the new resource groups that let you group equivalent resources in separate locations. You might have a Sysprep .vhd file stored on three different continents. If you add it to a storage group, you can reference that group in profiles and templates. VMM will automatically pick the local file.
VMware Integration
There are some differences in the VMM integration with VMware environments, based primarily on customer feedback. VMM no longer imports, merges or synchronizes the tree structure of hosts and groups from vCenter. You have to manually add the ESX servers you need to VMM host groups. If you import a VMware template to the library, it will leave the .vmdk file in the ESX data store. Only metadata is copied.
Data transfer between the library and ESX hosts now runs over HTTPS. This negates the need to enable Secure Shell (SSH) access to ESX hosts, previously a requirement for Secure File Transfer Protocol (SFTP).
VMware vApps aren’t compatible with VMM services, nor are VMM private clouds compatible with vCloud. You can, however, use ESX host resources for a VMM cloud. You can also deploy VMM services to ESX servers. VMM supports eight VMs on ESX/ESXi 4.0 hosts, as well as 255GB of memory. It also recognizes VMware fault-tolerant machines.
When you’re using the new logical network definitions in VMM, be aware that these aren’t replicated as port groups on ESX hosts. You have to do this manually in vCenter.
XenServer Integration
Xen and VMM integration was jointly developed by Citrix and Microsoft. You manage XenServer pools and hosts from within VMM 2012. You don’t have to rely on the XenCenter server. VMM supports hypervisor virtualization, as well as paravirtualization in XenServer. It also supports Citrix XenMotion. Note that the numerous virtual networks created in XenServer are represented in VMM as one virtual switch.
Cluster Patching
Keeping hosts in a Hyper-V cluster patched is a challenge. Traditional update engines like System Center Configuration Manager aren’t cluster-aware. They’re likely to push out patches to all hosts simultaneously, disrupting cluster availability.
VMM 2012 can integrate with a dedicated 64-bit Windows Server Update Services (WSUS) 3.0 SP2 server and will orchestrate cluster patching by migrating VMs to other hosts in the cluster, patching the node and rebooting if required. It will repeat the process on the next host until the whole cluster is up-to-date.
You can define update baselines with lists of required updates. VMM will then scan hosts to determine compliance, and finally apply patches to bring them current. You will have the option to exempt particular hosts if a patch turns out to cause instability.
Self-Service
With VMM taking a central role in providing IT resources to business, the concept of self-service users (SSUs) has expanded beyond an easy way of providing VMs for developers through templates. SSUs can now create VMs across all three hypervisors and deploy VMs to private clouds, either in the Web-based portal or through the VMM console itself. Within that console, they’ll see only a trimmed view showing only the clouds to which they have access.
They can also create VMs from building blocks like VHDs, instead of being limited to templates provided by administrators. SSUs can’t see hosts, host groups, network or storage configuration. The entire fabric remains hidden.
Clearly, the scope of change in the new VMM is huge. Consider this fact: The number of Windows PowerShell cmdlets has grown from about 182 to 432. There are many other enhancements as well: intelligent placement has been enhanced with capability profiles, and you can now name custom properties and pair them with values in scripts (for example, only deploy a VM to a host where brand equals Dell). VMM 2012 is a huge leap forward for virtual datacenter management, and its private cloud features are well-timed with current IT trends.
Paul Schnackenburghas been working in IT since the days of 286 computers. He works part time as an IT teacher as well as running his own business, Expert IT Solutions, on the Sunshine Coast of Australia. He has MCSE, MCT, MCTS and MCITP certifications and specializes in Windows Server, Hyper-V and Exchange solutions for businesses. Reach him at paul@expertitsolutions.com.au and follow his blog at TellITasITis.com.au.