Using Microsoft System Center Tools to Deliver Virtualization

Using Microsoft System Center Tools to Deliver Virtualization Management for Hosting and Service Providers John Joyner MVP-Operations Manager Senior Architect, Clear. Pointe VIR 306

Complete an evaluation on Comm. Net and enter to win!

Agenda Virtualization as a managed service Provisioning the service provider framework Demo: Certificates and Domain Preparation Virtual machine management architectures Demo: Un-trusted agents and gateways Walkthrough: Scoping customer roles Customer-facing management deliverables Demo: Web Console and Self Service Portal

Virtualization as a Managed Service Who provides managed services? Hosting and managed service providers (MSP) Internal service level agreement (SLA) Anyone who needs to measure the delivery of a service used by someone else What’s special about managing virtualization? Virtual machines suddenly everywhere High risk exposure, high customer expectations Over fifty percent of servers sold worldwide in 2008 were to be involved in a virtualization role (IDC).

Characteristics of Service Provider Roles Service Provider: Obligated to deliver a service to the customer in accordance with the terms of a service agreement Service Provider has: Resources the customer does not, or cannot practically have Multiple independent customers that share common services Security model: Small number of highly trusted (NOC) users with similar roles Customer: Expects to receive a service they have paid for and/or are responsible for monitoring the delivery of Customer Needs: Trust but verify their service provider is meeting the terms of the service agreement Absolute confidence in data privacy and security Security model: Large number of un-trusted users with very diverse roles

Risk Management Considerations All your eggs in one basket, and other risks… Presentation of the virtualization layer needs to achieve parity with well established IT disciplines Acceleration of change rate as IT is more dynamic Backup and recovery of VM’s and VHD’s have special considerations Customer expectations about virtualization It should save a lot of money It should be easy and safe Who isn’t a virtual machine admin these days?

Customer Considerations Transparent, utility-like delivery of their service Customer understands what they are paying for Provide a way to assess (measure) delivery Think like a business person, not IT Pro Virtualization components Clear host, guest, and storage dependencies Expect virtualization-aware value-adds The customer doesn’t care how easy it is for you to manage their service.

Service Provider Considerations Reliable, scalable monitoring instrumentation Repeatable, predictable customer SLA lifecycles Reduce burden to manage the management system Allow for customer unique and ‘ad hoc’ monitoring Cross-platform, cross-vendor, multi-application Show the value-add of the service provider Virtualization components Integration of virtualization health with existing consoles Identify VM management burdens and opportunities

Provisioning the Service Provider Framework ‘Best effort’ vs. ‘Guaranteed’ service levels Back-end monitoring facility Firewalls and Internet publishing Customer endpoint and attach scenarios Licensing and Legal

'Best Effort' vs. 'Guaranteed' Services ‘Best Effort’: Entry-level solution for the service provider Focus on convenience and achieving “one view” of customer health Next day is OK Email, pager, IM notifications of alerts to staff evenings/weekends Remote access optional ‘Guaranteed’: Service providers assumes mission-critical risk Network Operations Center (NOC) with 24 x 7 staffing and tiered escalation SLA is king, goal is 100% uptime during service hours, requires remote access Continuous event prosecution, minutes count

Back-end Monitoring Facility Minimum and High-Value Hosting models Must not share resources with service provider corporate networks VPN vs. No-VPN scenarios Certificate Authority (CA) requires commitment to maintain indefinitely, public DNS critical Virtualization consideration: Include VMM 2008 Virtualization opportunity: Common images

Network Operations Center (NOC) Photo courtesy of www. jimdoylemcse. com

Demo Certificates and Domain Preparation

Sample Minimum Service Provider Architecture

Operations Manager 2007 High-Value Hosting Model for Service Providers: Core components

Firewalls and Internet Publishing Your service is delivered across un-trusted domains, usually over the Internet Customer firewalls require configuration: Publish Remote Web Workplace (RWW) Publish hardware remote control (HP ILO, Dell DRAC, Intel RMM 2, others) Publish VMM Self Service Portal Special advantages to publishing Operations Manager 2007 Web Console with ISA/TMG Deploy “Multi-WAN” type Internet endpoints Multiple ISP’s for Internet-managed customers is the only way to achieve high availability with DSL, Cable connections

Customer Endpoint and Attach Scenarios: Operations Manager 2007 Essentials 2007 Server One certificate per customer installed with Enable Service Provider mode wizard Operations Manager 2007 Gateway component One or two gateways per customer, only a gateway needs a certificate Operations Manager 2007 Agent component Individual certificate for each agent

Sample Customer Firewall Setup Outbound: TCP 5723 (minimum requirement) Inbound: 443 (RWW) Inbound (Windows 2003 RWW only): 4125 Inbound: Access to hardware remote control (optional)

Customer Endpoint and Attach Scenarios: Virtual Machine Manager 2008 Server Subset of features work when installed on the service provider network Install VMM server also at the customer and leverage features in both locations: hybrid model Virtual Machine Manager 2008 Agents When managed by service provider instance of VMM server: Use “DMZ” manual agent install Managed by local VMM server: Use the normal domain-trust based discovery and install mode

Test-Dev Environment Overview

Demo Un-trusted Agents and Gateways

Licensing for Managed Computers Essentials Licensing Purchase Essentials Server license, and server and client add-on license packs as needed by size Service Provider pays monthly SAL via SPLA per computer that is remotely managed Operations Manager Licensing Purchase one-time OML (Standard or Enterprise), or lease OML via monthly SPLA Software Assurance (SA) on OML critical to keep pace Virtual Machine Manager Licensing Purchase VMM Workgroup, Enterprise on SPLA, or via SMSE ‘bundle’ Remember to suggest the Microsoft “Open Value with SA” package for SMB customers

Legal Preparedness Auditing, controls, access logs (SAS 70) Regulatory Compliance (HIPAA, SOX, PCI) Accreditation (more at www. mspalliance. com) Service Level Agreements (SLA) Clear, metric-based agreements on service terms Alignment with SLA and technical instrumentation Hosting “best practices” to isolate each customer No shared credentials across customers No customer names in management pack names

Virtual machine management architectures VMM 2008 Server location: Service provider and/or customer/hosting site VMM client attach mode: Full-featured domain or limited “DMZ” mode VMM ↔ Operations Manager integrations Virtualization Reports Performance and Resource Optimization (PRO) “Multiple Management Group” VMM model VMM 2008 server location and mode affects the VM remote desktop and VMM Library features in the Self Service Portal

VMM 2008 / Ops. Mgr 2007 Integration Administrator’s Console Self Service Web Portal Operator’s Console Web Console Windows Power. Shell Windows® Power. Shell Connector Virtual Machine Manager Server Operations Manager Server Management Interfaces Virtual Server Host VM VM VMM Library Server VM ISO Template VHD Script VMware VI 3 Virtual Center Server VM VM SAN Storage ESX Host VM VM

Multiple Management Group Model Customer Network Service Provider Network

Walkthrough: Scoping Customer Roles

Customer-Facing Management Deliverables Operations Manager 2007 R 2 Web Console New in R 2: AJAX-based Health Explorer Stage on-demand reports in My Workspace Virtual Machine Manager 2008 (VMM) Self Service Portal Windows Server Updating Service 3. 0 (WSUS) Essentials Daily Reports, included with EBS 08 SBS 08 Daily Summary and Weekly Detailed Reports Service Provider: Show off your value

Essentials 2007 Daily Health Report

SBS 2008 Detailed Network Report

Demo Web Console and Self-Service Portal

question & answer

Resources www. microsoft. com/teched www. microsoft. com/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http: //microsoft. com/technet http: //microsoft. com/msdn Resources for IT Professionals Resources for Developers www. microsoft. com/learning Microsoft Certification and Training Resources

Related Content MGT 404 - Developing Custom Reports and Operational Dashboards with Microsoft System Center Operations Manager 2007 VIR 312 - Microsoft System Center Virtual Machine Manager 2008: Advanced Features MGT 310 - Microsoft System Center Virtual Machine Manager 2008: Performance and Resource Optimization (PRO) and Management Integration MGT 206 - What's Next for Microsoft System Center Essentials

appendix

Store Virtual Machine in Library Using Self Service Portal Over the Web

VMM Agent Traffic in DMZ Mode

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.