Microsoft Virtual Academy First Half Second Half 01

Microsoft Virtual Academy

First Half Second Half (01) Introduction to Microsoft Virtualization (05) Hyper-V Management (02) Hyper-V Infrastructure (06) Hyper-V High Availability and Live Migration (03) Hyper-V Networking (07) Integration with System Center 2012 Virtual Machine Manager (04) Hyper-V Storage (08) Integration with Other System Center 2012 Components ** MEAL BREAK ** Microsoft Virtual Academy

Microsoft Virtual Academy

Synthetic Adapters Windows Server 2003 SP 2 Windows Server 2008 R 2 Windows Server 2012 Linux (SLES 10, 11) RHEL 5. x/6. x Cent. OS 5. x/6. x Windows XP Windows Vista Windows 7 Windows 8 Open. SUSE Etc. Legacy (Emulated) Adapters

• How do I ensure network multi-tenancy? • IP Address Management is a pain. • What if VMs are competing for bandwidth? • Fully Leverage Network Fabric • How do I integrate with existing fabric? • Network Metering? • Can I dedicate a NIC to a workload?

Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center

Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center TEAMING

Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center 15 25 $$ $$$$

Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center

Woodgrove Bank Blue 10. 1. 0. 0/16 Cloud Data Center Contoso Bank Red 10. 1. 0. 0/16

Green 10. 1. 1. 31 Blue Red 1 10. 1. 1. 21 10. 1. 1. 11 Red 2 10. 1. 1. 12 Hyper-V Switch Isolated 4, 7 u Community 4, 9 Win 8 Host To Internet (10. 1. 1. 1)

Woodgrove VM Woodgrove network Contoso VM Physical network Physical server Hyper-V Machine Virtualization • • Run multiple virtual servers on a physical server Each VM has illusion it is running as a physical server Contoso network Hyper-V Network Virtualization • • Run multiple virtual networks on a physical network Each virtual network has illusion it is running as a physical fabric

Tenant 1: Multiple VM Workloads Tenant 2: Multiple VM Workloads Data Center

Hyper-V Extensible Switch PVLANS ARP/ND Poisoning Protection DHCP Guard Protection Virtual Port ACLs Trunk Mode to Virtual Machines Monitoring & Port Mirroring Windows Power. Shell & WMI Management The Hyper-V Extensible Switch allows a deeper integration with customers’ existing network infrastructure, monitoring, and security tools

VM 1 Root Partition VM 2 VM NIC Host NIC VM NIC BFE Service Firewall §§ Windows Forwarding Filter extensions Platformdirect (WFP) Extensions defining canthe inspect, Capture extensions cantraffic, inspect traffic and drop, destination(s) modify, new and of each insert packets using WFP APIs generate traffic for report purposes § Forwarding Windows Antivirus extensions andcan Firewall capture software and filter usestraffic WFP for traffic filtering Capture extensions do not modify existing Extension Protocol § Extensible Switch traffic § Examples: Capture Extensions (NDIS) § Callout Extensible Switch Filtering Engine Windows Filter Platform (WFP) Forwarding Extensions Forwarding (NDIS) Extension Miniport Physical NIC § Example: Virtual Firewall by 5 NINE Software – Cisco Nexus 1000 V and UCS sflow by in. Mon –Example: NEC Programmable. Flow's v. PFS Open. Flow

• Open, Extensible Virtual Switch • • Nexus 1000 Support Openflow Support Network Introspection Much more… • Advanced Networking • ACLs • PVLAN • …much more… • Windows NIC Teaming • Network Qo. S • Per VNIC bandwidth reservation & limits • Network Metering • DVMQ • SR-IOV Network Support • Reduce Latency & CPU Utilization • Supports Live Migration

• Reduces latency of network path • Reduces CPU utilization for processing network traffic • Increases throughput • Supports Live Migration Root Partition Virtual Machine Hyper-V Switch Routing VLAN Filtering Data Copy Virtual NIC VMBUS Virtual Function Physical. SR-IOV NIC Physical NIC Network. I/Opathwithout with SR-IOV

SR-IOV Enabling & Live Migration Turn On IOV § § Enable IOV (VM NIC Property) Virtual Function is “Assigned” Team automatically created Traffic flows through VF § Software path is not used Live Migration Post Migration § § Break Team Remove VF from VM Migrate as normal Reassign Virtual Function § Assuming resources are available Virtual Machine Network Stack Software NIC “TEAM” VM has connectivity even if Software Switch (IOV Mode) Virtual Function Physical SR-IOV NIC Physical NIC § § Switch not in IOV mode IOV physical NIC not present Different NIC vendor Different NIC firmware Software Switch (IOV Mode) Virtual Function SR-IOV Physical NIC

Dynamic Virtual Machine Queue (VMQ) d. VMQ uses hardware packet filtering to deliver packet data from an external virtual machine network directly to virtual machines, which reduces the overhead of routing packets and copying them from the management operating system to the virtual machine. IPsec Task Offload: Microsoft expects deployment of Internet Protocol security (IPsec) to increase significantly in the coming years. The large demands placed on the CPU by the IPsec integrity and encryption algorithms can reduce the performance of your network connections. IPsec Task Offload is a technology built into the Windows operating system that moves this workload from the main computer's CPU to a dedicated processor on the network adapter. SR-IOV is a specification that allows a PCIe device to appear to be multiple separate physical PCIe devices. The SR-IOV specification was created and is maintained by the PCI SIG, with the idea that a standard specification will help promote interoperability. SR-IOV works by introducing the idea of physical functions (PFs) and virtual functions (VFs). Physical functions (PFs) are full-featured PCIe functions; virtual functions (VFs) are “lightweight” functions that lack configuration resources.

Set-VMNetwork. Adapter –VMName My. VM –Port. Mirroring Source

Add-VMNetwork. Adapter. Acl

Set-VMNetwork. Adapter. Vlan

Set-VMNetwork. Adapter. Vlan

Networking Performance Dynamic VMq Dynamically span multiple CPUs when processing virtual machine network traffic IPsec Task Offload IPsec processing from within virtual machine, to physical network adaptor, enhancing performance SR-IOV Support Map virtual function of an SR-IOV-capable physical network adaptor, directly to a virtual machine The Hyper-V Extensible Switch takes advantage of hardware innovation to drive the highest levels of networking performance within virtual machines

Windows Server 2008 R 2 Windows Server 2012 Yes, via partners Windows NIC Teaming in box. VLAN Tagging Yes Yes MAC Spoofing Protection No Yes, with R 2 SP 1 Yes ARP Spoofing Protection No Yes, with R 2 SP 1 Yes SR-IOV Networking No No Yes Network Qo. S No No Yes Network Metering No No Yes Network Monitor Modes No No Yes IPsec Task Offload No No Yes VM Trunk Mode No No Yes NIC Teaming

Hyper-V is fully integrated in the Windows network stack Use the synthetic network adapter Use VLAN tagging & firewall rules for security Windows Server 2012 includes inbox NIC Teaming for load balancing and failover VMQ provides great performance for most workloads SR-IOV for low latency, high throughput workloads

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.