[Date:- 28 August 2013]
Dear Ukraine reader,
You may want to check out this unique offer from Microsoft Ukraine and Starwind. Click here to know more.
Link provided by our sponsor: Starwind Software.
[Date:- 28 August 2013]
Dear Ukraine reader,
You may want to check out this unique offer from Microsoft Ukraine and Starwind. Click here to know more.
Link provided by our sponsor: Starwind Software.
This is the most common question that we always ask ? I’m not sure. Well, now I can easily get the answer, thanks to 5Nine who just released 5Nine Security and Scanner for Hyper-V FREE Beta. If you’re interested, feel free to
A bit information about the product:-
Let have a look on how vulnerable of our existing Hyper-V server.
Once installed, just double click the icon “5Nine Security and Compliance Scanner" and click Start Scan.
This process will take a while. Let take a break with a cup of coffee……
After a while…
Well, it look like the result is not as good as I’m expecting based on the summary screen.
To know more, click View Report.
We got 2 critical and 2 warnings health detected. Let look deep on the report.
Security section
My system don’t have VM firewall and IDS to protect the infrastructure.
Performance section
Based on ratio, CPU performance is adequate but I’ve exhausted memory which I should probably request for an additional memory upgrade to support large workload running on Hyper-V.
Antivirus section
No agentless anti-malware detected to protect our VM.
Hmm…It is time for us to consider security in order to protect our virtualization infrastructure.
I’m not sure about you folk but I did saw this scenario happened in my customer environment who are running Windows Server 2008 R2 or Windows Server 2012 Hyper-V. When you’ve a network disconnection on the virtual switch, your VM will lose connection and client was unable to connect to the affected VM. Rest assure that our nightmare going to end soon. With Windows Server 2012 R2 (Preview), I’ve managed to locate this option. It is called “Protected network” and you can see it on VM Network | Advanced features | Protected Network.
By default, “protected network” option is enabled on the VM level. and when it’s detected a network disconnection, your VM (in the cluster ) will automatically failover to another node.
Do check it out!
Software Defined Networking (SDN) a.k.a. Hyper-V Network Virtualization (HVN) on Windows Server 2012 Hyper-V extends the virtualization benefit by isolate virtual networks on a single host. It allow you to create virtual networks that run on top of the physical network.
Last year presentation during Windows Server 2012 launching event, I’ve talk about it as well. Check out here.
Check out this video:-
Today network team isolate the network by using VLAN but Vlan has a limitation to support up to 4096 VLAN ID. If you look at my scenario, I have Blue and Red VM Network. Both VMs are having the same IP address. So what happen if you’re having a same ip address? Well, you definitely will get conflict IP address error message.
VM Network diagram: (Our example is Blue001, Blue002, Red001, Red002)
Host1 VM Connectivity:-
Host 2 VM Connectivity:-
To avoid conflict IP address, we use Network virtualization to create multiple subnets. Every virtual subnet has it own virtual subnet ID and only VMs which is having the same subnet ID will not getting an ip address conflict.
VM Name | Customer Address | Virtual Subnet ID |
Red001 | 10.0.1.100 | 1283442 |
Red002 | 10.0.1.101 | 1283442 |
Blue001 | 10.0.1.100 | 6878001 |
Blue002 | 10.0.1.101 | 6878001 |
Therefore, our VMs on the same virtual subnet ID can communicate each other.
Red001 –> Red002
Blue001 –> Blue002
Where Software Define Networking is suitable to use?
In my lab environment, I have created 2 VMs network and configure network virtualization using VMM 2012 R2 (Preview).
Here is some PowerShell that you can use to check SDN.
To get the policy entries for VMs in a virtual network, execute command Get-NetVirtualizationLookupRecord
Get VM Mac Address using Powershell
Get-VM | Get-VMNetworkAdapter |
When configure Hyper-V Network virtualization, there are two types of IP Address that you will using:
a) Provider Address (PA) – unique IP address assigned to each Hyper-V host that are routable across the physical network infrastructure.
b) Customer Address (CA) – unique IP address assigned to each VM that are participating on a virtualized network.
To get the provider address, execute command “Get-NetVirtualizationProviderAddress”. It will lists the provider address (PA) that configured in Windows Server 2012 Hyper-V Network Virtualization.
Host 1 Provider Address Result:-
Host 2 Provider Address Result:-
To get virtual network routes, execute command Get-NetVirtualizationCustomerRoute. Here you will be able to see that with network virtualization, it allow more than one virtual network to exist on the same physical network. Example:- Both network on subnet 10.0.1.0/24. Computer can exchange network traffic within a VM by using Customer Address (CA) within a virtual network.
Note:-
By default, when using VMM 2012 SP1 to configure Network virtualization the system will use NVGRE (Generic Routing Encapsulation).
For more information