Microsoft Virtual Academy

Microsoft Virtual Academy Part 1 | Windows Server 2012 Hyper-V &. VMware vSphere 5.1 Part 2 | System Center 2012 SP1 & VMware’s Private Cloud (01) Introduction & Scalability (05) Introduction & Overview of System Center 2012 (02) Storage & Resource Management(06) Application Management (03) Security, Multi-tenancy & Flexibility(07) Cross-Platform Management (04) High-Availability & Resiliency(08) Foundation, Hybrid Clouds & Costs ** MEAL BREAK **

Benefits Layer 2 virtual interface Managed programmatically Extensible by partners or customers New feature Handles network traffic among virtual machines, external network, and host operating system ISOLATION AND MULTITENANCY Virtual machine Network application Virtual network adapter Hyper–V host Hyper ‑ V Extensible Switch Physical network adapter Physical switch Virtual machine Network application Virtual network adapter Virtual machine Network application Virtual network adapter

6

7

Capability Hyper-V (2012) vSphere Hypervisor vSphere 5.1 Enterprise Plus Extensible vSwitchYesNoReplaceable 1 Confirmed Partner Extensions5No2 Private Virtual LAN (PVLAN)YesNoYes 1 ARP Spoofing ProtectionYesNovCNS/Partner 2 DHCP Snooping ProtectionYesNovCNS/Partner 2 Virtual Port ACLsYesNovCNS/Partner 2 Trunk Mode to Virtual MachinesYesNoYes 3 Port MonitoringYesPer Port GroupYes 3 Port MirroringYesPer Port GroupYes 3 1 The vSphere Distributed Switch (required for PVLAN capability) is available only in the Enterprise Plus edition of vSphere 5.1 and is replaceable (By Partners such as Cisco/IBM) rather than extensible. 2 ARP Spoofing, DHCP Snooping Protection & Virtual Port ACLs require the App component of VMware vCloud Network & Security (vCNS) product or a Partner solution, all of which are additional purchases 3 Trunking VLANs to individual vNICs, Port Monitoring and Mirroring at a granular level requires vSphere Distributed Switch, which is available in the Enterprise Plus edition of vSphere 5.1 vSphere Hypervisor / vSphere 5.x Ent+ Information: ibm.com/systems/networking/switches/virtual/dvs5000v/, and 03.ibm.com/systems/networking/switches/virtual/dvs5000v/

Network I/O path with SR-IOV Network I/O path without SR-IOV Physical NIC Root Partition Hyper-V Switch Routing VLAN Filtering Data Copy Routing VLAN Filtering Data Copy Virtual Machine Virtual NIC SR-IOV Physical NIC Virtual Function

Virtual Machine Network Stack Software NIC  Enable IOV (VM NIC Property)  Virtual Function is “Assigned”  Team automatically created  Traffic flows through VF Turn On IOV  Break Team  Reassign Virtual Function  Assuming resources are available  Migrate as normal Live MigrationPost Migration  Remove VF from VM VM has connectivity even if  Switch not in IOV mode  IOV physical NIC not present  Different NIC vendor  Different NIC firmware SR-IOV Physical NIC Physical NIC Software Switch (IOV Mode) “TEAM” Software NIC Virtual Function SR-IOV Physical NIC Software Switch (IOV Mode) “TEAM” Virtual Function  Software path is not used

Capability Hyper-V (2012) vSphere Hypervisor vSphere 5.1 Enterprise Plus Dynamic Virtual Machine QueueYesNetQueue 1 IPsec Task OffloadYesNo SR-IOV with Live MigrationYesNo 2 Storage EncryptionYesNo 1 VMware vSphere and the vSphere Hypervisor support VMq only (NetQueue) 2 VMware’s SR-IOV implementation does not support vMotion, HA or Fault Tolerance. DirectPath I/O, whilst not identical to SR-IOV, aims to provide virtual machines with more direct access to hardware devices, with network cards being a good example. Whilst on the surface, this will boost VM networking performance, and reduce the burden on host CPU cycles, in reality, there are a number of caveats in using DirectPath I/O: Very small Hardware Compatibility List No Memory Overcommit No vMotion (unless running certain configurations of Cisco UCS) No Fault Tolerance No Network I/O Control No VM Snapshots (unless running certain configurations of Cisco UCS) No Suspend/Resume (unless running certain configurations of Cisco UCS) No VMsafe/Endpoint Security support SR-IOV also requires the vSphere Distributed Switch, meaning customers have to upgrade to the highest vSphere edition to take advantage of this capability. No such restrictions are imposed when using SR-IOV in Hyper-V, ensuring customers can combine the highest levels of performance with the flexibility they need for an agile infrastructure. vSphere Hypervisor / vSphere 5.x Ent+ Information:

Improvements Faster and simultaneous migration Live migration outside a clusteredenvironment Store virtual machines on a File Share VM Target host Live migration setup SMB network storage IP connection Configuration data Memory pages transferred Memory content MEMORY Modified pages transferred Modified memory pages Storage handle moved VIRTUAL MACHINE MOBILITY Live migration based on server message block (SMB) share VM

Computer running Hyper ‑ V Target deviceSource device VIRTUAL MACHINE MOBILITY Benefits Manage storage in a cloud environmentwith greater flexibility and control Move storage with no downtime Update physical storage available to avirtual machine (such as SMB-basedstorage) Windows PowerShell cmdlets Live migration of storage Move virtual hard disks attached to a running virtual machine Reads and writes go to the source VHD Disk contents are copied to new destination VHD VHD Disk writes are mirrored; outstanding changes are replicated Reads and writes go to new destination VHD Virtual machine VHD

Destination Hyper ‑ V Virtual machine Target deviceSource device Virtual machine Source Hyper ‑ V IP connection Configuration data Memory content Modified memory pages VIRTUAL MACHINE MOBILITY Benefits Increase flexibility of virtual machineplacement Increase administrator efficiency Reduce downtime for migrations acrosscluster boundaries Shared-nothing live migration Reads and writes go to the source VHD Reads and writes go to the source VHD. Live Migration Begins Disk contents are copied to new destination VHD Disk writes are mirrored; outstanding changes are replicated Live Migration MEMORY VHD Live Migration ContinuesLive Migration Completes

VLAN tags ToR Aggregation Switches VMs ToR Topology limits VM placement and requires reconfiguration of production switches

Blue VMRed VM Virtualization Physical Server Blue NetworkRed Network Physical Network

Virtualization Policy System Center Customer Address Space (CA) Red 2 Blue Red 1 Blue Blue Blue Blue Corp Red Corp Red Red Datacenter Network Host 1 Host 2 Provider Address Space (PA) CAPA

Blue CorpRed Corp Blue Subnet1 Blue Subnet3Blue Subnet2 Blue Subnet5 Blue Subnet4 Red Subnet2 Red Subnet1 Blue R&D Net Blue Sales Net Red HR Net Hoster Datacenter Customer Network Virtual Subnet

Different subnets   GRE Key 5001 MAC  GRE Key 6001 MACMAC  

PA Y CA Y Datacenter Host 1 VM 2 VM Y Host 2 CA 2 PA 2 CA 1 AA 1 PA 1 VM 1 CA X AA X PA X VM X System Center Blue VM 1 : MAC 1, CA 1, PA 1 VM 2 : MAC 2, CA 2, PA 3 VM 3 : MAC 3, CA 3, PA 5 … Red VM 1 : MAC X, CA 1, PA 2 VM 2 : MAC Y, CA 2, PA 4 VM 3 : MAC Z, CA 3, PA 6 … Data Center Policy NIC ManagementManagement ClusterCluster StorageStorage Live Migration NIC Hyper-V Switch VSID ACL Isolation Switch Extensions VSID ACL Isolation Switch Extensions Host Network Stack PA 1 Network Virtualization VM 1 System Center Host Agent Windows Server 2012 CA 1 IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing

NIC Hyper-V Switch IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 where is ? ARP for NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5001 VSID 6001 Hyper-V Switch broadcasts ARP to: 1.All local VMs on VSID Network Virtualization filter OOB: VSID:5001 Network Virtualization filter responds to ARP for IP on VSID 5001 with Blue 2 MAC ARP for ARP is NOT broadcast to the network

NIC Hyper-V Switch IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5001 VSID 6001 ARP is NOT broadcast to the network OOB: VSID:5001 Use MAC B2 for Blue 1 learns MAC of Blue 2

NIC Hyper-V Switch IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 sent from Blue 1 MAC B1  MAC B  NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5001 VSID 6001 OOB: VSID:5001 in Hyper-V switch MAC B1  MAC B  in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC B  NVGRE on the wire MAC PA1  MAC PA  MAC B1  MAC B 

NIC Hyper-V Switch IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing VSID ACL Enforcement Blue 1 Red 1 Network Virtualization MAC PA1 VSID 5001 VSID 6001 received by Blue 2 MAC B1  MAC B  NIC IP Virtualization Policy Enforcement Routing IP Virtualization Policy Enforcement Routing Network Virtualization MAC PA2 Hyper-V Switch VSID ACL Enforcement Blue 2 Red VSID 5001 VSID 6001 OOB: VSID:5001 in Hyper-V switch MAC B1  MAC B  NVGRE on the wire in Network Virtualization filter OOB: VSID:5001 MAC B1  MAC B  MAC PA1  MAC PA  MAC B1  MAC B 

Capability Hyper-V (2012) vSphere Hypervisor vSphere 5.1 Enterprise Plus VM Live MigrationYesNo 1 Yes 2 1GB Simultaneous Live MigrationsUnlimited 3 N/A4 10GB Simultaneous Live MigrationsUnlimited 3 N/A8 Live Storage MigrationYesNo 4 Yes 5 Shared Nothing Live MigrationYesNoYes 5 Network VirtualizationYesNoVXLAN 6 1 Live Migration (vMotion) is unavailable in the vSphere Hypervisor – vSphere 5.1 required 2 Live Migration (vMotion) and Shared Nothing Live Migration (Enhanced vMotion) is available in Essentials Plus & higher editions of vSphere Within the technical capabilities of the networking hardware 4 Live Storage Migration (Storage vMotion) is unavailable in the vSphere Hypervisor 5 Live Storage Migration (Storage vMotion) is available in Standard, Enterprise & Enterprise Plus editions of vSphere VXLAN is a feature of the vCloud Networking & Security Product, which is available at additional cost to vSphere 5.1. In addition, it requires the vSphere Distributed Switch, only available in vSphere 5.1 Enterprise Plus. vSphere Hypervisor / vSphere 5.x Ent+ Information: network-security/features.html#vxlanhttp:// network-security/features.html#vxlan

©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 34