Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
WSV 315: Best Practices & Implementing Hyper-V on Clusters PowerPoint Presentation
Download Presentation
WSV 315: Best Practices & Implementing Hyper-V on Clusters

WSV 315: Best Practices & Implementing Hyper-V on Clusters

226 Views Download Presentation
Download Presentation

WSV 315: Best Practices & Implementing Hyper-V on Clusters

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. WSV 315: Best Practices & Implementing Hyper-V on Clusters Jeff Woolsey Principal Group Program Manager Windows Server, Hyper-V

  2. Agenda • Hyper-V Architecture • Hyper-V Security • Server Core: Introducing SCONFIG • Enabling Hyper-V with Server Core • New Processor Capabilities and Live Migration • Hyper-V R2 & SCVMM 2008 R2 Live Migration & HA and Maintenance Mode • Designing a Windows Server 2008 Hyper V & System Center Infrastructure • SCVMM 2008 R2 • Microsoft Hyper-V Server 2008 R2 • Best Practices & Tips and Tricks

  3. Architecture

  4. Provided by: Hyper-V Architecture OS ISV / IHV / OEM Microsoft Hyper-V VM Worker Processes Microsoft / XenSource Child Partitions Parent Partition Applications Applications Applications Applications User Mode WMI Provider VM Service Windows Server 2008 Non-Hypervisor Aware OS Windows Kernel Windows Kernel Linux Windows Server 2003, 2008 VSP IHV Drivers Kernel Mode Linux VSC VSC Emulation VMBus VMBus VMBus Windows hypervisor Ring -1 “Designed for Windows” Server Hardware

  5. Hyper-V Security

  6. Security Assumptions • Guests are untrusted • Trust relationships • Parent must be trusted by hypervisor • Parent must be trusted by children • Code in guests can run in all available processor modes, rings, and segments • Hypercall interface will be well documented and widely available to attackers • All hypercalls can be attempted by guests • Can detect you are running on a hypervisor • We’ll even give you the version • The internal design of the hypervisor will be well understood

  7. Security Goals • Strong isolation between partitions • Protect confidentiality and integrity of guest data • Separation • Unique hypervisor resource pools per guest • Separate worker processes per guest • Guest-to-parent communications over unique channels • Non-interference • Guests cannot affect the contents of other guests, parent, hypervisor • Guest computations protected from other guests • Guest-to-guest communications not allowed through VM interfaces

  8. Isolation • We’re Serious • No sharing of virtualized devices • Separate VMBus per vm to the parent • No sharing of memory • Each has its own address space • VMs cannot communicate with each other, except through traditional networking • Guests can’t perform DMA attacks because they’re never mapped to physical devices • Guests cannot write to the hypervisor • Parent partition cannot write to the hypervisor

  9. Server Core: Introducing SCONFIG

  10. Windows Server Core • Windows Server frequently deployed for a single role • Must deploy and service the entire OS in earlier Windows Server releases • Server Core: minimal installation option • Provides essential server functionality • Command Line Interface only, no GUI Shell • Benefits • Less code results in fewer patches and reduced servicing burden • Low surface area server for targeted roles • Windows Server 2008 Feedback • Love it, but…steep learning curve Windows Server 2008 R2 Introducing “SCONFIG”

  11. Windows Server Core • Server Core: CLI

  12. Installing Hyper-V Role on Core • Install Windows Server and select Server Core installation

  13. Enable SCONFIG • Log on and type sconfig

  14. Easy Server Configuration

  15. Rename Computer • Type 2 &enter computer name and password when prompted

  16. Join Domain • Type 1 & D or W and provide name & password

  17. Add domain account • Type 3 & <username> and <password> when prompted

  18. Add Hyper-V Role • ocsetup Microsoft-Hyper-V • Restart when prompted

  19. Manage Remotely…

  20. New Processor Capabilities and Live Migration

  21. 64 Logical Processor Support • Overview • 4x improvement over Hyper-V R1 • Hyper-V can take advantage of larger scale-up systems with greater amount of compute resources • Support for up to 384 Concurrently Running Virtual Machines & Support for up to 512 Virtual Processors PER SERVER • 384 single virtual processor vms OR • 256 dual virtual processor vms (512 Virtual Processors) OR • 128 quad virtual processor vms (512 Virtual Processors) OR • any combination so long as you're running up to 384 VMs and up to 512 Virtual Processors

  22. Processor Compatibility Mode • Overview • Allows live migration across different CPU versions within the same processor family (i.e. Intel-to-Intel and AMD-to-AMD). • Does NOT enable cross platform from Intel to AMD or vice versa. • Configure compatibility on a per-VM basis. • Abstracts the VM down to the lowest common denominator in terms of instruction sets available to the VM. • Benefits • Greater flexibility within clusters • Enables migration across a broader ranger of Hyper-V host hardware

  23. Forward & Backward Compatibility • How Does it Work? • When a VM is started the hypervisor exposes guest visible processor features • With Processor Compatibility Enabled, the guest processors is normalized and the following processors features are “hidden” from the VM.

  24. Frankencluster • Hardware: • 4 Generations of Intel VT Processors • 4 Node Cluster using 1 Gb/E iSCSI • Test: • Created script to continuously Live Migrate VMs every 15 seconds Result: 110,000+ Migrations in a week!

  25. More on Processor Compatibility • What about application compatibility? • How do applications work with these processors features hidden? • Any apps not work? • What about performance? • What’s the default setting?

  26. Cluster Shared Volumes (CSV)

  27. SAN Management Complexity

  28. Delivering Innovation

  29. Cluster Shared Volumes • All servers “see” the same storage

  30. CSV Compatibility • No special hardware requirements • No file type restrictions • No directory structure or depth limitations • No special agents or additional installations • No proprietary file system • Uses well established traditional NTFS • Doesn’t suffer from VMFS limitations like: • VMFS limited to 2 TB LUNs It just works…

  31. CSV & Live Migration • Create VM on target server Copy memory pages from the source to the target via Ethernet • Final state transfer • Pause virtual machine • Move storage connectivity from source host to target host via Ethernet • Run new VM on source; Delete VM on target Host 1 Host 2 Blue = Storage Yellow = Networking Shared Storage

  32. Failover Cluster Configuration Program (FCCP) • New for Windows Server 2008 Failover Clustering • Customers have the flexibility to design failover cluster configurations • If the server hardware and components are logo’d and… • it passes the cluster validation tool, it’s supported! • Or customers can identify cluster-ready servers via the FCCP • OEMs have pre-tested these configurations and list them on the web • Microsoft recommends customers purchase FCCP-validated servers • Look for solutions with this tagline: • “Validated by Microsoft Failover Cluster Configuration Program”

  33. Hyper-V Networking

  34. Hyper-V Networking • Two 1 Gb/E physical network adapters at a minimum • One for management • One (or more) for VM networking • Dedicated NIC(s) for iSCSI • Connect parent to back-end management network • Only expose guests to internet traffic

  35. Hyper-V Network Configurations • Example 1: • Physical Server has 4 network adapters • NIC 1: Assigned to parent partition for management • NICs 2/3/4: Assigned to virtual switches for virtual machine networking • Storage is non-iSCSI such as: • Direct attach • SAS or Fibre Channel

  36. Hyper-V Setup & Networking 1

  37. Hyper-V Setup & Networking 2

  38. Hyper-V Setup & Networking 3

  39. Each VM on its own Switch… VM Worker Processes Parent Partition Child Partitions Applications Applications Applications User Mode WMI Provider VM 3 Windows Server 2008 VM 1 VM 2 VM Service Windows Kernel Linux Kernel Windows Kernel VSC VSC VSC Kernel Mode VSP VMBus VMBus VMBus VMBus VSP VSP Windows hypervisor Ring -1 “Designed for Windows” Server Hardware Mgmt NIC 1 VSwitch 1 NIC 2 VSwitch 2 NIC 3 VSwitch 3 NIC 4

  40. Hyper-V Network Configurations • Example 2: • Server has 4 physical network adapters • NIC 1: Assigned to parent partition for management • NIC 2: Assigned to parent partition for iSCSI • NICs 3/4: Assigned to virtual switches for virtual machine networking

  41. Hyper-V Setup, Networking & iSCSI

  42. Now with iSCSI… VM Worker Processes Parent Partition Child Partitions Applications Applications Applications User Mode WMI Provider VM 3 Windows Server 2008 VM 1 VM 2 VM Service Windows Kernel Linux Kernel Windows Kernel VSC VSC VSC Kernel Mode VMBus VMBus VMBus VMBus VSP VSP Windows hypervisor Ring -1 “Designed for Windows” Server Hardware Mgmt NIC 1 iSCSI NIC 2 VSwitch 2 NIC 3 VSwitch 3 NIC 4

  43. Networking: Parent Partition

  44. Networking: Virtual Switches

  45. New in R2: Core Deployment • There’s no GUI in a Core Deployment, how do I configure which NICs are bound to switches or kept separate for the parent partition?

  46. No Problem… • Hyper-V R2 Manager includes option to set bindings per virtual switch…

  47. Hyper-V R2: 10Gb/E Ready

  48. Networking: Chimney Support • TCP/IP Offload Engine (TOE) support • Overview • TCP/IP traffic in a VM can be offloaded to a physical NIC on the host computer. • Benefits • Reduce CPU burden • Networking offload to improve performance • Live Migration is supported with Full TCP Offload

  49. Networking • Virtual Machine Queue (VMQ) Support • Overview • NIC can DMA packets directly into VM memory • VM Device buffer gets assigned to one of the queues • Avoids packet copies in the VSP • Avoids route lookup in the virtual switch (VMQ Queue ID) • Allows the NIC to essentially appear as multiple NICs on the physical host (queues) • Benefits • Host no longer has device DMA data in its own buffer resulting in a shorter path length for I/O (performance gain)