Embed Size (px)
Citation preview
What’s new in Hyper-V in Windows Server 2012 (Part 2)Stu Fox (@stufox)Technical Specialist, Microsoft NZ
VIR315
AgendaWhat’s new in Windows Server 2012 Hyper-V Part 1
Scale-up WorkloadsStorageClustering & ResiliencyAutomation & Management Virtual Machine Migration
What’s new in Windows Server 2012 Hyper-V Part 2NetworkingVM MobilityDisaster RecoveryLinux VM’s
Public
Commontechnologi
esIdentity ▪ Virtualisation ▪ Management ▪
Development
Private
Helping You Cloud Optimize Your BusinessThe Microsoft Hybrid Cloud
Building your own cloud just got a lot easier with
Windows Server 2012.
Networking
Network ConsiderationsCustomers
How do I ensure network multi-tenancy?IP Address Management is a pain.What if VMs are competing for bandwidth?
Fully Leverage Network FabricHow do I integrate with existing fabric?Network Metering?Can I dedicate a NIC to a workload?
Hybrid Clouds
Windows Server 2012 is optimized for Hybrid Clouds to host multi-tenant workloads
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM Workloads
Security
In a multi-tenant environment …… customers want security and isolation
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM Workloads
[VIR323] Capabilities to enable Multi-Tenancy in WS2012
LEARN MORE
Multi-Tenant Network Requirements
Tenant wants to easily move VMs to/from the cloud
Hoster wants to place VMs anywhere in the data center
Both want: Easy Onboarding, Flexibility & Isolation
Cloud Data Center
Woodgrove BankBlue 10.1.0.0/16
Contoso BankRed 10.1.0.0/16
One Solution: PVLAN
Isolation Scenario
Hoster wants to isolate all VMs from each other and allow internet connectivity
#1 Customer Ask from hosters
Community Scenario
Hoster wants tenant VMs to interact with each other but not with other tenant VMs
Requires a VLAN id for each “community” (limited scalability, only 4095 VLAN IDs)
u
Win 8 Host
Blue10.1.1.21
Red110.1.1.11
To Internet (10.1.1.1)
Hyper-V Switch
Red210.1.1.12
Green10.1.1.31
Isolated4, 7
Isolated4, 7
Community4, 9
Community4, 9
Hyper-V Network Virtualisation
Physical network
Physicalserver
Woodgrove VM Contoso VM Woodgrove network Contoso network
Hyper-V Machine Virtualisation• Run multiple virtual servers
on a physical server• Each VM has illusion it is
running as a physical server
Hyper-V Network Virtualisation• Run multiple virtual networks on a physical network• Each virtual network has illusion it is running as a
physical fabric
Reliability
Even when hardware fails …… customers want continuous availability
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM WorkloadsTEAMING
[WSV321] Windows Server 2012 NIC Teaming & MultiChannel Solutions
LEARN MORE
Predictability
Even when multiple VMs are competing for bandwidth …… customers want predictability
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM Workloads
15
25
$$
$$$$
Scalability
Cloud admins want scalability …… and customers want performance
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM Workloads
Extensibility
Customers want specialized functionality with lots of choice …
… for firewalls, monitoring and physical fabric integration
Tenant 2: Multiple VM Workloads
Data Center
Tenant 1: Multiple VM Workloads
Hyper-V Extensible Switch
Physical NIC
Root Partition
Extensible Switch
Extension Protocol
Extension Miniport
Capture Extensions
WFP Extensions
Filtering Extensions
Forwarding Extensions
Host NICVM NIC
VM1
VM NIC
VM2 Capture extensions can inspect traffic
and generate new traffic for report purposes
Capture extensions do not modify existing Extensible Switch traffic
Example: sflow by inMon
Windows Filter Platform (WFP) Extensions can inspect, drop, modify, and insert packets using WFP APIs
Windows Antivirus and Firewall software uses WFP for traffic filtering
Example: Virtual Firewall by 5NINE Software
Filtering extensions can also be implemented using NDIS filtering APIs
Example: VM DoS Prevention by Broadcom
Forwarding extensions direct traffic, defining the destination(s) of each packet
Forwarding extensions can capture and filter traffic
Examples:– Cisco Nexus 1000V and UCS– NEC ProgrammableFlow's vPFS OpenFlowCapture Extensions
WFP Extensions
Filtering Extensions
Forwarding Extensions
Filtering Engine
BFE Service Firewall
Callout
Hyper-V Extensible Virtual Switch
Feature Rich Networking in the Box
Open, Extensible Virtual Switch
Nexus 1000 SupportOpenflow SupportNetwork IntrospectionMuch more…
Advanced NetworkingACLsPVLAN…much more…
Windows NIC Teaming
Network QoSPer VNIC bandwidth reservation & limits
Network Metering
DVMQ
SR-IOV Network SupportReduce Latency & CPU Utilization
Supports Live Migration
Single-Root I/O Virtualisation (SR-IOV)
Reduces latency of network pathReduces CPU utilization for processing network trafficIncreases throughputDirect device assignment to virtual machines without compromising flexibilitySupports Live Migration
Network I/O path with SR-IOVNetwork I/O path without SR-IOV
Physical NIC
Root Partition
Hyper-V Switch
RoutingVLAN Filtering
Data Copy
Virtual Machine
Virtual NIC
SR-IOV Physical NIC
Virtual Function
VMBUS
Virtual MachineNetwork Stack
Software NIC
Enable IOV (VM NIC Property) Virtual Function is “Assigned” Team automatically created Traffic flows through VF
Turn On IOV Break Team Reassign Virtual Function
Assuming resources are available Migrate as normal
Live Migration Post Migration
Remove VF from VM
VM has connectivity even if
Switch not in IOV mode IOV physical NIC not
present Different NIC vendor Different NIC firmware
SR-IOV Enabling & Live Migration
SR-IOV Physical NICPhysical
NIC
Software Switch
(IOV Mode)
“TEAM”Software NIC
Virtual Function
SR-IOV Physical NIC
Software Switch
(IOV Mode)
“TEAM”
Virtual Function
Software path is not used
DVMQ vs. SR-IOV Considerations
DVMQ Pros:Improves VM PerformanceProvides Receive Side Scaling benefits by spreading network load across multiple logical processorsCan use the Hyper-V Extensible Switch
DVMQ Cons:If you need greater than 10 Gb/E for a workload, SR-IOV is likely the better choice
SR-IOV Pros:Great performanceGreat for low latency workloads
SR-IOV Cons:Bypasses the virtual switch
Cloud Admins Want Scale, Customers PerfDVMQ, IPsec Task Offload, SR-IOV
IPsec Task Offload: Microsoft expects deployment of Internet Protocol security (IPsec) to increase significantly in the coming years. The large demands placed on the CPU by the IPsec integrity and encryption algorithms can reduce the performance of your network connections. IPsec Task Offload is a technology built into the Windows operating system that moves this workload from the main computer's CPU to a dedicated processor on the network adapter.
SR-IOV is a specification that allows a PCIe device to appear to be multiple separate physical PCIe devices. The SR-IOV specification was created and is maintained by the PCI SIG, with the idea that a standard specification will help promote interoperability. SR-IOV works by introducing the idea of physical functions (PFs) and virtual functions (VFs). Physical functions (PFs) are full-featured PCIe functions; virtual functions (VFs) are “lightweight” functions that lack configuration resources.
Dynamic Virtual Machine Queue (VMQ) is a feature available to computers running Windows Server 2008 R2 with the Hyper-V server role installed, that have VMQ-capable network hardware. VMQ uses hardware packet filtering to deliver packet data from an external virtual machine network directly to virtual machines, which reduces the overhead of routing packets and copying them from the management operating system to the virtual machine.
Advanced Network SecurityDHCP Guard, Router Guard, Monitor Port
DHCP Guard is a security feature that drops DHCP server messages from unauthorized virtual machines pretending to be DHCP servers.
Router Guard is a security feature that drops Router Advertisement and Redirection messages from unauthorized virtual machines pretending to be routers.
Monitor Mode duplicates all egress and ingress traffic to/from one or more switch ports (being monitored) to another switch port (performing monitoring)
Manage to a Service Level AgreementNetwork Bandwidth & QoS
Bandwidth Management allows you to easily reserve minimum or set maximums to provide QoS controls to manage to a service level agreement
Port ACL & QoS
Windows Server 2012 Networking: It’s All ThereFeature rich, extensible, in the box, no compromises
Windows Server 2008 Windows Server 2008 R2 Windows Server 2012
NIC Teaming Yes, via partners Yes, via partners Windows NIC Teaming in box.
VLAN Tagging Yes Yes Yes
MAC Spoofing Protection No Yes, with R2 SP1 Yes
ARP Spoofing Protection No Yes, with R2 SP1 Yes
SR-IOV Networking No No Yes
Network QoS No No Yes
Network Metering No No Yes
Network Monitor Modes No No Yes
IPsec Task Offload No No Yes
VM Trunk Mode No No Yes
VM Mobility
Your Thoughts on VM Mobility
Don’t provide new features that preclude Live Migration.I want to be able to securely move any part of a VM anywhere at anytime. No Limits.
No Downtime ServicingSAN Upgrades/Migrations
When VMs migrate, move the historical data with the VMFully Leverage hardware to speed migrations
Virtual Machine Mobility
Live Migration with High Availability
SMB Live Migration
Live Storage Migration
Concurrent Migration: Limited Only By Hardware Resources
Live Storage Migration
Enables Storage Load Balancing
No downtime servicing
Leverages Hyper-V Offloaded Data Transfer (ODX)
Hyper-V
Virtual Machine
Source Device Destination Device
VHD VHD
VHD Stack
1
2
3
45
Shared Nothing Live Migration
Migrate a VM Live between two hosts that only share a network connection
demo
NameTitleGroup
VM Mobility
VM MobilityComplete mobility. Simply the best.
Live Migration with High Availability
Live Migrate among servers in a failover cluster
SMB Live Migration
Live Migrate VMs among servers with SMB storage
Live Storage Migration
Live Migrate VM storage from one volume to another without downtime
Share Nothing (SNO) Live Migration
Live Migrate VMs among servers with nothing, but an Ethernet connection
[VIR314] Building Flexible Hyper-V Environments for LM & Storage Migration
LEARN MORE
Disaster Recovery
36
Disaster Recovery Challenges
Cost
Complexity
Inflexibility
Initial Replication
Distance Requirements
37
Hyper-V ReplicaUnlimited Replication
Disaster Recovery Scenarios:
Planned, Unplanned and Test Failover
Pre-configuration for IP settings for primary/remote location
Key Features:
RPO/RTO in minutes
Seamless integration with Hyper-V and Clustering
Automatically handles all VM mobility scenarios (e.g. Live migration)
Supports heterogonous storage between primary and recovery
Integrates with Volume Shadow Services (VSS)
[SCIM329] Enabling Disaster Recovery for Hyper-V workloads using Hyper-V Replica
LEARN MORE
demo
Hyper-V Replica
Hyper-V ReplicaComplements Array Based Replication
Replication Provider
Cost Management Performance
Hyper-VReplica
Microsoft • Flexible Storage Options Available
• Unlimited VM Replication included
• VM Granularity• Open APIs
provide extensibility, interoperability and prevent vendor lock-in
• 5 minutes RPOs• Application
Level Consistency
• File Level Consistency
Storage Based
Replication
NetApp, HP, Fujitsu,IBM, Hitachi,
FalconStor, 3Par, EMC, LSI, Compellent,
EqualLogic and more…
• High end replicating storage
• Additional replication software
• LUN-VM Layout• Coordination
with storage team
• Synchronous Replication
• High Data Volumes
[VIR321] Enabling Disaster Recovery for Hyper-V workloads using Hyper-V Replica
LEARN MORE
Key Hyper-V Replica Takeaways
Easy to SetupVia wizardOr, via PowerShell
Works with your current hardwareAll you need is two connected servers running Windows Server 2012No Guest Dependencies
Linux & BSD VM’s
Microsoft Committed to Interoperability
July 2009Microsoft contributes Linux drivers under GPL v2
March 2012“Microsoft appeared in the top-20 contributors for a kernel release”
Q2 2012All Hyper-V Drivers in mainline Linux Kernel
Storage, Networking, VMBus, Input, Utilities, etc
SUSE includes the DriversUbuntu 12.04 and later include
Linux on Hyper-V
Linux workloads can be consolidated into VMs running on to a Microsoft hypervisor at no costHyper-V hosted Linux VMs can leverage high-end enterprise features:
High Availability Live Migration, Shared Nothing Live Migration VM Replication with Hyper-V Replica
Linux VMs can be managed centrally from System Center VMMVM scale improvements (CPU, memory, disk, etc.)
Supported Distros (As at Sept 2012)
Refer Here: http://technet.microsoft.com/library/hh831531.aspx
RedHat Enterprise Linux 5.7, 5.8, 6.0-6.3 (with LIS 3.4)CentOS 5.7,5.8, 6.0-6.3(as for RHEL)SUSE 11 SP2 (Drivers built in)FreeBSD 8.2/8.3 https://github.com/FreeBSDonHyper-V/freebsd/wiki/Build-the-kernel-with-the-HyperV-drivers
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the
part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
