Monthly Archives: May 2011

System Center Virtual Machine Manager 2012 Using WSUS To Update Hyper-V Cluster Hosts & Other Fabric Servers

Posted on by
Reply

One very neat feature in System Center Virtual Machine Manager 2012 (SCVMM2012), which is currently in Béta, is the integration with WSUS to automate the patching of Hyper-V cluster hosts (+ the Library servers, SCVMM servers and the update servers, i.e the fabric). The fact that SCVMM 2012 will give you the complete toolset to take care of this is yet a great addition to the functionality available in Virtual Machine Manager 2012. More and more I’m looking forward to using it in production as it has so many improvements and new features. Combine that with what’s being delivered in System Center Operations Manager (SCOM2012) and the other member of the System Center family and I’m quite happy with what is coming.

But let’s get back to the main subject of this blog. Using WSUS and SCVMM2012 to auto-update the Hyper-V cluster hosts without interruption to the virtual machines that are running on it. Up until now, we needed to script such a process out with PowerShell even tough having SCVMM2008R2 makes it easier since we have Maintenance Mode in that product which will evacuate all VMs from that particular host, one by one. The workflow of this script looks like this:

  • Place the Host Node in Maintenance Mode in SCOM 2007 R2 (So we don’t get pesky alerts)
  • Place the Host Node in Maintenance Mode in SCVMM2008R2 (this evacuates the VMs from the host via Live Migration to the other nodes in the cluster)
  • Patch the Host and restart it
  • Stop Maintenance Mode on the host node in SCVMM2008R2 (So it can be used to run VMs again)
  • Stop Maintenance Mode on the host node in SCOM 2007 (We want it to be monitored again)
  • Rinse & Repeat until all Host nodes are done. Depending on the size of the cluster you can do this with multiple nodes at the same time. Just remember that there can be only one Live Migration action taking place per node. That means you need at least 4 nodes to do something like Live migrate from Node A to Node B and Live Migrate from Node C to node D. So you need to work out what’s optimal for your cluster depending on load and number of nodes you have to work with.
  • Have the virtual machines redistributed so that the last host also gets its share or virtual machines

Now with SCVMM2012 we can do this out of the box using WSUS and all of this is achieved without ever interrupting any services provided by the guests as all virtual machines are kept running and are live migrated away from the host that will be patched. If you’re a shop that isn’t running System Center Configuration Manager you can still do this thanks to the use of WSUS and that’s great news.  There is an entire sub-section on the subject of Managing Fabric Updates in VMM 2012 already available on TechNet. But it goes beyond the Hyper-V host. It’s also the SCVMM server, the library server, and the Update Server that get patched. But don’t go wild now, that’s the entire scope of this. That means you still need regular WSUS or SCCM for patching the virtual machine guests and other physical servers. The aim of this solution is to patch your virtualization solution’s infrastructure as a separate entity, not your entire environment.

So how do we get this up and running? Well, it isn’t hard. Depending on your needs and environment you can choose to run WSUS and SCVMM on the same server or not. If you choose the latter please make sure you install the SWSUS Administration Console on the SCVMM server. This is achieved by downloading  WSUS 3.0 SP2 and installing it. Otherwise, just use the WSUS role from the roles available on Windows 2008 R2. This handles the prerequisites for you as well. It is also advisable to install the WSUS role on a separate server when your SCVMM 2012 Infrastructure is a highly available clustered one. For more information see http://technet.microsoft.com/en-us/library/gg675099.aspx . Time-saving tip: create a separate domain account for the WSUS server integration, it can not be the SCVMM 2012 service domain account.

Make sure you pay attention to the details in the documentation, don’t forget to install the WSUS 3.0 SP2 Administration Console on the SCVMM 2012 server or servers and to restart the SCVMM service when asked to. That will safe you some trouble. Also, realize that this WSUS Server will only be used for updating the SCVMM 2012 fabric and nothing else. So we do not configure anything except the operating system (W2K8R2) , and the languages needed. All other options & products that are not related to virtualization are unchecked as we don’t need them. Combine this with dynamic optimization to distribute the VM’s for you and you’re golden. A good thing to note here is that you’re completely in control. You as the virtualization infrastructure / SCVMM 2012 Fabric administrator control what happens regarding updates, service packs, …

You do need to get used to the GUI a bit when playing around with SCVMM2012 for the first time to make sure you’re in the right spot, but once you get the hang of it you’ll do fine. I’ll leave you with some screenshots of my lab cluster being scanned to check the compliance status and then being remediated. It works pretty neatly.

Here are the hosts being scanned.

You can right-click and select remediate per baseline or select the host and select remediate form context menu or the ribbon bar.

The crusader host is being remediated. I could see it being restarted in the lab.

100

Posted on by
2

No this is not a cheap and reduced version of the movie 300. I do not resemble King Leonidas in anyway except perhaps in my defiance to those who want to coerce their will upon me in the data center forcing other solutions on me than what I deem best. To paraphrase it “This is Hyper-V!” But let’s get real, I’m Belgian so the Belgian chocolates (pralines) named after Leonidas are perhaps the most realistic link to the movie 300 I have and even then, when we need some pralines as a gift we manage to end up with a huge chocolate bunny. But I totally digress from the subject, having a high definition beamer and liking movies tends to invoke this. This blog is about 100; actually this is blog entry one hundred.

What can is say about it? I’m still blogging, which to me was one of the things I wanted to find out. Can I keep writing something worth reading? The first part I have answered myself but the second part, is it worth reading, that’s for my readers decide. So, if you have things to say about the blog, feedback to provide, opinions to share, by all means, please do. Let me know what you think. Is it useful, is it amusing? Or perhaps even both? If you feel like telling me, send me a mail via the contacts page, if you don’t mind voicing your opinions publicly just leave a comment to this blog or sound of on twitter to @workinghardinit

Thanks for reading Party smile

Microsoft Belgium At The Speed of Light, Traffic At A Glacial Pace, AD FS 2.0 , Vittorio Bertocci & a Large Chocolate Bunny

Posted on by
1

Wednesday April 27th 10:45

We’re helping out on the infrastructure side of a claims based authentication project with my team and I had some questions on AD FS 2.0. The two lead developers (U2U Consult’s Kris Vandermotten & Stefan Gevaert ) also had some outstanding questions or rather they needed a echo chamber to discus some design choices.  Now imagine you have TechDays 2011 going on in your country and Vitoria Bertocci (http://blogs.msdn.com/b/vbertocci/, @vibronet ) is over there to present a decent amount of sessions and is available to the attendees for questions.  OK I have two people of my ICT team running around to broaden there horizons but I’m at the office holding the fort. Kris says he saw Vittorio the day before but missed an opportunity to talk to him on Tuesday.  I’m thinking & saying , yeah I should mail him. I really should. Why haven’t I yet?

Wednesday April 27th 14:20

Kris & Stefan suggest to go to Antwerp and meet up with Vittorio. I’m thinking like, good plan but how do we get this set up so fast? Mail? Nah, what if he isn’t able to read it.  We need an other approach. I decide to use two channels. Twitter and telephony. One tweet (with a very fast response from Vittorio) and some phone calls to Microsoft employees I know might be at TechDays 2011. The first two are not there that day but Arlindo Alves (@aralves) is. I get him on the phone very quickly (note that he is extremely busy during an event like TechDays) and ask him if we can set up a meeting with Vittorio. He says he’ll ask and will get back to me. Well it’s 15:00 hours and we have a meeting set up for 10:00 hrs Thursday morning. Wow Smile Now I’m impressed with how fast this went from “let’s try” to reality.

Thursday April 28th 08:00 hours

We’re leaving in Gent to go to TechDays at Metropolis in Antwerp.

Thursday April 28th 10:05 hours

We arrive at Metropolis. Wow again but not in a positive way. I’m not impressed at all at the “speed” we got to Antwerp. I’m not even sure if you can call what I witnessed driving anymore. But hey, there is a reason I love telecommuting, riding my bicycle to work and using the train to commute.

Thursday April 28th 10:10 hours

We start a very interesting and fruitful talk with Vittorio about our project. He’s extremely knowledgeable on the subject, passionate about the technology and he loves to help people understand and use it better. We’re happy with what we learned and the talk ends with us keeping our promise to Arlindo & Vittorio. We brought Belgian chocolates. Now, we didn’t exactly manage to get “pralines”, it was a bit larger (http://twitpic.com/4qglxb). For some reason we think he’ll remember us when we send him a follow up mail.

Lessons learned. If you need to talk to some one at Microsoft don’t be afraid to ask. Also be willing to act fast and to grab an opportunity because people like Arlindo Alves from Microsoft Belgium are very good at making them happen!