System Center 2012 Orchestrator provides a powerful workflow management solution which allows IT administrators to automate different tasks exposed by the platform. At the heart of the Orchestrator is a set of Runbooks which outline the sequence of activities for a given task. A number of resources are available on Technet which explain the concept and provide guidance on building these Runbooks. 

Charles Joy is a Senior Program Manager with the Windows Server & System Center group in Microsoft who has authored a set of Hyper-V Replica sample Runbooks which can be downloaded for free from TechNet Galleries. In his blog post http://blogs.technet.com/b/building_clouds/archive/2013/02/11/automation-orchestrating-hyper-v-replica-with-system-center-for-planned-failover.aspx he explains the high level concepts and also shows a Planned Failover in action.

Download the runbook and share your experience with us – we would love to hear your feedback!

Jeremy Chapman, resident deployment guru for Microsoft, is launching a new blog series on Office they are calling the “Garage Series for IT Pros”.  In addition to providing a wealth of information on deployment, it looks like they are going to do some crazy stuff like jump out of a perfectly fine aircraft.  No thanks. Grin.

See http://blogs.technet.com/b/office_resource_kit/archive/2013/02/20/new-office-new-garage-series-for-it-pros.aspx for the announcement and video.

The goal of this document is to present an overview of Trusted Platform Module (TPM) virtual smart cards (VSCs) as an option for strong authentication. It is intended not only to provide the means for evaluating VSC use in an enterprise deployment, but also to provide the information necessary to deploy and manage.

Go get the guide @ http://www.microsoft.com/en-us/download/details.aspx?id=29076.

I’m happy to announce that not only is Windows MultiPoint Server 2012 generally available, but last week, we added support for USB-Over-Ethernet Zero clients.

Windows MultiPoint Server is a product that uses Remote Desktop Services to offer a tailor-made experience for schools.

Congratulations to everyone who worked on this release.

If you’re interested in evaluating Windows MultiPoint Server 2012, click here.

Engadget just released the results of the Readers Choice Awards for 2012 at http://www.engadget.com/2013/02/20/winners-2012-engadget-awards-readers-choice/. 

As you can see, the Microsoft Surface RT won Tablet of the Year.  Kudos to the Surface team.  Nicely done!

You’ll also notice Nokia nailed the Smartphone of the Year award for the Lumia 920.  Sweet!

I’d like a Mars Rover scaled down to chase the armadillos with.  Can I get it with the net option too? Tired of those critters messing up my yard.

A couple of days ago HTC announced a sweet looking smartphone they call the HTC One. This looks like a nice handset but I am anxious to see if they’ll take the form factor and create a Windows phone.  With a Quad core and 64GB of memory, I should be able to run some hyper-v virtual machines, right? Grin.

See http://www.htc.com/www/smartphones/htc-one/ for all of the information and specs on the phone.

I am a fan of great notebook screens.  I have some of the best on the market.  Needless to say, the Google Pixel launch caught my eye.  Here’s a pic of the pix with links to the relevant information.  Looks a lot like the Retina Mac.

Anyone buy one yet? It’s only $1449 for the 64GB model. See http://www.google.com/intl/en/chrome/devices/chromebook-pixel/. That is probably the most expensive screen on the market.  I’ll pass.

I am really looking forward to this year’s Microsoft Management Summit (MMS) at the Mandalay Bay Resort and Casino in Las Vegas, April 8-12, 2013.

MMS is a very exciting time of year. It’s an opportunity for Microsoft to share some its deepest technical trainings with our customers, and it’s where IT professionals come to stay on top of their game – and I am honored to deliver the event keynote on Monday, April 8.

MMS is tailored specifically to IT professionals, and this year’s session content is laser focused on the critical topics that are important to you.  In addition to MMS’s technical training, you'll have the opportunity to tap into the expertise of your peers and community, and accelerate your career.  MMS 2013 will also offer Microsoft Certifications for a 50% discount along with sessions, labs, and networking events.

Since last year’s MMS, we have delivered Windows Server 2012, System Center 2012, and two major updates to Windows Intune. Together they deliver an unprecedented range of capabilities that can support your company’s cloud-based IT, as well as the challenges of the consumerization of IT. These topics will be an important part of MMS, and my team and I are working hard to make this conference an amazing experience for you. 

I hope you have the opportunity to attend and see everything these new technologies represent – and, of course, have some fun doing it! 

The event is sure to sell out early so make sure to register now to join me at MMS 2013. Early Bird Registration ends on January 31, 2013.

Thanks,

Brad Anderson
Corporate Vice President
Server and Tools Division 

Highly available Windows Server 2012 systems using shared, directly-attached storage can be built using either Storage Spaces or a validated clustered RAID controller.

Option 1 – Storage Spaces

You can build a highly available shared SAS system today using Storage Spaces.

Storage Spaces works well in a standalone PC, but it is also capable of working in a Windows Server Failover Clustering environment. 

For implementing Clustered Storage Spaces, you will need the following Windows Server 2012 certified hardware:

• Any SAS Host Bus Adapter or HBA (as long as it’s SAS and not a RAID controller, you should be fine)
• SAS JBODs or disk enclosures (listed under the “Storage Spaces” category on the Server catalog)
• SAS disks (there’s a wide variety of those, including capacity HDDs, performance HDDs and SSDs)

You can find instructions on how to configure a Clustered Storage Space in Windows Server 2012 at http://blogs.msdn.com/b/clustering/archive/2012/06/02/10314262.aspx.

A good overview of Storage Spaces and its capabilities can be found at http://social.technet.microsoft.com/wiki/contents/articles/15198.storage-spaces-overview.aspx

There's also an excellent presentation from TechEd that covers Storage Spaces at http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV315

 

Option 2 – Clustered RAID Controllers

The second option is to build a highly available shared storage system using RAID Controllers that are designed to work in a Windows Server Failover Cluster configuration.

The main distinction between these RAID controllers and the ones we used before is that they work in sets (typically a pair) and coordinate their actions against the shared disks.

Here are some examples:

• The HP StoreEasy 5000 cluster-in-a-box uses Clustered RAID controllers that HP sources and certifies. You can find details at the HP StoreEasy product page.
• LSI is working on a Clustered RAID controller with Windows Server 2012 support. This new line of SAS RAID Controllers is scheduled for later this year. You can get details on availability dates from LSI.

Both options work great for all kinds of Windows Server 2012 Clusters, including Hyper-V Clusters, SQL Server Clusters, Classic File Server Clusters and Scale-Out File Servers.

You can learn more about these solutions in this TechEd presentation: http://channel9.msdn.com/Events/TechEd/Europe/2012/WSV310

This is a temporary post that was not deleted. Please delete this manually. (dabb8bae-f850-4079-a789-dd80ab450e0c - 3bfe001a-32de-4114-a6b4-4005b770f6d7)

A Few Details About Our Service and Environment

I’m a member of the Monitoring and Management (M&M) team inside the Cloud and Datacenter Management Product Group. Our team runs a System Center-based monitoring and issue escalation service that is depended on by several hundred engineers across more than eight different business groups and three divisions supporting some of Microsoft’s largest externally facing web properties such as Microsoft.com, Windows Update, and MSDN/TechNet. They rely on our expertise in running and supporting Operations Manager for their infrastructure, application performance and alerting as well as Service Manager for their issue escalation and service request tracking. We provide them with the platform and the guidance in monitoring while they focus on their own application lifecycles.

Traditionally, our Operations Manager service has relied on a large shared management group monitoring more than 7,000 agents and many Azure services. The migration to System Center Operations Manager 2012 last spring improved the performance of our management group and we have handled an increase in agent load from 4000 agents to 7000 agents in a little over a year without increasing the number of virtual machine management servers and gateways and leveraging the same large physical servers for our Operations database and data warehouse.

As the engineering team responsible for the availability and performance of this instance, we have restricted console access to Operations Manager to only our team and have processes in place to ensure new management packs (MP) or updates to MPs are vetted before importing into production. While these steps have maintained a near 100% availability of our management group since moving to SC 2012, it has greatly limited our ability to expose some of the great new features in SC 2012 for application owners and engineers to monitor and quickly identify issues with their own apps.

Two of the new features introduced in SC 2012 but enhanced with SP1 are the Global Service Monitor (GSM) service used for monitoring web applications from outside your corporate network and Application Performance Monitoring (APM) which performs real time profiling of your .NET applications to capture detailed exception and performance requests. Both of these features are in demand by our own customers.

Optimizing our service for GSM and APM

As we migrated to SC 2012, it was apparent that the design of our service and infrastructure required a change in order to support GSM and APM for our customers. Some of the constraints which led us to this decision were:

Due to the above constraints and factors and in order to offer these features to our customers, we decided to change the architecture of our service to provision dedicated management groups for each business group. I’ll share the details of the changes to our architecture and how we are optimizing management and administration of multiple management groups in a future blog post. For this post, I’ll just concentrate on GSM and APM.

Web Monitoring using GSM

Web monitoring is used by our customer application owners to measure the availability and basic performance of their application and to pinpoint specific failures leading to quick mitigation or resolution.

Application owners typically construct three different types of web monitor tests each with specific purposes for both alerting and availability reporting.

Our M&M service has historically provided our customers with web monitoring solutions through both 3^rd party services as well our own home grown custom web app monitoring at significant cost to our customers. The cost to host and support our own home grown web monitoring solution exceeds $21,000/month excluding break/fix development. Additionally for customers taking advantage of 3^rd party web monitoring solutions costs per URL test can reach $600/month depending on the service and options.

When reviewing the details of GSM for consideration of our service the following were seen by our team and customers as key benefits:

Creating a Web Availability Monitor Test is documented well in the following TechNet article so I won’t rehash that content.

http://technet.microsoft.com/en-us/library/hh881883

The process for creating a Web Availability Monitor that leverages GSM watcher nodes is almost identical with one exception. The wizard step that previously only allowed selecting internal nodes after installing the GSM MP now displays two sections, one for External nodes, and one for Internal Nodes.

Once the test is created and monitored by GSM the application owner can view the status of the test and availability of the application using dashboards and reports.

Detailed Dashboard

One of the two built in dashboards for visualizing the results of Web Availability Monitors is the Detailed Dashboard. This dashboard consists of several sections. The Location Health section displays the health of the monitor by test location. This section allows users to choose one or more locations to view data from. Once you’ve selected the locations you can then select the specific tests you wish to view data about in the Test Status section. The graphs below these two sections display performance data captured from each unique test location over a 24 hour period. Using the below data our customer engineers are able to quickly identify potential performance issues and any content differences based on the location of the end user and take action to resolve these issues. For instance the two spikes in Total Transaction Time, Time To First Byte, and Time to Last Byte below from the New Jersey based watcher node may be something the engineering team would investigate to understand whether there were network factors involved in that part of the world, or whether there was an issue with the web servers servicing that area during the times below.

Summary Dashboard

The Summary Dashboard provides users a view of the health of their application from all the watcher nodes monitoring their app. Users can select one or more of the watcher node locations on the map to display a more detailed health status including the transaction response time of the most recent test from a location. Using the view below, an application owner can quickly understand the overall health of their application from multiple locations and understand whether there may be any localized or widespread failures.

Using APM to monitor Microsoft.com

In addition to Web Availability monitoring one of the most sought after Operations Manager features in our service is APM. APM provides application owners with a mechanism to profile their applications in real time for performance and exception events which can trigger alerts but can also be viewed through two new web portals, the App Diagnostics portal and the App Advisor portal.

The following blog describes the process of configuring APM.

http://blogs.technet.com/b/server-cloud/archive/2011/11/11/application-performance-monitoring-with-operations-manager-2012.aspx

Setting up an APM monitor is as easy as it describes, however keep the following in mind:

· If your application exists on multiple web servers and you only want to enable the APM monitor against a subset, you will need to target the monitor to a group

· The first time you configure an APM monitor for a particular web server you will need to restart IIS after the configuration is loaded on the agent in order for APM to activate

· For any subsequent web applications configured for that same server you will need to cycle the IIS App Pool before APM data is collected

· If your web application contains an empty root folder you will need to setup overrides to enable detection of the application

APM functionality is in such demand that some of our customers such as Microsoft.com have started to leverage APM from a non-production Operations Manager instance provided by our team. One of the main reasons they have implemented APM and find value in it even before having a production ready Operations Manager instance is that it provides a non-intrusive mechanism for debugging application issues. In the past, debugging an application issue required taking a web server out of rotation, hooking up a debugger, and then attempting to repro the issue debugging once the issue is reproduced. Now with APM what used to take hours and sometimes days to capture can be done quickly and easily and without taking a webserver out of rotation.

One example that illustrates this value was a new version of a web application deployed by Microsoft.com. Shortly after the deployment the availability of the site started to drop as measured by GSM.

The engineering team initially attempted to debug the issue without access to APM data. After spending several days investigating the Microsoft.com engineering team configured APM monitoring for this application. Now with APM data they were able to view all exceptions captured using the App Diagnostics portal and identify the failure corresponding to the GSM reported outages. The screenshot from the App Diagnostics portal indicates the failure is a 404 event which would typically be simple problem to diagnose and resolve. However, this issue was not simple as it involved how the rendering framework was caching the master page and calculating the path when it did not find it in cache which was not identified until the use of APM data. With the data provided by APM, call stack, path, etc.., the engineers were able to provide the development team with enough information to construct a repro of the issue and develop a fix.

Once the engineering team deployed the updated code it was easy for the team to measure the improvement by using GSM availability reports. You can see from the screen shot below that there is a noticeable improvement as the fix was deployed across the web servers.

Based on the experience from our customers like Microsoft.com we see tremendous benefits and capabilities by adding APM to our standard monitoring tools. Some of these key benefits include:

· The ability to quickly configure monitors using the Operations Manager IIS application inventory

· The ability to profile applications for exceptions or performance events without modifying code

· Near zero touch non-intrusive debugging

· Statistical views and easy analysis of top failures and worst performers.

Next Steps

As we look towards our future production implementations of dedicated Operations Manager instances, we are very excited about the core use of GSM and APM by our customers. By providing our customers with direct console access, they will be able to leverage these features and many more. Additional areas we will look to add for our customers include Visual Studio Web Tests and Visual Studio Dev Ops lifecycle integration to help closely tie the engineering teams and development teams.

Last week I posted about how you can now use Windows Server Backup in Windows Server 2012 to backup virtual machines.  One of the first questions that people had was “how do I do this from the command-line?”  So – let me show you!

The tool you will want to use is “wbadmin.exe”

Backing up a virtual machine is fairly straight forward.  Your command will look like this:

wbadmin start backup –backupTarget:–hyperv:

Which will result in something like this:

Some things to be aware of:

• Wbadmin will always warn you that the virtual machine will be put into a saved state for backup.  This is wrong.  The virtual machine will only be put into a saved state if it is not running the latest virtual machine additions (or is not a Windows virtual machine).
• You will be prompted before the backup starts.  You can get around this by adding –force to the end of the command.
• You can use either the virtual machine name or the virtual machine ID when selecting virtual machines.
• You can list multiple virtual machines to backup.
• If you are backing up to a SMB share – new backups will automatically overwrite old backups (i.e. there will only be one backup kept on the share).  This will not happen if you are backing up to a local disk.

Once you have created the backup – you then need to know how to restore it.  This is, unfortunately, more complicated.  The first thing you will need to do is to find the version of the backup and the name of the virtual machine you want to restor.  You can find the version of the backup by running:

wbadmin get versions –backupTarget:

If the backup was taken a while ago – you may have forgotten the name(s) of the virtual machines that you backed up.  You can find this by running:

wbadmin get items –version:–backuptarget:

Once you have this information you can restore the backed up virtual machine by running:

wbadmin start recover –version:–itemType:hyperv –items:–backuptarget:

Cheers,
Ben

Internet Explorer 10 is available worldwide in 95 languages for download today. We will begin auto updating Windows 7 customers to IE10 in the weeks ahead, starting today with customers running the IE10 Release Preview. With this final release, IE10 brings the same leading standards support, with improved performance, security, privacy, reliability that consumers enjoy on Windows 8, to Windows 7 customers. MORE

We’ve talked about it before and we’ll talk about it again, are strong believers in the customer benefits of standards.  In Windows Server 2012 we invested heavily in standards based management to deliver great customer value and will continue with these investments going forward. In today’s blog Wassim Fayed, a Principal PM in our Standards Based Management team talks about a significant advance in the industry’s embrace of this approach.  It’s great to see this area grow and gather momentum.  If you don’t have standards based management in focus, you should invest a bit to understand what is going on in your industry.  This blog is a great start.

Cheers! Jeffrey

Evolution of standards-based management in Windows

In a world where management has shifted from managing one server to managing many complex, heterogeneous servers and clouds, standards-based management—long supported by Microsoft—has become essential. We were one of the founding members of the Distributed Management Task Force (DMTF), and shipped the first, and richest, Common Information Model Object Manager (CIMOM) we know as Windows Management Instrumentation (WMI). In 2005, Microsoft, along with 12 other companies, submitted WS-Management for DMTF standardization. Since then, the specification has been improved, stabilized and implemented widely by the industry. Today, the specification reached its highest level of maturity as it became an ISO (International Organization for Standardization)/IEC (International Electrotechnical Commission) international standard. Windows Remote Management (WinRM), Microsoft’s implementation of WS-Management, has been included with Windows since Windows XP. Today, all versions of Windows, both client and server from XP forward, support WS-Management through WinRM. System Center uses WS-Management to remotely manage systems. This includes both Windows and Linux (System Center Cross Platform). Windows PowerShell uses WS-Management for remote shell access.

In Windows Server 2012, standards-based management was necessary to help make Windows Server 2012 the best Cloud OS. WS-Management provided remoting access for managing Windows resources by using CIM + WS-Management. While WMI has served our customers and partners well, the true promise of standards-based management was only realized through completing and making our WS-Management implementation, WinRM, the default remote management protocol for Windows. In Windows today, Windows PowerShell remoting is built on WS-Management. Additionally, WMI’s default protocol is no longer DCOM, but WinRM.

WS-Management as a management protocol

WS-MAN was developed to enable remote management of systems over a firewall friendly protocol such as HTTP while utilizing existing tools and investments in SOAP.  With the 1.0 and 1.1 releases, WS-MAN has been used as the preferred protocol for desktop and mobile system management as part of the DASH initiative and a recommended protocol for server systems management as part of the SMASH initiative.  Hardware from different vendors in the market today have support for DASH and SMASH and can be managed by Windows and System Center products. 

The Web Services for Management (WS-Management) Specification describes a simple object access protocol (SOAP) for managing systems such as PCs, servers, devices, and other remotely manageable entities. The WS-Management protocol identifies a core set of web service specifications and usage requirements that expose a common set of operations central to all systems management. This includes the ability to do the following:

• Get, put (update), create, and delete individual resource instances, such as settings and dynamic values
• Enumerate the contents of containers and collections, such as large tables and logs
• Subscribe to events emitted by managed resources
• Execute specific management methods with strongly typed input and output parameters

WS-Management now an ISO/IEC standard

The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations. This body ensures that products and technologies that reach the ISO standardization are of the highest quality, meeting international demands and requirements. ISO standards gain governmental and broader industry support and adoption.

The International Electrotechnical Commission (IEC) is a non-profit, non-governmental international standards organization that prepares and publishes International Standards for all electrical, electronic and related technologies – collectively known as "electrotechnology".

We are pleased to report that on January 30, 2013, Web Services for Management (WS-Management or WS-Man) was adopted as an international ISO/IEC standard. With WS-MAN now an international standard, expect to see a wider range of products that will be manageable using WS-MAN.  Imagine being able to manage all types of devices in your datacenter using a consistent set of tools, practices, and skills.  This helps to simplify the datacenter and lower cost of both adoption and on-going management of systems as well as make related skillsets more valuable in the marketplace.

As an ISO/IEC standard, WS-Management, is uniquely positioned to play a key role in streamlining the IT world as more devices and solutions adopt it as the standard protocol for management.  The approval of WS-Management as an ISO/IEC standard is further evidence of the global interest in standards-based management of systems, applications, and devices.

Microsoft makes it easier for the rest of the industry to adopt standards based management

While Windows Server 2012 is the best Cloud OS, supporting the latest ISO/IEC standards such as WS-Management, Windows Server 2012 must interoperate with many devices and technologies in a predictable and standard fashion. To address this issue, and to help the industry adopt and embrace standards-based management, Microsoft has designed and implemented OMI (Open Management Infrastructure) as a small and scalable CIMOM which implements CIM and WS-Management. We contributed OMI as an open source project to Open Group in August 2010.

The public availability of OMI means that you can now easily compile and implement a standards-based management service into any device or platform from a free open-source package, by using the WS-Management ISO/IEC standard protocol and CIM. Our goals are (1) to remove obstacles that stand in the way of implementing standards-based management, so that every device in the world can be managed in a clear, consistent, coherent way; and (2), to nurture a rich ecosystem of standards-based management products.

Further Reading

The following is an architectural overview of the WS-Management stack:

The DMTF version of WS-Management 1.1 can be found here.

The WS-Management 1.1 ISO/IEC specification can be found here.

The main WS-Management spec is composed of the following specifications available on the DMTF web site:

• WS-CIM Schema Translation spec: WS-CIM mapping spec
• WS-Man WSDL Binding for CIM: WS-Management CIM Binding Specification
• WS-Management Management Resource Access: Web Services for Management (WS-Management) Specification

Hyper-V now allows you to configure a startup, minimum and maximum memory limit.  If you are like me – you probably leave the startup ram at the default of 512mb – but you should really consider changing it to better suit your environment.  Here is a quick screenshot from one of my Hyper-V servers:

Two things that I have discovered:

1. Some of my virtual machines benefit from having a startup and minimum that is below 512mb.  My FTP server, for instance, is a core installation of Windows server which just acts as an FTP server (and nothing else).  It happily boots and runs with a startup and minimum amount of 256mb ram.
2. Other virtual machines benefit from having higher startup ram amounts.  I have never seen my TMG server under 2GB of ram – and have set the startup ram for this virtual machine to 2GB.

Why would I increase the startup ram for the TMG server?  Well – we do not start adding & removing memory dynamically until fairly late in the boot process for Windows (basically we wait until the system is mostly up and running before we start doing anything fancy with memory).  TMG loads a *lot* of processes before we start reacting with dynamic memory.

The result is that while this virtual machine will always run well at the end of the day (no matter what the startup ram value is) the amount of memory assigned for startup ram can have a profound impact on boot times.  When my TMG server has a startup ram value of 512mb it consistently takes ~10 to 15 minutes from cold boot to fully functional.  If I bump the startup ram to 2GB it boots and is functional in under 2 minutes.

The net result for me is that my system is fully functional a lot quicker after any servicing, and I have not had to give up any resource to enable this.

Cheers,
Ben

Hi, all,

 We took a week off for MVP Summit but we're now back with this week's installment of blogs from our Windows Server/System Center MVPs. Several MVPs posted technical how-to articles for high availability for various workloads, as well as book recommendations (Spanish and English) and pointers to new KB articles, hotfixes, and rollups. Some MVPs also blogged about new third-party tools they're experimenting with. And, of course, it's a good week to hear about MVP adventures at the MVP Summit.

Cluster

Robert Smit

• How to Configuring and Installing High Availability of #DHCP using Windows Server 2012 #ws2012
• How to: Create a New SQL 2012 Server Failover Cluster (Setup) multiple instances on windows server 2012 #ws2012
• Windows 2012 Clustering : Network Load Balancing (NLB) ,How To , Step by Step
• Clustering ISCSI Target On Windows 2012 Step By Step
• How to: Create a New #SQL 2012 SP1 Server Failover Cluster (Setup) multiple instances on windows 2012 Quick Guide 
• Attendee party at #MVP13 It was great thanks @MVPAward#MVPBUZZ @JamesvandenBerg &@Clustermvp #SCCDM & #Cluster+1 

Directory Services

Jorge de Almeida Pinto

• (2013-02-15) Update Rollup 3 For ADFS v2.0 Has Been Released
• (2013-02-19) A Hotfix Rollup Package (Build 4.1.3419.0) Is Available For Forefront Identity Manager 2010 R2 

Leonardo Ponti

• {Artículo en Revista} “Reset Password DSRM con NTDSUTIL” 
• 11 Libros Recomendados de Ediciones ENI 
• Moviendo Roles FSMO PDC/RID Master & Infrastructure
• Moviendo Roles FSMO Shema Master & Domain Naming Master.
• 4 Libros Recomendados de Ediciones ENI
• Descargando e instalando un excelente producto: “LepideAuditor for Active Directory”
•  Habilitando licencia en herramienta “LepideAuditor for Active Directory” 

Roberto di Lello

• Entrevista Audiencias Tecnicas Latam
• Exchange Server 2010 SP 3 Disponible
• Windows Server 2012, Active Directory deploy remoto de Domain Controllers & Microsoft PowerShell History {ScreenCast} 

Group Policy

Matthias Wolf

• Lokale Benutzer und Gruppen - Änderungen an Built-in Benutzerkonten

Hyper-V

Aidan Finn

• My Microsoft Store Experience & The Surface Pro
• Thanks Once Again To Those Who Support My Blog 

Hans Vredevoort

• Video Interview with Ben Armstrong
• My Hyper-V Wishlist of 2011 

Thomas Maurer

• Swiss Microsoft Surface Event
• Using System Center 2012 SP1 – Virtual Machine Manager Logical Switch with Hyper-V
• The State of Cloud Storage in 2013
• Microsoft Surface Pro meets Hyper-V
• My new Surface Pro
• Videointerview with Ben Armstrong at the MVP Global Summit 2013  
• Back from the Microsoft MVP Global Summit 2013 

Remote Desktop Services

Freek Berson

• KB2798286: RemoteApp disconnects from a client  running Windows 7 or Windows Server 2008 R2
• KB 2799035: Certificate Propagation service crashes when you disconnect an RDS client from a Win7 or Win2008 R2-based RDS server
• KB: Graphics update freezes on a Windows Server 2012-based RD Session Host server that is under a heavy load
• MVP Summit 2013 will kick off tomorrow!
• Taking a closer look at RD Connection Broker High Availability in Windows Server 2012
• Remote Desktop Manager by Devolutions
• KB: A user cannot be assigned to a renamed virtual machine in a personal VDI collection in Windows Server 2012 (2815795) 
• Remote Desktop cannot Connect to the VDI-based remote computer after enabling Microsoft RemoteFX 3D Video Adapter 

Small Business Server

Amy Babinchak

• Troubleshooting Autodiscover, OOF and EWS using Powershell
• Enterprise Solutions for SMB Project Contributions by the SMBKitchen Crew in February 

System Center Cloud and Datacenter Management

Flemming Riss

• Data Protection Manager vs Exchange 2010 DAG Failure
• Update for Windows Server 2012 , CSV Offline
• Data Protection Manager vs Hyper-V Replica (part 1)
• System Center 2012 SP1 Configuration Analyzer 

James van den Berg

• A Great time at the Microsoft Global MVP Summit 2013 #MVPBUZZ #MVP13 
• #Microsoft TechDays 2013 Netherlands on March 7 & 8 #Techdays13 #sysctr #Hyperv #Cloud
   

Marnix Wolf

• How To Remove An Old SCOM Connector
• New MP: Microsoft Message Queuing Services (MSMQ) Version 6.0
• Managing Windows Server 2012? Fix The Handle Leak In WMI!
• Cross Post: Install SCOM 2012 SP1 Agent on RHEL 6
• Upcoming: Whitepaper About SP1 For System Center 2012 & SCOM 2012
• High Level Steps Migrating From SCOM 2007 R2 To OM12 SP1 When Running Windows Server 2003 & SQL Server 2005
• OM12 & WS 2012: Making The OM12 Management Console High Available
• OM12 SP1 Operations Manager Shell Fails With Error: “Import-Module : The specified module 'OperationsManager' was not loaded”
• OM12 SP1 Operations Manager Shell: Renamed CMDLETS
• System Center 2012 SP1 Server-side Components Trouble Shooting Tool
• System Center 2012 Operations Manager UNLEASHED book is AVAILABLE!!!
• A Gift From Veeam: Free Full Pass To TechEd 2013 

Silvio de Benedetto

• Exchange Server 2010 Service Pack 3
• Hyper-IT Camp: Appuntamento al 14 Marzo con la Virtualizzazione 

Steve Buchanan

• Service Manager Service Offerings Webinar
• MCSE: Private Cloud Certification  

System Center Configuration Manager

Johan Arwidmark

• Using a virtual router for your lab and test environment 

Kent Agerlund @agerlund

• Automatic Client Upgrade greyed out

• Ready for the Global MVP Summit
• Setup Commander 0.9.9 released with Application Setup Center
• How to manage which device with Configuration Manager 2012 SP1? 

Other

Edward Horley

• I am presenting on IPv6 at TechMentor in Orlando, March 4-8, 2013

REDMOND, Wash. — Feb. 27, 2013 — Microsoft Corp. today announced worldwide availability of a major new update to its Microsoft Office 365 services for business. Microsoft’s most complete Office cloud service to date has new features and offerings tailored to the needs and budgets of small, medium-size and large organizations. In addition to updated Microsoft Lync Online, Microsoft Exchange Online and Microsoft SharePoint Online services, business users can now get the rich Office applications they are familiar with, on up to five devices, delivered as an always up-to-date cloud service. Office 365 features enhanced enterprise social capabilities with SharePoint and Yammer today, and Lync-Skype connectivity for presence, instant messaging (IM), and voice by June. The new Office 365 service is available today in 69 markets and 17 languages and will be available in an additional 20 markets and 16 languages in the second quarter of this year.

See the rest of the press release at http://www.microsoft.com/en-us/news/Press/2013/Feb13/02-27OfficeCommercialGAPR.aspx.

Introduction

Increasing availability is a key concern with computer systems. With all the consolidation and virtualization efforts under way, you need to make sure your services are always up and running, even when some components fail. However, it’s usually hard to understand the details of what it takes to make systems highly available (or continuously available). And there are so many options…

In this blog post, I will describe four principles that cover the different requirements for Availability: Redundancy, Entanglement, Awareness and Persistence. They apply to different types of services and I’ll provide some examples related to the most common server roles, including DHCP, DNS, Active Directory, Hyper-V, IIS, Remote Desktop Services, SQL Server, Exchange Server, and obviously File Services (I am in the “File Server and Clustering” team, after all). Every service employs different strategies to implement these “REAP Principles” but they all must implement them in some fashion to increase availability.

Note: A certain familiarity with common Windows Server roles and services is assumed here. If you are not familiar with the meaning of DHCP, DNS or Active Directory, this post is not intended for you. If that’s the case, you might want to do some reading on those topics before moving forward here.

Redundancy – There is more than one of everything

Availability starts with redundancy. In order to provide the ability to survive failures, you must have multiple instance of everything that can possibly fail in that system. That means multiple servers, multiple networks, multiple power supplies, multiple storage devices. You should be seeing everything (at least) doubled in your configuration. Whatever is not redundant is commonly labeled a “Single Point of Failure”.

Redundancy is not cheap, though. By definition, it will increase the cost of your infrastructure. So it’s an investment that can only be justified when there is understanding of the risks and needs associated with service disruption balanced with the cost of higher availability. Sadly, that sometimes only comes after a catastrophic event (such as data loss or an extended outage).

Ideally, you would have a redundant instance that is as capable as your primary one. That would make your system work as well after the failure as it did before. It might be acceptable, though, to have a redundant component that is less capable. In that case, you’ll be in a degraded (although functional) state after a failure, while the original part is being replaced. Also keep in mind that, these days, redundancy in the cloud might be a viable option.

For this principle, there’s really not much variance per type of Windows Server role. You basically need to make sure that you have multiple servers providing the service, and make sure the other principles are applied.

Entanglement – Achieving shared state via spooky action at a distance

Having redundant equipment is required but certainly not sufficient to provide increased availability. Once any meaningful computer system is up and running, it is constantly gathering information and keeping track of it. If you have multiple instances running, they must be “entangled” somehow. That means that the current state of the system should be shared across the multiple instances so it can survive the loss of any individual component without losing that state. It will typically include some complex “spooky action at a distance”, as Einstein famously said of Quantum Mechanics.

A common way to do it is using a database (like SQL Server) to store your state. Every transaction performed by a set of web servers, for instance, could be stored in a common database and any web server can be quickly reprovisioned and connected to the database again. In a similar fashion, you can use Active Directory as a data store, as it’s done by services like DFS Namespaces and Exchange Server (for user mailbox information). Even a File Server could serve a similar purpose, providing a location to store files that can be changed at any time and accessed by a set of web servers. If you lose a web server, you can quickly reprovision it and point it to the shared file server.

If using SQL Server to store the shared state, you must also abide by the Redundancy principle by using multiple SQL Servers, which must be entangled as well. One common way to do it is using shared storage. You can wire these servers to a Fibre Channel SAN or an iSCSI SAN or even a File Server to store the data. Failover clustering in Windows Server (used by certain deployments of Hyper-V, File Servers and SQL Server, just to name a few) levarages shared storage as a common mechanism for entanglement.

Peeling the onion further, you will need multiple heads of those storage systems and they must also be entangled. Redundancy at the storage layer is commonly achieved by sharing physical disks and writing the data to multiple places. Most SANs have the option of using dual controllers that are connected to a set shared of disks. Every piece of data is stored synchronously to at least two disks (sometimes more). These SANs can tolerate the failure of individual controllers or disks, preserving their shared state without any disruption. In Windows Server 2012, Clustered Storage Spaces provides a simple solution for shared storage for a set of Windows Servers using only Shared SAS disks, without the need for a SAN.

There are other strategies for Entanglement that do not require shared storage, depending on how much and how frequently the state changes. If you have a web site with only static files, you could maintain shared state by simply provisioning multiple IIS servers with the same files. Whenever you lose one, simply replace it. For instance, Windows Azure and Virtual Machine Manager provide mechanisms to quickly add/remove instances of web servers in this fashion through the use of a service template.

If the shared state changes, which is often the case for most web sites, you could go up a notch by regularly copying updated files to the servers every day. You could have a central location with the current version of the shared state (a remote file server, for instance) plus a process to regularly send full updates to any of the nodes (either pushed from the central store or pulled by the servers). This is not very efficient for large amounts of data updated frequently, but could be enough if the total amount of data is small or it changes very infrequently. Examples of this strategy include SQL Server Snapshot Replication, DNS full zone transfers or a simple script using ROBOCOPY to copy files on a daily schedule.

In most cases, however, it’s best to employ a mechanism that can cope with more frequently changing state. Going up the scale you could have a system that sends data to its peers every hour or every few minutes, being careful to send only the data that has changed instead of the full set. That is the case for DNS incremental zone transfers, Active Directory Replication, many types of SQL Server Replication, SQL Server Log Shipping, Asynchronous SQL Server Mirroring (High-Performance Mode), SQL Server AlwaysOn Availability Groups (asynchronous-commit mode), DFS Replication and Hyper-V Replica. These models provide systems that are loosely converging, but do not achieve up-to-the-second coherent shared state. However, that is good enough for some scenarios.

At the high end of replication and right before actual shared storage, you have synchronous replication. This provides the ability to update the information on every entangled system before considering the shared state actually changed. This might slow down the overall performance of the system, especially when the connectivity between the peers suffers from latency. However, there’s something to be said of just having a set of nodes with local storage that achieve a coherent shared state using only software. Common examples here include a few types of SAN replication, Exchange Server (Database Availability Groups), Synchronous SQL Mirroring (High Safety Mode) and SQL Server AlwaysOn Availability Groups (synchronous-commit mode).

As you can see, the Entanglement principle can be addressed in a number of different ways depending on the service. Many services, like File Server and SQL Server, provide multiple mechanisms to deal with it, with varying degrees of cost, complexity, performance and coherence.

Awareness – Telling if Schrödinger's servers are alive or not

Your work is not done after you have a redundant entangled system. In order to provide clients with a seamless access to your service, you must implement some method to find one of the many sources for the service. The awareness principle refers to how your clients will discover the location of the access points for your service, ideally with a mechanism to do it quickly while avoiding any failed instances. There a few different ways to achieve it, including manual configuration, broadcast, DNS, load balancers, or a service-specific method.

One simple method is to statically configure each client with the name or IP Address of two or more instances of the service. This method is effective if the configuration of the service is not expected to change. If it ever does change, you would need to reconfigure each client. A common example here is how static DNS is configured: you simply specify the IP address of your preferred DNS server and also the IP address if an alternate DNS server in case the preferred one fails.

Another common mechanism is to broadcast a request for the service and wait for a response. This mechanism works only if there’s someone in your local network capable of providing an answer. There’s also a concern about the legitimacy of the response, since a rogue system on the network might be used to provide a malicious version of the service. Common examples here include DHCP service requests and Wireless Access Points discovery. It is fairly common to use one service to provide awareness for others. For instance, once you access your Wireless Access Point, you get DHCP service. Once you get DHCP service, you get your DNS configuration from it.

As you know, the most common use for a DNS server is to map a network name to an IP address (using an A or AAAA DNS record). That in itself implements a certain level of this awareness principle. DNS can also associate multiple IP addresses with a single name, effectively providing a mechanism to give you a list of servers that provide a specific service. That list is provided by the DNS server in a round robin fashion, so it even includes a certain level of load balancing as part of it. Clients looking for Web Servers and File Servers commonly use this mechanism alone for finding the many servers providing a service.

DNS also provides a different type of record specifically designed for providing service awareness. This is implemented as SRV (Service) records, which not only offer the name and IP address of a host providing a service, but can decorate it with information about priority, weight and port number where the service is provided. This is a simple but remarkably effective way to provide service awareness through DNS, which is effectively a mandatory infrastructure service these days. Active Directory, for instance, relies entirely on DNS Service records to allow clients to learn information about the location of Domain Controllers and services provided by them, including details about Active Directory site topology.

Windows Server failover clustering includes the ability to perform dynamic DNS registrations when creating clustered services. Each cluster role (formerly known as a cluster group) can include a Network Name resource which is registered with DNS when the service is started. Multiple IP addresses can be registered for a given cluster Network  Name if the server has multiple interfaces. In Windows Server 2012, a single cluster role can be active on multiple nodes (that’s the case of a Scale-Out File Server) and the new Distributed Network Name implements this as a DNS name with multiple IP addresses (at least one from each node).

DNS does have a few limitations. The main one is the fact that the clients will cache the name/IP information for some time, as specified in the TTL (time to live) for the record. If the service is reconfigure and new address or service records are published, DNS clients might take some time to become aware of the change. You can reduce the TTL, but that has a performance impact. There is no mechanism in DNS to have a server proactively tell a client that a published record has changed. Another issue with DNS is that it provides no method to tell if the service is actually being provided at the moment or even if the server ever functioned properly. It is up to the client to attempt communication and handle failures. Last but not least, DNS cannot help with intelligently balancing clients based on the current load of a server.

Load balancers are the next step in providing awareness. These are network devices that function as an intelligent router of traffic based on a set of rules. If you point your clients to the IP address of the load balancer, that device can intelligently forward the requests to a set for servers. As the name implies, load balancers typically distribute the clients across the servers and can even detect if a certain server is unresponsive, dynamically taking it out of the list. Another concern here is affinity, which is an optimization that consistently forwards a given client to the same server. Since these devices can become a single point of failure, the redundancy principle must be applied here. The most common solution is to have two load balancers in combination with two records in DNS.

SQL Server again uses multiple mechanisms for implementing this principle. DNS name resolution is common, both statically or dynamically using failover clustering Network Name resources. That name is part of the client configuration known as a “Connection String”. Typically, this string will provide the name of a single server providing the SQL Service, along with the database name and your credentials. For instance: "Server=SQLSERV1A; Database=DB301; Integrated Security=True;". For SQL Mirroring, there is a mechanism to provide a second server name in the connection string itself. Here’s an example: "Server=SQLSERV1A; Failover_Partner=SQLSRV1B; Database=DB301; Integrated Security=True;".

Other services provide a specific layers of Awareness, implementing a broker service or client access layer. This is the case of DFS (Distributed File System), which simplifies access to multiple file servers using a unified namespace mechanism. In a similar way, SharePoint web front end servers will abstract the fact that multiple content databases live behind a specific site collection. Exchange Server Client Access Servers will query Active Directory to find which Mailbox Server or Database Access Group contains the mailbox for an incoming client. Remote Desktop Connection Broker (formerly known as Terminal Services Session Broker), is used to provide users with access to Remote Desktop services across a set of servers. All these brokers services can typically handle a fair amount of load balancing and be aware of the state of the services behind it. Since these can become single point of failures, they are typically placed behind DNS round robin and/or load balancers.

Persistence – The one that is the most adaptable to change will survive

Now that you have redundant entangled services and clients are aware of them, here comes the greatest challenge in availability. Persisting the service in the event of a failure. There are three basic steps to make it happen: server failure detection, failing over to a surviving server (if required) and client reconnection (if required).

Detecting the failure is the first step. It requires a mechanism for aliveness checks, which can be performed by the servers themselves, by a witness service, by the clients accessing the services or a combination of these. Failover clustering makes cluster nodes check each other (through network checks), in an effort to determine when a node becomes unresponsive.

Once a failure is detected, for services that work in an active/passive fashion (only one server provides the service and the other remains on standby), a failover is required. This can only be safely achieved automatically if the entanglement is done via Shared Storage or Synchronous Replication, which means that the data from the server that is lost is properly persisted. If using other entanglement methods (like backups or asynchronous replication), an IT Administrator typically has to manually intervene to make sure the proper state is restored before failing over the service. For all active/active solutions, with multiple servers providing the same service all the time, a failover is not required.

Finally, the client might need to reconnect to the service. If the server being used by the client has failed, many services will lose their connections and require intervention. In an ideal scenario, the client will automatically detect (or be notified of) the server failure, will be aware of other instances of the service and will automatically connect to a surviving instance, restoring the exact same client state before the failure. This is how Windows Server 2012 implements failover of File Servers though a process called SMB 3.0 Continuous Availability, available for both Classic and Scale-Out File Server Clusters. The File Server Cluster goes one step further, providing a Witness Service that will notify SMB 3.0 clients of a server failure and point them to an alternate server.

File servers might also leverage a combination of DFS Namespaces and DFS Replication that will automatically recover from the situation, with some potential side effects. While the File client will find an alternative file server via DFS-N, the connection state will be lost and need to be reestablished. Another persistence mechanism in the file server is the Offline Files option in the Folder Redirection feature. This allows you to keep working on local storage while your file server is unavailable, synchronizing again when the server comes back.

For other services, like SQL Server, the client will surface an error to the application indicating that a failover has occurred and the connection has been lost. If the application is properly coded to handle that situation, the end user will be shielded from error message because the application will simply reconnect to the SQL Server using either the same name (in the case of another server taking over the name) or a Failover Partner name (in case of SQL Server Mirroring) or another instance of SQL Server (in case of more complex log shipping or replication scenarios).

Clients of Web Servers and other load balanced workloads without any persistent state might be able to simply retry an operation in case of a failure. This might happen automatically or require the end-user to retry the operation manually.

Another interesting example of client persistence is provided by Outlook connecting to Exchange Server. As we mentioned, Exchange Servers implement a sophisticated method of synchronous replication of mailbox databases between servers, plus a Client Access layer that brokers connection to the right set of mailbox servers. On top of that, the Outlook client will simply continue to work in a cached mode (using only local storage) if for any reason the server becomes unavailable. Whenever the server comes back online, the client will transparent reconnect and synchronize. The entire process is automated, without any action required during or after the failure from either end users and IT Administrators.

Samples of how services implement the REAP principles

Now that you have the principles down, let’s look at how the main services we mentioned implement them.

Conclusion

I hope this post helped you understand the principles behind increasing server availability.

As a final note, please take into consideration that not all services require the highest possible level of availability. This might be an easier decision for certain services like DHCP, DNS and Active Directory, where the additional cost is relatively small and the benefits are sizable. You might want to think twice when increasing the availability of a large backup server, where some hours of down time might be acceptable and the cost of duplicating the infrastructure is significantly higher.

Depending on how much availability you service level agreement states, you might need different types of solutions. We generally measure availability in “nines”, as described in the table below:

You should consider your overall requirements and the related infrastructure investments that would give you the most “nines” per dollar.

The Halo franchise is an award-winning collection of properties that has grown into a global entertainment phenomenon. To date, more than 50 million copies of Halo video games have been sold worldwide. As developers prepared to launch Halo 4, they were tasked with analyzing data to gain insights into player preferences and support an online tournament. To handle those requests, the team used a powerful Microsoft technology called Windows Azure HDInsight Service, based on the Apache Hadoop big data framework. Using HDInsight Service to process and analyze raw data from Windows Azure, the team was able to feed game statistics to the tournament’s operator, which used the data to rank players based on game play. The team also used HDInsight Service to update Halo 4 every week and support a daily email campaign designed to increase player retention. Organizations can also take advantage of data to quickly make business decisions.

See the full case study at http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=710000002102.  This one is pretty interesting. Grin.