Microsoft infrastructure optimisation

Posted on By Mark Wilson

Infrastructure optimisationI don’t normally write about my work on this blog (at least not directly) but this post probably needs a little disclaimer as, a few months ago I started a new assignment working in my employer’s Microsoft Practice and, whilst I’m getting involved in all sorts of exciting stuff, it’s my intention that a large part of this work will involve consultancy engagements to help customers understand the opportunities for optimising their infrastructure. Regardless of my own involvement in this field, I’ve intended to write a little about Microsoft’s infrastructure optimisation (IO) model since I saw Garry Corcoran of Microsoft UK present at the Microsoft Management Summit highlights event back in May… this is a little taster of what IO (specifically Core IO) is about.

Based on the Gartner infrastructure maturity model, the Microsoft infrastructure optimisation model is broken into three areas around which IT and security process is wrapped:

  • Core infrastructure optimisation.
  • Business productivity infrastructure optimisation.
  • Application platform infrastructure optimisation.

Organisations are assessed on a number of capabilities and judged to be at one of four levels (compared with seven in the Gartner model):

  • Basic (“we fight fires” – IT is a cost centre) – an uncoordinated, manual infrastructure, knowledge not captured.
  • Standardised (“we’re gaining control” – IT becomes a more efficient cost centre) – a managed IT infrastructure with limited automation and knowledge capture.
  • Rationalised (IT is a business enabler) – managed and consolidated IT infrastructure with extensive automation, knowledge captured for re-use.
  • Dynamic (IT is a strategic asset) – fully automated management, dynamic resource usage, business-linked SLAs, knowledge capture automated and use automated.

Infrastructure optimisation overview diagramIt’s important to note that an organisation can be at different levels for each capability and that the capability levels should not be viewed as a scorecard – after all, for many organisations, IT supports the business (not the other way around) and basic or standard may well be perfectly adequate but the overall intention is to move from IT as a cost centre to a point where the business value exceeds the cost of investment. For example, Microsoft’s research (carried out by IDC) indicated that by moving from basic to standardised the cost of annual IT labour per PC could be reduced from $1320 to $580 and rationalisation could yield further savings down to $230 per PC per annum. Of course, this needs to be balanced with the investment cost (however that is measured). Indeed, many organisations may not want a dynamic IT infrastructure as this will actually increase their IT spending; however the intention is that the business value returned will far exceed the additional IT costs – the real aim is to improve IT efficiencies, increase agility and to shift the investment mix.

Microsoft and its partners make use of modelling tools from Alinean to deliver infrastructure optimisation services (and new models are being released all the time). Even though this is clearly a Microsoft initiative, Alinean was formed by ex-Gartner staff and the research behind core IO was conducted by IDC and Wipro. Each partner has it’s own service methodology wrapped around the toolset but the basic principles are similar. An assessment is made of where an organisation is currently at and where they want to be. Capability gaps are assessed and further modelling can help in deriving those areas where investment has the potential to yield the greatest business benefit and what will be required in order to deliver such results.

It’s important to note that this is not just a technology exercise – there is a balance to be struck between people, processes and technology. Microsoft has published a series of implementer resource guides to help organisations to make the move from basic to standardised, standardised to rationalised and from rationalised to dynamic.

Links

Core infrastructure self-assessment.
Microsoft infrastructure optimisation journey.

Windows Server Virtualization unwrapped

Posted on By Mark Wilson

Last week, Microsoft released Windows Server 2008 Release Candidate 0 (RC0) to a limited audience and, hidden away in RC0 is an alpha release of Windows Server Virtualization (the two updates to apply from the %systemroot%\wsv folder are numbered 939853 and 929854).

I’ve been limited in what I can write about WSV up to now (although I did write a brief WSV post a few months back); however at yesterday’s event about creating and managing a virtual environment on the Microsoft platform (more on that soon) I heard most of what I’ve been keeping under wraps presented by Microsoft UK’s James O’Neill and Steve Lamb (and a few more snippets on Tuesday from XenSource), meaning that it’s now in the public domain and I can post it here (although I have removed a few of the finer points that are still under NDA):

  • Windows Server Virtualization uses a totally new architecture – it is not just an update to Virtual Server 2005. WSV is Microsoft’s first hypervisor-based virtualisation product where the hypervisor is approximately 1MB in size and is 100% Microsoft code (for reliability and security) – no third party extensions. It is no more than a resource partition in order to provide access to hardware and not opening the hypervisor to third parties provides protection against theoretical hyperjacking attacks such as the blue pill (where a rootkit is installed in the hypervisor and is practically impossible to detect).
  • WSV requires a 64-bit CPU and hardware assisted virtualisation (Intel VT or AMD-V) enabled in the BIOS (often disabled by default).
  • There will also be two methods of installation for WSV:
    • Full installation as a role on Windows Server 2008 (once enabled, a reboot “slides” the hypervisor under the operating system and it becomes virtualised).
    • Server core role for the smallest and most secure footprint (with the advantage of fewer patches to apply).
  • Initial builds require a full installation but WSV will run on Server Core.
  • The first installation becomes the parent, with subsequent VMs acting as children. The parent has elevated permissions. The host/guest relationship no longer applies with the hypervisor model; however if the parent fails, the children will also fail. This may be mitigated by clustering parents and using quick migration to fail children over to another node.
  • Emulated drivers are still available with wide support (440BX chipset, Adaptec SCSI, DEC Ethernet, etc.) but they have a costly performance overhead with multiple calls back and forth between parent and child and context switches from user to kernel mode. WSV also includes a synthetic device driver model with virtual service providers (VSPs) for parents and virtual service clients (VSCs) for children. Synthetic drivers require no emulation and interact directly with hardware assisted virtualisation, providing near-native performance. XenSource drivers for Linux will be compatible with WSV.
  • There will be no USB support – Microsoft see most USB demand for client virtualisation and although USB support may be required for some server functions (e.g. smartcard authentication), this will not be provided in the initial WSV release
  • Microsoft views memory paging to be of limited use and states that over-committing RAM (memory ballooning) is only of practical use in a test and development environment. Furthermore it can actually reduce performance where applications/operating systems attempt to make full use of all available memory and therefore cause excessive paging between physical and virtual RAM. Virtual servers require the same volumes of memory and disk as their physical counterparts.
  • In terms of operating system support, Windows Vista and Server 2008 already support synthetic device driver (with support being added to Windows Server 2003). In response to customer demand, Microsoft has worked with XenSource to provide a platform that will allow both Linux and Windows workloads with near native performance though XenSource’s synthetic device drivers for Linux. Emulation is still available for other operating systems.
  • Virtual Server VMs will run in WSV as the VHD format is unchanged; however virtual machine additions will need to be removed and replaced with ICs (integration components) for synthetic drivers using the integration services setup disk (similar to virtual machine additions, but without emulation) to provide enlightenment for access to the VMbus.
  • Hot addition of resources is not included in the initial WSV release.
  • Live migration will not be included within the first WSV release but quick migration will be. The two technologies are similar but quick migration involves pausing a VM, writing RAM to a shared disk (saving state) and then loading the saved state into RAM on another server and restarting the VM – typically in around 10 seconds – whereas live migration copies the RAM contents between two servers using an iterative process until there are just a few dirty pages left, then briefly pausing the VM, copying the final pages, and restarting on the new host with sub-second downtime.
  • WSV will be released within 180 days of Windows Server 2008.

Looking forward to Windows Server 2008: Part 1 (Server Core and Windows Server Virtualization)

Posted on By Mark Wilson

Whilst the first two posts that I wrote for this blog were quite generic, discussing such items as web site security for banks and digital rights management, this time I’m going to take a look at the technology itself – including some of the stuff that excites me right now with Microsoft’s Windows Server System.

Many readers will be familiar with Windows XP or Windows Vista on their desktop but may not be aware that Windows Server operating systems also have a sizable chunk of the small and medium size server market.   This market is set to expand as more enterprises implement virtualisation technologies (running many small servers on one larger system, which may run Windows Server, Linux, or something more specialist like VMware ESX Server).

Like XP and Vista, Windows 2000 Server and Advanced Server (both now defunct), Windows Server 2003 (and R2) and soon Windows Server 2008 have their roots in Windows NT (which itself has a lot in common with LAN Manager).  This is both a blessing and a curse as while the technology has been around for a few years now and is (by and large) rock solid, the need to retain backwards compatibility can also mean that new products struggle to balance security and reliability with legacy code.

Microsoft is often criticised for a perceived lack of system stability in Windows but it’s my experience that a well-managed Windows Server is a solid and reliable platform for business applications.  The key is to treat a Windows Server computer as if it were the corporate mainframe rather than adopting a   personal computer mentality for administration.  This means strict policies controlling the application of software updates and application installation as well as consideration as to which services are really required.

It’s this last point that is most crucial.  By not installing all of the available Windows components and by turning off non-essential services, it’s possible to reduce the attack surface for any would-be hacker.  A reduced attack surface not only means less chance of falling foul of an exploit but it also means less patches to deploy.  It’s with this in mind that Microsoft produced Windows Server Core – an installation option for the forthcoming Windows Server 2008 product (formerly codenamed Longhorn Server).

As the name suggests, Windows Server Core is a version of Windows with just the core operating system components and a selection of server roles available for installation (e.g. Active Directory domain controller, DHCP server, DNS server, web server, etc.).  Server Core doesn’t have a GUI as such and is entirely managed from a command prompt (or remotely using standard Windows management tools).  Even though some graphical utilities can be launched (like Notepad), there is no Start Menu, no Windows Explorer, no web browser and, crucially, a much smaller system footprint.  The idea is that core infrastructure and application servers can be run on a server core computer, either in branch office locations or within the corporate data centre and managed remotely.  And, because of the reduced footprint, system software updates should be less frequent, resulting in improved server uptime (as well as a lower risk of attack by a would-be hacker).

If Server Core is not exciting enough, then Windows Server Virtualization should be.  I mentioned virtualisation earlier and it has certainly become a hot topic this year.  For a while now, the market leader (at least in the enterprise space) has been VMware (and, as Tracey Caldwell noted a few weeks ago, VMware shares have been hot property), with their Player, Workstation, Server and ESX Server products.  Microsoft, Citrix (XenSource) and a number of smaller companies have provided some competition but Microsoft will up the ante with Windows Server Virtualization, which is expected to ship within 180 days of Windows Server 2008.  No longer running as a guest on a host operating system (as the current Microsoft Virtual Server 2005 R2 and VMware Server products do), Windows Server Virtualization will directly compete with VMware ESX Server in the enterprise space, with a totally new architecture including a thin “hypervisor” layer facilitating direct access to virtualisation technology-enabled hardware and allowing near-native performance for many virtual machines on a single physical server.  Whilst Microsoft is targeting the server market with this product (they do not plan to include the features that would be required for a virtual desktop infrastructure, such as USB device support and sound capabilities) it will finally establish Microsoft as a serious player in the virtualisation space (even as the market leader within a couple of years).  Furthermore, Windows Server Virtualization will be available as a supported role on Windows Server Core; allowing for virtual machines to be run on an extremely reliable and secure platform.  From a management perspective there will be a new System Center product – Virtual Machine Manager, allowing for management of virtual machines across a number of Windows servers, including quick migration, templated VM deployment and conversion from physical and other virtual machine formats.

Windows Server Core and Windows Server Virtualization are just two of the major improvements in Windows Server 2008.  Over the coming weeks, I’ll be writing about some of the other new features that can be expected with this major new release.

Windows Server 2008 will be launched on 27 February 2008.  It seems unlikely that it will be available for purchase in stores at that time; however corporate users with volume license agreements should have access to the final code by then.  In the meantime, it’s worth checking out Microsoft’s Windows Server 2008 website and the Windows Server UK User Group.

[This post originally appeared on the Seriosoft blog, under the pseudonym Mark James.]