System Center Virtual Machine Manager 2012: Perfecting the private cloud

The forthcoming System Center Virtual Machine Manager 2012 SP1 expedites virtual management for moving to private or hybrid clouds.

Paul Schnackenburg

Managing your virtual network and all your individual virtual systems can be a significant challenge. System Center Virtual Machine Manager (VMM) 2012 SP1 can help expedite the installation and configuration processes.

It can help you install and cluster Hyper-V on brand-new machines; add Microsoft, VMware and Citrix Xen server hosts; and add storage arrays, logical networks and load balancers. In other words, it helps you prepare the fabric of your datacenter.

Last month, I covered all those processes. Here, I’ll start where I left off: building templates (see Figure 1), services with applications and private clouds on top of the fabric, as well as examining what’s offered by the new Service Provider Foundation (SPF).

The library is central to how System Center Virtual Machine Manager 2012 SP1 works

Figure 1 The library is central to how System Center Virtual Machine Manager 2012 SP1 works.

Service templates

VMM 2008 R2 uses virtual machine (VM) templates that let you deploy VMs with a defined configuration, based on one or more virtual hard disks (VHDs), a hardware profile and a guest OS profile (for customizing Windows). The main restriction in VM templates is that they only handle single servers. The guest OS profile only lets you set basic information (such as server name, domain name and so on). You can’t use it to enable roles and features or more-advanced customization.

The biggest issue, however, is that after deployment there’s no relationship between the VM template and the servers from which it was deployed. If you need to change the configuration, there’s no way other than to manually change each VM you’ve already deployed.

The service templates in VMM 2012 SP1 are the answer to these limitations. They let you model multiple tiers of machines and their network relationships, including load balancers, and they let you configure roles and features within your VMs. You can also add Web deployment packages, Server App-V programs and SQL data-tier application (DAC) packages.

You deploy all VMs in the template as an instance of the service. Then you can manage them as a single unit. Deployed VMs maintain a link to the template, which lets you update settings and push these out to all previously deployed VMs. This is the main reason to consider wrapping even a single VM in a service template. You’ll be able to easily update its configuration or add roles and features (see Figure 2).

It’s easy to add roles and features to virtual machines through a System Center Virtual Machine Manager 2012 SP1 service template

Figure 2 It’s easy to add roles and features to virtual machines through a System Center Virtual Machine Manager 2012 SP1 service template.

Because each instance of a service can require unique information (VM names, connection strings, variables, which networks to connect to and so forth) you can model these in the service template as variables (preceded by the @ sign). At deployment time, you’ll be prompted to enter the relevant information. Adding the right drivers for your particular brand and model of load balancer lets VMM 2012 SP1 configure it properly. When deploying a service, it can automatically configure the needed load balancer information for each VM.

You can assign each VM with a fixed IP address from the pool of IP addresses in VMM 2012 SP1. If you later decommission a service, these IP addresses are put in an inactive state. When you need to reuse them for new deployments, you can remove them from the inactive pool.

You can deploy a service to a host group or private cloud. Because of the multi-hypervisor capabilities in VMM 2012 SP1, you could conceivably have one tier of a service running on one hypervisor, and another tier running on another hypervisor.

A typical custom-application deployment today is generally a manual process with multiple step-by-step instructions to complete in the right order, potentially on multiple machines. Service templates in VMM 2012 SP1 let you encapsulate all this knowledge in a single place from which you can run your deployments with confidence.

Before you start up the Service Template Designer in VMM 2012, however, make sure you find out all the details, such as what servers (both VMs and physical boxes) you need to deploy and in how many tiers, what software bits make up the applications and their prerequisites, how the components are networked, and how end users interact with the service.

Make sure you have any logical networks and load balancers, hosts and host groups, private clouds and VM templates already configured in VMM 2012 SP1. This includes all hardware profiles, guest OS profiles, application profiles and SQL Server profiles where needed. You should store custom applications and scripts in the VMM 2012 SP1 library as a folder with the .cr extension (for custom resource). Then you can include these in your service templates.

The Service Template Designer in System Center Virtual Machine Manager 2012 SP1 is a visual environment for creating single or multi-tier services

Figure 3 The Service Template Designer in System Center Virtual Machine Manager 2012 SP1 is a visual environment for creating single or multi-tier services.

Service template tips and tricks

When working with complex service templates, it’s best to install each application manually first to determine roles and features, as well as other software prerequisites. If your service is multi-tiered with configuration at each layer, it’s usually easier to start building one tier, test it and then copy that template and add the next layer.

Another thing to keep in mind is to enable logging for your installations to iron out any installation issues. If you have an MSI file, you’ll be using Msiexec.exe. Enable verbose logging by using /L*v. If you have a generic script, the advanced setting lets you define paths for saving standard output, error logs and restart behavior.

You can package scripts and custom applications as generic command executable (GCE) resources. The release to manufacturing (RTM) version limits you to running one pre- and one post-install script in a deployment. This means you have to create a “master script” if you want to have multiple things happen in order. VMM 2012 SP1 lets you have multiple scripts for each phase, and you can order them. It also takes into account exit codes.

If a deployment fails during this phase in RTM, VMM 2012 SP1 simply disables the script. VMM 2012 SP1 will let you mark a script as idempotent, and it will run during the second try. As for distributing the software to a VM during deployment, VMM 2012 SP1 lets you manage disconnected VMs by packaging the software and providing it on a mounted ISO file.

System Center Virtual Machine Manager 2012 SP1 comes with one-, two- and three-tier service templates you can use as starting points

Figure 4 System Center Virtual Machine Manager 2012 SP1 comes with one-, two- and three-tier service templates you can use as starting points.

Applications in service templates

For test environments, you can use VMM 2012 RTM to define SQL Server DAC packages. A “sysprepped” instance of SQL in a service template lets you quickly set up back-end databases for applications. In production, however, larger enterprises generally have a large SQL Server farm with many databases. Each application runs its database from there rather than on individual VMs.

VMM 2012 RTM lets you define the connections string and other information in DAC packages to manage this scenario. VMM 2012 SP1 will bring this same functionality to Web Deploy packages. It turns out that many environments have large IIS farms that handle scores of Web sites, instead of running them in separate VMs. This could lead to a situation where you have a service deployment that doesn’t contain VMs, just Web Deploy packages for front-end servers and DAC packages for connecting them to their back-end database.

You can deploy VMs based on service templates in VMM 2012 SP1 to hosts in a network perimeter or hosts in workgroups. You can also deploy to untrusted Active Directory domains or domains with one-way or two-way trust with the domain in which the VMM 2012 SP1 server is located.

Server App-V is part of VMM 2012 SP1 and an interesting take on the future of application packaging and distribution. It builds on the App-V application-virtualization technology used for client machines. In VMM 2012 SP1, Server App-V applications can create scheduled tasks.

They can also capture an already installed application, using a process called remote application packaging. This can come in handy for custom applications where the original media isn’t available. There are some limitations, though. Applications must be MSI-based; Web Deploy packages won’t work; you have to set local users, groups and environment variables separately; and it can’t use COM/DCOM.

Troubleshooting service templates

With so many moving parts, there’s certainly room for service deployments to go wrong. It’s important to understand what happens under the covers when you deploy a service. First, you create the VMs. Next, you join them to a domain and configure them. Last, you apply any needed applications and scripts. You can define the order in which you deploy each tier.

There’s a detailed process for deploying VMs that are part of a service. You start with transferring VHDs from the library to the host via Background Intelligent Transfer System, or BITS (or cloned on Storage Area Network [SAN] copy-capable storage). Then, you add a virtual floppy so VMM 2012 SP1 can apply the customization configuration (including roles and features) to the VHD. Then you domain-join the VMM 2012 SP1 and install the guest VMM 2012 SP1 agent (which you can see in %programdata%\vmmlogs).

You’ll need to copy the requisite scripts from the library XXX.cr to the folder at c:\windows\temp\scvmmXXX\XXX.cr. This way you can restart in case of failure. Scripts use c:\windows\temp as their working folder. They create two files: GCE_stderrorXXX and GCE_stdoutXXX. If all goes according to plan, you can delete these files after a successful run. Leave the error log intact if the script has problems.

You’ll need to copy any applications that are included in the service to the c:\windows\MSSCVMMApplications folder in the VM. There are subfolders for Server App-V and Web Deploy packages in this folder. If a SQL DAC pack is involved, copy it to c:\windows\ MSSCVMMSQLInstance. Your deployment progress is logged in the VMMapplicationmanager.log files folder, located at c:\programdata\Microsoft\Virtual Machine Manager.

A common way to fix a troublesome Hyper-V host in VMM 2008 R2 was to take it out of VMM management and add it again later (see Figure 5). If you do this when it has running VMs that are part of a service in VMM 2012 SP1, it permanently breaks the link to the template.

Seeing how each VM is connected to different networks is easy with the Networking Diagram view

Figure 5 Seeing how each VM is connected to different networks is easy with the Networking Diagram view.

Servicing services

VMM 2012 doesn’t just let you model, test and deploy one VM or multiple VMs in tiers as a single unit. It also manages the application lifecycle by letting you update VMs or applications. The process is to copy a service template, give it an updated version number and apply the necessary changes. This new template is then published and you can apply it to running instances of a service.

There are two types of possible updates. You can upgrade the original VMs with an in-place update. An image-based servicing update replaces the entire VM with a new VM. The latter only works for stateless applications, or apps where you can save the state to the VHD drive that attached to the VM. The old VM is destroyed, the new VM is deployed and the state is copied back. Server App-V packages do this automatically. Depending on where a custom application stores its state, it shouldn’t be too hard to write a script to export it to the VHD.

For each tier in a service template, you can define the minimum and maximum number of VMs for scale-out scenarios. You can also specify upgrade domains, meaning how many VMs will be simultaneously shut down. So, for example, if you have five instances running and three upgrade domains within a particular tier, VMM 2012 SP1 will do the upgrade in three lots. It verifies the VMs are functional after the upgrade, including connecting them to their load balancer again (if applicable) before upgrading the next group.

As for monitoring running VMs and services, as long as you’ve configured VMM 2012 SP1 for System Center Operations Manager integration and installed the VMM Management Pack, the running VMs and services will show up without you having to use the Distribute Application Designer in Operations Manager. The same holds true for data about services flowing into System Center Service Manager.

Private clouds

The concept of a private cloud is the ultimate abstraction. All details of the fabric are hidden and capacity is allocated with role-based access (RBA). Application owners and others with RBA-assigned permissions can use the VMM 2012 SP1 console or System Center App Controller to provision and manage VMs and services without knowing anything about the underlying hosts, storage or networking.

The VMM 2012 SP1 console also has a new, user-requested feature that lets you open a new connection and enter alternate credentials (see Figure 6). This is useful for testing self-service user access. When a delegated user opens the console, the UI is trimmed so they don’t see the Fabric pane at all.

Being able to connect to the System Center Virtual Machine Manager 2012 SP1 console as different user accounts is useful

Figure 6 Being able to connect to the System Center Virtual Machine Manager 2012 SP1 console as different user accounts is useful.

You define quota limits for clouds at the cloud, group or individual level (see Figure 7). You could, for example, let each developer create three VMs, but limit the developer group to 12 VMs. You can define quota based on memory, virtual CPUs, storage and number of VMs.

There’s great flexibility in how you can restrict your cloud capacity

Figure 7 There’s great flexibility in how you can restrict your cloud capacity.

The flexibility of being able to design virtual networks on top of your underlying network infrastructure can’t be understated. It can radically change the way you plan clusters and networks. IP Address Management (IPAM) is a new feature in Windows Server 2012. VMM 2012 SP1 offers scripts to help you export address assignments it has made out of its pools to IPAM.

Another factor to take into account is the ability to move VMs from on-premises to Windows Azure, as it now supports Infrastructure as a Service (IaaS). VMM 2012 SP1 will integrate this functionality and let you upload a VM from the VMM 2012 SP1 library. You can use the Network Virtualization feature to let the VM keep its IP address. With the new gateway functionality to link your network to Windows Azure, the VM will continue to appear as part of your network.

Service Provider Foundation

The majority of new features coming in VMM 2012 SP1 are enhancements to existing functionality present in VMM 2012 RTM, or extending VMM to take advantage of all the new functionality in Windows Server 2012 Hyper-V.

One area in VMM 2012 SP1 is brand-new, however. It takes the power of System Center 2012 and brings it to services providers and hosts through SPF. This exposes a VMM infrastructure as a Representational State Transfer, or REST-based Web service using the OData protocol. This makes it easy to build Web interfaces that control VMM for deploying and managing VMs and services to clouds.

There’s also a new Tenant administrator role to which you can assign delegated rights, including the ability to create additional users with specific privileges. Add a metering and billing solution and it’s easy to see how services providers can benefit from System Center 2012 SP1, not just for managing the virtual infrastructure, but also for monitoring with Operations Manager, automating with Orchestrator and so on.

Virtual Machine Servicing Tool 2012

One of the biggest challenges in running virtualized datacenters is keeping VMs and the underlying infrastructure up-to-date. You can integrate running VMs with Windows Server Update Services (WSUS) or Configuration Manager. However, stored VMs, templates and VHDs in the library aren’t generally updated with OS or application patches or malware signatures. This poses a security risk when deploying new VMs.

The Virtual Machine Servicing Tool (VMST) 2012 lets you keep offline VMs, VM templates and VHDs saved in a library—as well as stopped and saved-state VMs on hosts—up-to-date by injecting update packages from either Configuration Manager 2012 or WSUS 3.0 SP2.

VMM 2012 SP1 is good on its own, but provides exceptional potential when combined with Windows Server 2012 Hyper-V. Businesses aren’t really interested in potential, though. They pay for results, and to truly achieve large-scale private or hybrid cloud benefits requires several other components.

The SAN you select needs to support all the features of VMM 2012 SP1 (through SMI-S) and cloning/snapshots for rapid provisioning. Make sure you configure which networks are going to handle live migration in Failover Cluster Manager. Set up your VMM 2012 SP1 library share so you don’t need to copy ISO image files, but can share them instead.

Involve the network team to really take advantage of logical networks and the Network Virtualization feature in Windows Server 2012 to automate networking for VMs in your datacenter. With the right infrastructure in place, VMM 2012 SP1—together with Hyper-V 3.0—can bring the power of cloud computing to the best place for it: your own datacenter.

Paul Schnackenburg

Paul Schnackenburg has been working in IT since the days of 286 computers. He works part-time as an IT teacher as well as running his own business, Expert IT Solutions, on the Sunshine Coast of Australia. He has MCSE, MCT, MCTS and MCITP certifications and specializes in Windows Server, Hyper-V and Exchange solutions for businesses. Reach him at paul@expertitsolutions.com.au and follow his blog at TellITasITis.com.au.