Innovative Technology Weblog

A few months ago my beloved colleague Walter gave me the Beta version of System Center Virtual Machine Manager. Unfortunately I haven’t had the time to play with it until now. While most people enjoy their well earned vacation, I’m playing around with SCVMM.

There are definitely things to be excited about:

• Ability to manage both Hyper-V and VMware farms
• Migrate virtual machines between Hyper-V hosts (maybe not a live migration, but a migration none the less! )
• But the main thing to be excited about is the future integration within the System Center family.

And their are also some irritating things:

• Hyper-V has just RTM’ed and SCVMM is still in beta. This means you got to install update after update to make everything work.
• When I try to install the integration services on Windows Vista it comes with the message: “Unsupported Guest OS - An error has occurred: The specified program requires a newer version of Windows.” Unfortunately I’m not yet in the possession of Windows 7… 
• I created a new library share. But when I try to mount an ISO file to my virtual machine it fails and the only thing you can do with your virtual machine from that point is remove it and repair it. Through the repair option you can save him by the way.

I properly can go on and on with these things but I can rather posts these on connect.microsoft.com. It is still a beta and I believe eventually these ‘minor’ issues will be solved.

There is one very interesting feature I found in SCVMM and I’m still not sure if it’s a brilliant or stupid thing. When you create a new virtual machine you got to choose your processor type. Not just the number of virtual processors or the clock rate, no actually the processor type. Like the 1.2 Ghz Athlon, the 3.0 Ghz Pentium 4 (HT Technology) or the 2.8 Ghz Xeon MP.

It states that it uses this info to determine the processor requirements of the virtual machine. That’s being used when calculating host ratings and when setting CPU resource allocations.
You can view the host rating when you create a new virtual machine. The host rating helps you to choose the best host for your virtual machine. Based on free resources.
CPU resource allocation is something we know from VMware ESX. VMware uses shares to do this. A plain number like 1000 or 2000. The virtual machine with 2000 shares gets twice the amount of CPU cycles (when needed) in comparison with the machine that has 1000 shares.

I understand that SCVMM should use his own system that can be plotted on all the different virtualization platforms it’s going to manage (Hyper-V, XEN, ESX). But I don’t understand how a 2.4 Ghz Opteron relates to a 2.4 Ghz Xeon.
So if I just want my production server to have a 50% preference over my test server which should I choose? And what’s worse, if I’m in doubt with this option, how about a self service user that’s got the option to create a new virtual machine? I can imagine it would properly mean that this user got the advise to skip it.

But there is one more thing confusing about this. When you use the Virtual Machine Manager snap in, there is another way to set the processor weight and you can use a simple number!

So if I change the processor type in SCVMM of a virtual machine, you would suspect something to change within this screen. But it doesn’t… Neither does it the other way around.

I’m going to investigate some more but if you got some tips or hints, please post them!

I actually ran into more problems with the PKI after the installation. Although SCCM detects your Site Server Signing certificate during setup, the process of dragging and dropping the certificate from the current user branch to the local machine branch may (not sure if there are situations where this does not happen) corrupt the private key in the certificate. To fix this, you have to change the template for the Site Server Signing certificate. On the ‘Request Handling’ tab, check ‘Allow private key to be exported’. Then go through the process of requesting the certificate as usual, and don’t drag and drop as I described in my previous post, but export from the current user certificates and import in the local machine certificates. That should fix the Site Server Signing certificate.

I also had a problem with the Web Server certificate, don’t know if it’s related to having a Windows Server 2008 Certificate Authority or not. In the Microsoft walkthrough they tell you to duplicate the normal Web Server template. When I did this, SCCM kept reporting the Management Point giving problems; a test http request would return an error. After a little Googling I found the solution: on the new template (I named it SCCM Web Server) add Client Authentication on the ‘Extensions’ tab. Don’t forget to re-enroll and re-assign the certificate to your website.

I hope that’s all I have to say about this.

The last couple of days I’ve been playing around with the SCCM 2007 SP1/R2 beta. I wanted to try out the NAP (network access protection) features, which require Windows Server 2008 on the SCCM server. So I went ahead and created some virtual machines, a domain controller and a SCCM server. I wanted to do it right, so I decided to install Windows Server 2008 on the domain controller as well. To build the PKI required by native mode I followed the excellent walkthrough at http://technet.microsoft.com/en-us/library/bb694035.aspx. And then I ran into trouble…..
There are two issues with getting the Site Server Signing certificate on the SCCM server. First, because the CA is running on a Windows Server 2008 machine, when you duplicate the ‘Computer’ certificate template, you get the choice which versions of Windows should support this template. Considering the fact that all servers in my environment are running Windows Server 2008, I went with that. And that was my mistake. If you select “Windows Server 2008, Enterprise Edition” the certificate template will not show up while enrolling it from the web interface, so you should select “Windows Server 2003, Enterprise Edition”.
The second issue I ran into was related to the requesting client being a Windows Server 2008 machine. When this is the case, the web interface no longer shows the option to store the certificate in the local computer certificate store. Just continue as you normally would and after that, open an MMC on the SCCM server. Add two certificates snap-ins, one for the current user, the other for the local computer. All you have to do is drag the certificate you just enrolled from the web interface from the Personal/Certificates store under the current user branch to th Personal/Certificates store under the local computer branch.
After this, in my case the SCCM installation automatically detected my certificate and installation went smoothly.

 Please note that I have posted a follow-up to this post, because although installation will go smoothly, you will have some errors if you do it the way I descibed above. Here’s the correct way to do it:  http://www.buit.org/2008/05/22/installing-sccm-2007-sp1r2-in-native-mode-on-windows-server-2008-part-2/

On MMS Day 1 the keynote was opened by Bob Muglia (VP Server & Tools Business)

This keynote was all about Dynamic IT, the 10 year vision of Microsoft in how to operate dynamic datacenters. Currently Microsoft is in year 5 of this vision and realy showed some cool stuff in the keynote compared to how we managed our environments 5 years ago. I realy like the vision Microsoft is having on a Dynamic Datacenter using virtualisation, not only on the OS layer but also on the application layer.

In a Dynamic Datacenter all services are devided in 4 layers:

• Hardware
• Hardware Virtualisation
• Application Virtualisation
• Models

The hardware layer can be managed with System Center Configuration Manager, during the keynote Microsoft did a demo on how Dynamic IT is working for server deployment. Just by using Server 2008 Server Roles en Features, a Configuration Manager Task Sequencer and a special plugin from Dell in this sequencer Microsoft was able to install a domain controller unattende on a Dell server. During this unattende installation it was possible to do the RAID settings, BIOS settings and other hardware based setting needed to roll-out the server to be compliant with the rest of the infrastructure. This way there is no need for an administrator to be present in a datacenter and still you will be able to roll out servers.

On the Hardware Virtualisation Layer, Microsoft did a demo of Virtual Machine Manager 2008 beta that was anounced during the keynote. A cool feature of VMM2008 is that it is able to manage VMware ESX servers, so in the near future it will be possible to manage your Virtual environment from 1 tool. This tool also supports Live migration of VMware machines. Like other Microsoft tooling VMM2008 also gives the output of the tasks you perform as an PowerShell script, so administrators that do not master PowerShell still have the abbility to automate repeating tasks.

Microsoft also announced the beta of SCOM Cross Platform Monitoring, that Walter described in last post.

So if you are interested in the slides of the Keynote on day 1 you can watch the here :

Slidedeck Keynote Day 1

Helping to propel large-scale mobile phone deployments by businesses, Microsoft announced at CTIA Wireless 2008 the immediate availability of System Center Mobile Device Manager 2008 and plans for a Microsoft Mobile Services Plan (MMSP) to be available from mobile operators worldwide. Together with Microsoft Windows Mobile 6.1, the software and services provide the best solution for midsize and large businesses to manage and help protect Windows Mobile phones.

“With Microsoft’s mobile solutions, businesses now have the power, control and flexibility over how they deliver information to their employees on the go,” said John O’Rourke, general manager, Mobile Communications Business, Microsoft. “Together with our partners, we’re helping enterprises extend their reach like never before.”

Microsoft saw positive response to early trial programs for Mobile Device Manager. Companies across the financial, manufacturing and professional services industries also requested that mobile operators deliver a core set of software and services to help businesses meet their management needs.

A study conducted by Microsoft with large and midsize organizations showed businesses would like to move beyond their current mobile solutions to offer more sophisticated services. Mobile Device Manager meets their needs by offering the following benefits:

• Features to manage phones with the same ease and flexibility as Windows-based PCs, addressing IT priorities for saving resources and protecting information

• Capability to help protect sensitive business files and e-mails, contacts and other information through file and storage card encryption on the phone should it be lost or stolen

• Ability to access more of the information mobile workers need for staying on top of their jobs via a mobile virtual private network, which provides security-enhanced access to company data and application updates over the air

Mobile Services Plan Enriches End-to-End Experience

Today leading operators AT&T, O2, Orange, TaTa Teleservices Ltd. and Verizon Wireless announced they are in discussions with Microsoft to deliver the Microsoft Mobile Services Plan. MMSP is a set of core software and services that provides a uniform experience across Windows Mobile 6.1 phones, whether working with one or more operators, saving time and resources so companies can focus on other areas of mobility. Beginning later in 2008, operators plan to offer a subscription plan that will bring businesses the following:

• A corporate-grade network and data plan to support enterprise applications and services to help people get work done with the responsiveness they expect from the network and the efficient use of battery power they want on their phones

• A package from mobile operators, including access rights to Mobile Device Manager as well as the advanced mobile management features of Microsoft Exchange Server 2007 Service Pack 1 (SP1), Microsoft Services Premier Support and Software Assurance for Microsoft applications such as Microsoft Office Mobile running on Windows Mobile 6.1-based phones.

Fast-Growing Network of Partners Open for Business

Responding to the opportunity created by Mobile Device Manager and complementing the MMSP, a large network of global partners are ready to integrate and deploy into existing systems as well as create custom solutions for businesses. Among the first companies that worked with Microsoft to support early trial programs are AT&T Inc., EDS, Enterprise Mobile, HP, O2, Orange, SAT Corp. and Verizon Wireless.

“Given AT&T’s leadership in the Windows Mobile space, AT&T is excited that Mobile Device Manager is now a reality for our enterprise customers,” said Jeff Bradley, senior vice president, Marketing and Operations for AT&T’s wireless unit. “Every day, mobile devices become more ubiquitous throughout the enterprise, and the need to securely manage those devices, data and applications is critical for IT organizations. Through our early adopter trials, our customers are responding positively to AT&T’s deployment and optimization plans for Mobile Device Manager and are eager to adopt the first end-to-end wireless-focused enterprise solution that can maximize their investments in Microsoft technology.”

A wave of Windows Mobile 6.1 phones and operator networks supporting Mobile Device Manager is expected to begin in the second quarter of 2008 from Alltel Wireless, ASUS, AT&T, HP, HTC Corp., i-mate, Intermec Inc., Motorola, O2, Orange, Palm Inc., Pantech, Samsung, Sony Ericsson Mobile Communications, Sprint, Tata Teleservices Ltd., TELUS, Toshiba and Verizon Wireless.

Read more at the System Center Mobile Device Manager Site :

Also Microsoft has posted a few tools to deploy and troubleshoot System Center Mobile Device Manager :
• MDM Self Service Portal
• MDM Server Tools
• MDM Client Tools
• MDM Best Practices Analyzer Tool

These tools can be found at Technet

For a Demo of System Center Mobile Device Manager please take a look at this video:
Mobile Device Manager Demo

Today I attended another “Service Desk� session, this time with plenty of XML and InfoPath. The purpose of the sessions was to show how to extend Service Manager. Maybe because of pre beta 1 code, or because it just didn’t work as expected, some of the demos failed but it did not kill my enthusiasm.

Probably the highlight of today’s session was when Marielle, a colleague, asked a quite interesting question. She is rather small so could not reach the phone and behaved as one of those rock stars from the eighties. Her question, “What is your definition from a CMDB?�

The question was related to what content is stored in the Service manager CMDB. The presenters were talking about storing incident and change management data in the CMDB. After some confusion we managed to have a one on one with the CMDB program manager which actually brought the session to a much higher level. Anyway the CMDB stores CI information but Service manager can query more, it could even do SQL joins…

I think we talked about 15 minutes about the Service manager “Federated CMDB� and this talk gave some inside in what Service Manager is doing at the moment, pull down information from different resources into the CMDB and future plans to leave the information where it is and look at the CMDB as a distributed database and use information from other databases in Service manager or somewhere else based on connectors.

I tried to get some information about future plans regarding a connector to Carmine, Virtual Machine Manager because I really think that Virtualization on demand can help the Microsoft Dynamic System Initiative. Sadly enough not a clear answer on that one.

What became clear is that there are plans to really dig into deployment based on DCM information. For example if an application has a DCM policy that defines that the application can only be installed on a clustered server, Service Manager could use this information to find a clustered server and install the application if it find a suitable candidate.

One other nice example mentioned in the talk regarding the possibilities in  Service Manager; suppose you want to order a laptop with specifics specs, you could ask Service Manager “Which laptop has these hardware specs and has the least amount of hardware calls and no battery replacements?�

I am even more excited but have to go to the party, it looks like MS bought part of the town for a partyJ

For some reason I get excited when I see a solution or framework that consist of multiple products and technologies. The last two years I spend a lot of time on Business Desktop Deployment which is a solution build around a huge list of products.

A couple of weeks ago, I wrote a blog about the revitalization of the CMDB and I got some comments back that were really interesting, MS is trying to patent CMDB. Today I attended a great overview sessions about Microsoft System Center Service Manager, previous coded as Service Desk at MMS 2007 in San Diego (CA).

Service Manager can be seen as the delivery system of the Microsoft‘s Dynamic System Initiative and false in the last phase of Infrastructure Optimization, the dynamic phase.

So why so exited? Let us look at an example scenario and demo from today:

A user goes to a SharePoint portal and requests an application. The application list is not a static database table but is actually provided by a SCCM 2007(SMS v4) connector which will be shipped as part of Service manager. Besides the list of applications there could be also some logic to find the user’s desktop name by querying SCCM 2007 and the primary user for the machine. The user submits the request and Service manager will initiate a Change Request and queries the Active Directory (Service Manager will ship with a Active Directory connector) for the users manager. Active Directory is queried for the users manager email address and an email with the request is send to the user’s manager. The user’s manager receives the email and approves the request. Service manager receives the approval and send a software distribution task to SCCM 2007 over the SCCM 2007 connector. In  the mean time the user requesting the software can see the approval in his Service Manager gadget on his / her desktop (see the previous blog from Stephan). After a while the software gets installed. This is not the end of the story because there is no one to close the call, or is there? Service After a while SCCM 2007 hard and software inventory runs on the machine and finds the installed software and reports this to Service manager. Service Manager get informed and closes the call.

Some similar automated scenarios are possible by defining DCM (Desired Configuration Management) policies, like checking for Antivirus Software. If DCM does not find a correct installation it fires a configuration mismatch, Service Manager logs an incident and send a repair job to SCCM 2007. The next DCM cycle the installation is checked and the incident is closed. Or using the CMDB as a deployment database, add assets to the CMDB, send them to SCCM 2007 and deploy with a baremetal scenario and check with hard and software inventory and DCM if they  really are deployed and check with DCM if they are deployed wsith the correct configuration.

When Service Manager ships, it will also have a SCOM 2007 (MOM v3) connector. And hopefully after a while also a Virtual Machine Manager connector servers can bee added when needed.

Am I too excited?

I’am thinking about what happended last year at MMS 2006. During the keynote Microsoft started to talk about Application Virtualization and this was the next step in the Virtualization world. A bit strange because they did not have a Application Virtualization product. I believe the next day SoftTricity appeards on the stage and demoed their Application Virtualization Product. Weird…. Someone else on the stage during a keynote at your conference demoing something you see as a the next step and you are not even close….. We all know what happened three weeks later

And then today, thinking about last year, looking at the previous blog “Bob Muglia kicks off MMS 2007 with the launch of new System Center products and announces Key industry partners in his keynote address delivering the Building Blocks for Dynamic Systems Management” and looking at a SCCM 2007 demo. I see a couple of Operating System packages, some Microsoft packages, a Etrust AV package and……. a SAP package, actually two.  mmmm I wonder why they have that package in SCCM 2007. 1 1/2 hour later the sessiojn finished and now I relly wonder why they had that package in SCCM 2007, they didn’t even use it, so why spend a  license on it?

 Anyway, the SCCM 2007 session was quite interesting. Three weeks ago there was no need for a  BDD version and SCCM 2007 Operating System Deployment was Enterprise ready. This time SCCM 2007 Operating System Deployment was Enterprise ready but there will be a BDD version for SCCM 2007. When I look at the way they handle those deployment variables like Timezone, Keyboard layout, Input Language I am absolutely sure that SCCM 2007 cannot live without BDD when deploying operating systems it in an Enterprise…

Still wondering why that SAP package was there…

Rob

About a few years ago Microsoft started to change the name of its suite of management products to System Center. It looked like SMS and MOM becoming a single product but that didn’t happen. The only result is the introduction of a new product SCE (System Center Essentials) which is basically targeting the low end market.

Just after the System Center name saw the light of day Microsoft also started with some smoke and mirrors stuff called DSI (Dynamic System Initiative) and IOI (Infrastructure Optimization Initiative) but lately these two started to become quite clear.

About one year ago DCM (Desired Configuration Management) for SMS was introduced and just after that MOM and SMS and a bunch of other products changed their names to System Center Configuration Manager and System Center Operation Manager.

I just flew back from Seattle where I was at the SCCM 2007 TAP airlift and am now at the Microsoft Architecture forum in Copenhagen with a terrible jetlag running thru the agenda for today. I can remember one of the talks I had with a Microsoft Architect in Seattle about SDM (System Definition Model) and SLM (Service Modeling Language). The Architect actually managed to bring our talk to System Center Service Desk via DCM.

And again I look at the agenda of the Architect Forum in Copenhagen and I see a track about Service Desk “Take a first look at the tool that will be the “brain” of our Self Managing Dynamic Datacenter. See how we are planning to automate ITIL based processes and let the other members of System Center family execute them. The new possibilities for Self Service, and see our implementation of CMDBâ€?.

I do some queries on the MS site and I find the following quite interesting document http://download.microsoft.com/download/b/3/8/b38239c7-2766-4632-9b13-33cf08fad522/sdmwp.doc

But the odd thing I remember about the Seattle talk is that I did not only talk about management of products with the MS Architect I also talked about deployment and he is actually a member of a deployment solution team.

Wouldn’t it be fun if CMDB becomes a Deployment Database besides a Configuration Database? System Center Configuration Manager has a Operating System Deployment component so it is capable of doing deployments and it would solve the problem that the CMDB info is never up to date.

Rob

Last week I was in session about virtualization and one question kept running through my mind. “What will be the impact of Virtualization on Monitoring?� At first you would think that not much will change if you monitor virtual machines instead of physical machines. But the way virtualization has taken off and the more virtualization is used this must change the way we monitor today. Let starts with some of my experiences with virtualization.

Read more here.

Please let me know if you agree or disagree.  I really like to receive your comments!

Regards,
Stefan Stranger
http://weblog.stranger.nl