Blog Marcina Bojko

Linux,Windows,serwer, i tak dalej ;)

Posts Tagged ‘microsoft

5 serious issues/deal breakers with System Center Virtual Machine Manager.

leave a comment »

System Center Virtual Machine Manager was Microsoft’s answer to VMWare’s vSphere. It’s Microsoft, so what could have gone wrong? It’s Microsoft – so everything.
Below is a list of most annoying things, some of them are so serious it makes you wonder – maybe Powershell is the answer? Seriously? In 2017, Microsoft, you FORCE everybody to use text console again?
In a moment of doubt we used to call it overgrown cancer over Powershell commands.

Let’s start, sorted by weight of crime:

Deal breakers:

1) Terrible things you cannot do in SCVMM but you can in Hyper-V Manager, Failover Cluster or Powershell like:

  • rename you machine when its powered on (sic)
  • change its MAC from Dynamic to Static other way like manually copy it character by character.
  • change booting order (sic) of machines and templates
  • select all Integration Services offered
  • change location of smart paging file
  • change affinity with cluster (high/medium/low/do not autostart)

and so on.

2) Console. Console is so terrible, that its sorry state is just good meme source.

First – console from Hyper-V Manager/FailoverCluster

Selection_670.png

Then from SCVMM

Selection_671.png

  • you cannot attach console and then power on machine. You HAVE to – power on machine, wait few sec for console button to be available then race through time to start it BEFORE OS starts. You have better chances of winning some of Grand Prix then finish the trick above on first run.
  • only actions you have is Reconnect and Send CTRL+ALT+Delete. Never working ‚Clipboard’ added in SCVMM 2016 requires you to paste text HERE, then it’s pasted in VM console
  • when it start before machine starts – you have to kill an application. It’s no good to use it ever again, it won’t ‚click’ with machine you’ve started. Exit? Something terrible may happen.

Selection_672.png

3) Requirements

  • MS SQL Server Standard or Enterprise. https://technet.microsoft.com/en-us/system-center-docs/system-requirements/sql-server-version-compatibility
  • 4 GB Ram required, 16 GB recommended (don’t even bother going below)
  • A lot of not-really-so-working tricks to use it to manage hosts from other domains, especially without 2 way trusts settled.
  • Price. With whole gang of System Center tools, prepare to be robbed in a daylight. Doesn’t matter you have no intention to use other components – you have to pay for it. You cannot just pick and buy needed component – you have to buy-and-pay with bulk.

4) GUI

  • General slowness of GUI, regardless of hosts number, running tasks, library sizes.
  • Jobs window – generally unusable with more than one admin or more than one job running- lots of informational comments. Important actions (like: who deleted or altered machine) quickly goes off the screen, covered by messages like: refresh was completed.
  • Oh, did I mention ‚Refresh’ habit? Learn it. Learn it, and let your fingers memorize this config, as you will be using it a lot.

Refresh is required almost on everything. In options like: you DID change something via Powershell and HV-Manager – I can understand, refresh may be required. But you will have to hit REFRESH before, in time, and after ANY action you would like to perform. If not – expect the worst. Virtual machine seems to be non responding on your commands? Maybe its locked for backup, maybe it hanged, maybe it migrated to another host – you have to refresh, refresh and refresh to persuade SCVMM that you have most recent data.

Sometimes even refresh doesn’t work. Like in recovery or cluster node failure, you shouldn’t count on SCVMM to update its status before timer reaches day or two. Take your time! Sometime you will have to reboot SCVMM to persuade it to have the latest data. So, when your action fails – search no more, VM is probably locked, on other host or powered off. SCVMM takes its auto-refresh very slowly.

  • General over complexity in Logical Network and Switches. It’s like you have to create every VLAN again, even if you’ve done it on dozen of network devices, fill variables like subnets, gateways. You have to group it all together and again, attach to every Hyper-V switch on hosts you have.
  • Adding you own custom fields and filling them is, again, over complicated and requires you to do a lot of scripting and scheduling them in a Windows manner.
  • You cannot add, change or sort fields like Operating systems. What Microsoft got you are values like this:
    • Microsoft Windows Server 2012 R2
    • 64-bit edition of Microsoft Server

Selection_673.png

  • Hyper-V integration Services are always few releases behind. It started to change with Windows 2016 and idea to install them via Windows Update.
  • Inability to rename vm folder when machine changes its name. This way you will have to do a Live Migration to rename folder.
  • Complexity of generated script.One will think generating a new machine is easy: New-SCVirtualMachine with a lot of parameters. No. Script is long, heavy, complex and tries to do things in complete different matter.
  • Templates – only way to refresh a template is to create it again, or replace vhdx in library, and do some internal tricks.
  • Inability to do anything with machine when the job is running – all fields are grayed out and you have to wait for jobs to end or fail.

5) Agent

  • if you’re lucky, agents are deployed ALMOST instantly, but adding host to SCVMM requires it to restart
  • if you’re not lucky, then in case of SCVMM upgrade, you will have to manually redeploy and reinstall all agents. Quite common I’d say.
  • [IMPORTANT] The mess agent leaves on filesystem is just legendary. Lets say we would like to migrate our machine from folder d:\vm to e:\vm.After migration (when we choose right option) we will got:

– empty files in d:\vm\machinename

– machine in e:\vm\machinename

Let’s say we would like to migrate it back for some reason

We will get:

  • empty d:\vm\machinename
  • empty e:\vm\machinename
  • machine in e:\vm\machinename (1)

And migration is just done twice. Do you see the pattern? After few migrations we have complete chaos on filesystems with a lots of empty, semi-empty, almost empty and ‚soon-to-be-empty folders’. You’ll end up with removing them manually – again, if you’re lucky.

  • locked folder after failed job. Yes, when you migration failed, you will end with d:\vm\machinename which you’re not able to delete. Sometimes it can be deleted after some time, sometimes after SCVMM/host reboot, sometimes never.

Above list, not fully completed can be seen in SCVMM 2012 R2 and SCVMM 2016 versions. It’s clear that SCVMM is not very high on Microsoft ‚to do’ list as same errors and mistakes are transferred to newer version and hunts us until this day.

 

UPDATE (1)
Changed from Requirements (Enterprise) to (Standard , Enterprise)

Written by marcinbojko

Luty 4, 2017 at 20:08

Napisane w work

Tagged with , , , ,

10 Myths about Hyper-V

On my lectures and meetings with both: IT and Management  I’ve had a pleasure to be a myth buster about Hyper-V. As much as I don’t appreciate Microsoft’s ‚way of life’ – Hyper-V is mostly feared due to: lack of proper knowledge and very low quality support from Microsoft. Few most common myths are:

  1. It’s very expensive
    Let’s calculate:
    If you’re going to use standalone hosts with Microsoft Hyper-V Server your cost will be just zero coma zero.
    If you’re going to use a lots of Microsoft Windows virtual machines on them – you can rent them as SPLA licenses (per machine), or just rent Windows Datacenter edition for whole host.
    If you’re gonna to use Linux machines (assuming opensource, not paid edition) – again – zero coma zero
    If you’re going to use HA, all you need is just 1 (preferably more) OS for Domain Controller.
    If you’re gonna to manage standalone hosts, all you need (and rather as a suggestion) is a Microsoft Windows 10 Anniversary Edition machines. Just one 🙂
    You don’t have to pay extra for all fine features like: HA, Live Migration, Cluster Aware Updates. With W2k16 edition few extra features are available only in Datacenter edition (which I believe is a grave mistake) but that’s all.
  2. It requires System Center to be managed by
    No. As a matter of fact, SC is only useful in situations when you have lots of VLANS, Logical Network, templates to be deployed or Services. In any other case like: have your VLANS’s accounted for, drop Services as nobody is using this part. System Center Virtual Machine Manager is nothing more than overgrown cancer on a top of Powershell scripts it runs. Since 2012 edition Microsoft couldn’t ever fix the simplest things like: responsive console and not having refreshed it manually after every operation.
  3. It’s slower than VMWare or ‚any’ other competitor
    No. Overhead of Hyper-V is done mostly on storage level and most problems with it are created on a level of infrastructure design.
    For example: If you have a lot of hosts, and you do not require virtual machines there to be Highly Available – do not (i repeat) DO NOT connect them all as cluster nodes.
    If you’re using 1 or 2 iSCSI 1GB cards as you paths for low quality machines – expect nothing more than problems.
    Instead: use local storage, combined with low-end HW controllers. Even having 2 (mirror) or 4 (RAID5 or RAID10) disks for those machines is way better than having one underpowered ‚best of the world storage’. Plan this usage carefully – you still have things like Shared Nothing Live Migration (in a case of maintenance on specific host).
    Creating a lot of host, giving them all 1 or 2 ClusterSharedVolume to share is just asking for trouble.
  4. It requires a lot’s of PowerShell knowledge
    No. And I am the best example here 😉 With few exceptions like script for installing Hyper-V hosts, maybe create few LACPs – that’s all I used Powershell for.
  5. It doesn’t support Linux
    It does, it does it very well.
    Official document: https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-linux-and-freebsd-virtual-machines-for-hyper-v-on-windows
    Few my lectures: https://marcinbojko.wordpress.com/2014/10/22/xxi-spotkanie-regionalnej-lubelskiej-grupy-microsoft-i-moj-wyklad-systemy-linux-na-platformie-hyper-v-2012/
    As a matter of fact – I use CentOS/RedHat, Ubuntu/Debian machines and appliances, and have to say: working with them on Hyper-V is just a simple pleasure.
    In 2016 with things like Hyper-V and Veeam, support for Linux machines on Hyper-V is very much alive. Even our beloved ‚System Center Virtual Machine Manager’ supports creating templates for Linux machines, with small agent to set a lots of things during and after deployment.
  6. It’s complicated to install, run, maintain especially HA & Clusters
    No. It is just simple as click few times: next, next, next,finish.
    Using System Center or (better) FailoverCluster Manager from any Windows Server machine works perfectly out of the box. Rules are simple, wizard will tell you what you should do next.
    With maintenance mode, Live Storage Migration, Cluster Aware Updates you can have stable and secure environment for your machines. Even migrating machines between different clusters (Shared Nothing Migration) is secure and efficient.
  7. It requires specific hardware 
    One of the biggest myths. Learn with a hard way with VMWare hosts , you do not require special NIC, special motherboards or any devices from very narrow VMWare HCL list. Requirements of Hyper-V are very small: VT enabled CPU, enough memory to fit VM’s and host OS itself, one HDD, one NIC. For small setups it almost equals in using desktops and other workstations as a hyper-v farm.
    After hearing this statement from one of my clients, I began to pursue the subject. It was someone from VMWare camp that told him: ‚you will need special hardware for SMB3 and SMB Direct’ – which is generally correct in a same matter like: ‚if you want a milk, you need a cow’ 😉
  8. It doesn’t work with Azure
    Hyper-V 2016  is a light years ahead of Azure:) They still seems to be using Windows 2008 as a hosts with all of its negative aspects.
    But, jokes aside, using pre-build templates or products like Veeam and Windows Azure Pack, creating you own hybrid cloud is one of the best things you can do. Don’t trust sales guy from Microsoft forcing you to ‚move everything to a cloud, our cloud’. Don’t trust you IT guy saying ‚only on premise or death!’. Live in a both worlds.
  9. I know NOTHING about Hyper-V.
    If you have ANY knowledge about Windows – you have knowledge about Hyper-V itself.
  10. But migration from platform X/Y/Z is pain in the ….
    Take a deep breath. Calculate it. Find tools to do it manually, recreate all you machines using somekind of CM tool (like mentioned The Foreman/Puppet)- https://marcinbojko.wordpress.com/2016/10/04/puppet-the-foreman-powershell-dsc-your-system-center-in-a-box/. Calculate it again.
    Do it 😉

Written by marcinbojko

Grudzień 28, 2016 at 17:12

Puppet & The Foreman & Powershell DSC – Windows Updates: Neverending story.

Nobody likes Windows Updates even Microsoft itself. But sometimes one should make sure, you have perks your system needs. But, we co do it old fashion way: check, update, reboot, repeat. Boring, and completly not in a way DevOps do.

Again, Win_manage to the rescue.

First we make sure what we want to do:

dsc_xwindowsupdateagent_schedule

first:
  dsc_dayofweek: sunday
  dsc_afterhour: 11
  dsc_usenotify: true


dsc_xwindowsupdateagent

security:
  dsc_updatenow: 'true'
  dsc_category: security
important:
  dsc_updatenow: 'true'
  dsc_category: important
optional:
  dsc_updatenow: 'true'
  dsc_category: optional

dsc_reboot

dsc_reboot:
  message: Machine requested a reboot
  when: pending

But what does it do? First, we should prepare update schedule: let’s say, we can start auto-updates on Sunday, after 11 AM (remember 11 AM = 11:00, and 11:00 PM=23:00)

Second: we want to install 3 type of updates: security, important and optional.

Third: we want to auto-reboot our machine (dsc_reboot) and notify us about pending updates count BEFORE and AFTER update patch set (dsc_usenotify: true)

So, we can switch from:

selection_426

to

selection_427

in a time needed to get some music 🙂

Written by marcinbojko

Październik 9, 2016 at 18:36

Puppet & The Foreman & Powershell DSC – The Road So Far.

During last few weeks I was able to push and heavy test puppet-dsc code in a lots of environments and setups.

We had sysprepped Windows Server 2012 R2 images (different versions, builds and setups), a lots of Windows 10 Professional Workstations (Original, 1511, 1607 builds), few Windows 8.1 Pro – really great statistic sample.

As for now:

  • Windows Server 2012 and Windows 2012 R2 – fully supported
  • Windows 8.1/10 (original)/10 (1511) – fully supported
  • Windows Server 2016/Windows 10 (1607) – unsupported due to parsing bug in Powershell 5.1 – Work in progress
  • Windows 7/8 – not tested
  • Windows 2008 R2 – not tested

Implemented modules:

  • Chocolatey – with features and sources support (adding, removing, modyfing)
  • DSC_WindowsFeature
  • DSC_WindowsOptionalFeature
  • DSC_Service
  • DSC_Environment
  • DSC_Group
  • DSC_xFirewall
  • DSC_Reboot

More code is coming, but this fine set allows you to deploy and manage a lots of types of servers and workstations.

Written by marcinbojko

Październik 7, 2016 at 19:47

Puppet & The Foreman & Powershell DSC – your System Center in a box :)

Few weeks ago I started a little project – complete Puppet module called: win_manage.

My goal was to manage Windows based machines almost as easy as Linux servers, as little code inside as possible (you know, I am not a developer in any kind). And when I was thinking: KISS is no more possible with this project, I’ve found Puppet Powershell DSC module: https://github.com/puppetlabs/puppetlabs-dsc

Adding another resources it is just a breeze, the biggest part of work was to test almost every setting provided by Microsoft, to have working examples in day-to-day SysAdmin/DevOP job.

And yes, I know – we have plenty of things like this, sold with different price plans, different support plans and so on. But if you cannot afford pricey tools like Puppet Enterprise or System Center 2012 R2 in your environment, this little project comes to help you 🙂

First things first – why?

  1. We have excellent granularity using Puppet and Foreman architecture without complicated AD GPO with filters.
  2. Nested groups/copying groups helps so much in creating cloned environment
  3. It doesn’t matter what provider do you use: physical, virtual, VMWare,Hyper-V, Azure – it just works.
  4. With additional modules like Chocolatey and our private sources (and private CDNs) the story is completed – no more AD MSI voodoo stuff. Software deployment and maintenance just got really better.
  5. One is is to deploy, second thing is to maintain and manage. Securing running services or making permanent changes in your environment is as much important as just deploy them.
  6. No more ‚just another script’ approach.
  7. Everyone can afford simple machine with simple YAML examples 😉

So my work in progress looks just like this:

selection_418

Dashboard

selection_417

Host Groups

selection_419

Parameters to set

We love YAML driven configuration: setting users, rules, applications is just as easy as writing very light code:

Setting registry:

tightvncpassword:
 dsc_key: HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
 dsc_valuename: Password
 dsc_valuedata: af af af af af af af af
 dsc_valuetype: binary
 tightvncpasswordcontrol:
 dsc_key: HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server
 dsc_valuename: ControlPassword
 dsc_valuedata: af af af af af af af af
 dsc_valuetype: binary

Adding features:

Web-Server:
 dsc_ensure: present
 dsc_name: Web-Server
 dsc_includeallsubfeature: true
 DSC-Service:
 dsc_ensure: present
 dsc_name: DSC-Service

Installing and maintaining latest version of packages:

chocolatey:
 ensure: latest
 powershell:
 ensure: latest
 doublecmd:
 ensure: latest
 conemu:
 ensure: latest

So, what to do next? I will be adding additional DSC Resources to module and hopefully will be able to make it public. Stay tuned and keep your fingers crossed 😉

 

Written by marcinbojko

Październik 4, 2016 at 19:11

Chocolatey i własne źródło pakietów.

Bez wątpienia – Chocolatey (https://chocolatey.org/) jest doskonałym zarządcą pakietów dla systemu WIndows – zwłaszcza w instalacjach DesiredStateConfiguration. Trochę przytłacza mnogość sposobów instalacji pakietów (w zasadzie, każdy pakiet potrafi być oddzielnym kawałkiem kodu), jednak rekompensuje to z nawiązką ich niskim skomplikowaniem.

Owszem, sporo pakietów jest w oryginalnym repozytorium, jednak nie wszystkie pakiety źródłowe posiadają publiczne linki, tak aby można je było umieścić w samym pakiecie.

Rozwiązaniem jest np. tworzenie pakietów w repozytorium https://www.myget.org/, a same binarki trzymać np. 2 miejscach – firmowy intranet oraz linki publiczne.

Ponieważ mnie zawsze brakuje wspomnianych pakietów przedstawiam wam własne źródło, gdzie postaram się uzupełniać przydatne i brakujące pakiety.

Kilka zasad:

  1. Wszystkie pakiety binarne trzymane są w moim Dropboxie – katalog /public/choco.
  2. Wszystkie pakiety binarne podpisane są SHA256
  3. Wszystkie pakiety są weryfikowane przez Virus Total a ich suma SHA256 MUSI zgadzać się z sumą z linka VirusTotal. W opisie pakietu widnieje ich suma kontrolna.
  4. Repozytorium jest publiczne – jeżeli chcesz umieścić swój pakiet – odpowiadasz za niego 🙂

Bez zbędnej zwłoki:

Samo źródło: https://www.myget.org/feed/Packages/public-choco

Nuget v2: https://www.myget.org/F/public-choco/api/v2

RSS źródła z pakietami: https://www.myget.org/RSS/public-choco

 

Jak dodać źródło do swojego Chocolatey’a?

choco source add -n=NAZWA -s"https://www.myget.org/F/public-choco" --priority=10

Jak zainstalować/aktualizować pakiet?

choco install nazwapakietu -y

choco upgrade nazwapakietu -y

 

Jak usunąć pakiet?

choco uninstall nazwapakietu -y

 

Jakie pakiety są w repo?

Na dzień dzisiejszy:

WPS-Office-Personal – https://www.myget.org/feed/public-choco/package/nuget/wps-office-personal

Zabbix-Agent3 – https://www.myget.org/feed/public-choco/package/nuget/zabbix-agent3

 

Pozostałe pakiety przerabiam z sum kontrolnych MD5 na SHA256 co zajmuje mi nieco czasu.

 

 

Written by marcinbojko

Październik 1, 2016 at 12:57

And I landed on a BitBucket…

Written by marcinbojko

Sierpień 27, 2016 at 09:47

%d bloggers like this: