Category Archives: System Center

System Center 2016: What's new in Data Protection Manager

With the release of System Center 2016 one of the components which saw the largest number of news is definitely Dpm. DPM 2016 introduces major improvements in terms of performance and changes regarding storage management and security. The whole is then further enhanced thanks to the support of the new Hyper-V feature in Windows Server 2016.

Modern Backup Storage

DPM 2016 introduces a new mechanism for managing storage defined Modern Backup Storage which uses a block-cloning technology based on Resilient File System (ReFS).

Thanks to the use of Modern Backup Storage you can get the following benefits:

  • Disk space optimization: Modern Backup Storage saves approximately the 30-40% storage and have a high degree of flexibility in the management of the same by using volumes ReFS and save backups on VHDX. In DPM 2016 There is no need to allocate a priori the space to devote to protecting resources and is able to adapt employment of storage for backups dynamically based on the size of the source to be protected.
  • Performance improvement: DPM 2016 for saving data on volumes ReFS makes use of a technology block-method-based cloning allocate-on-write instead of copy-on-write (used by VolSnap in DPM 2012 R2). This change enables a performance increase up to the 70%.
  • Decrease in costs: Thanks to the functionality workload-aware storage DPM introduces a further flexibility in the choice of different protection storage workloads that we sconsente to reduce their costs. DPM is able to use high-performance storage and more expensive for workloads with very high I, which may be such as SQL or Sharepoint, and storage less performance for workloads with reduced I.

In order to use Modern Backup Storage requires that DPM is installed on Windows Server 2016.

For more details about the Modern Backup Stoarge you can see Introducing DPM 2016 Modern Backup Storage.

Hyper-V protection

The following changes affect virtual machine protection with DPM 2016.

  • Resilient change tracking (RCT) – DPM uses the new native change tracking mechanism introduced in Hyper-V called Resilient Change Tracking (RCT). RCT significantly increases the resilience of the data compared to the previous change tracking mechanism based on VSS technology and therefore reduces the need for consistency check and thus save time. DPM during differential backups is able to locate and transfer only the blocks that have changed and that are indicated by the change tracker.

The virtual machines that are created directly on Windows Server 2016 and protected by DPM 2016 use of default RCT and therefore you can enjoy the following benefits in terms of protection:

  • Increased reliability: We do not require consistency check after migration of virtual machines;
  • High scalability: You may have a higher number of backup jobs in parallel and a lower impact on storage utilization;
  • Superior performance: faster backups and a lower impact on fabric.

If you want to use the functionality of RCT for virtual machines created on older versions of the hypervisor is wants to update the configuration file version of VMs (For more details, see the upgrading virtual machine version to Windows Server 2016) and on the DPM server 2016 You must stop the protection of virtual machines by selecting the option Retain Data and create a new Protection Group.

  • Continued protection during cluster aware updates – Windows Server 2016 introduced the ability to add a node Windows Server 2016 to an existing Hyper-V cluster consisting of Windows Server nodes 2012 R2. This feature allows you to update the cluster systems without any downtime. DPM 2016 You can protect your virtual machine also during the update process thus continuing to adhere to the established SLAS.
  • Secure VM Backups – DPM 2016 supports backup and recovery of Shielded VMs while maintaining the same level of security. In this regard it is good to specify that in this scenario the capabilities of Item Level Recovery (ILR) and Alternate Recovery Location (ALR) to a location outside the "guarded fabric" are not allowed.
  • Hyper-V with ReFS SOFS Cluster – DPM 2016 cannot protect Hyper-V virtual machines that reside on cluster SOFS that use ReFS. Backup and recovery is also supported for virtual machines that do not use RCT.
  • Hyper-V with Storage Spaces Direct – DPM has the ability to detect and protect virtual machines that use Storage Space Direct in different scenarios, for example, in Hyper-converged scenario where is Hyper-V (compute) that Storage Space Direct (storage) reside on the same cluster. For more details about Storage Spaces Direct on Windows Server 2016 I refer you to this article.

Conclusions

Having regard to the important new features and the many benefits that can be gained by switching to Data Protection Manager 2016 all current users of the solution should seriously consider upgrading. For those who want to explore and evaluate DPM 2016 can Download the trial version from Microsoft System Center Evaluation Center.

Windows Server 2016: Introduction to Network Controller

In Windows Server 2016 There are many new features in networking that allow us to achieve a functional infrastructure, named Software-Defined Networking (SDN), underlying the Software Defined Datacenter (SDDC).

The main features of Software Architecture Defined Networking (SDN) are adaptability, the dynamism and ease of management. All these aspects can be covered better by introducing in Windows Server 2016 of the features that we're going to deepen in this article.

Network Controller

This is a new role that is introduced in Windows Server 2016 that can be easily installed by using Server Manager or Using PowerShell and that helps you manage, Configure and monitor virtual and physical network infrastructure of your datacenter. Thanks to the Network Controller you can also automate the configuration of their network infrastructure instead of having to manually configure device and services. This role can also be installed on virtual machines, plan to be put in high availability and can scale easily. Deploy your Network Controller can either be done in domain environment, in this case, user authentication and network device is using Kerberos, that in a non-domain environment requiring certificate authentication.

Communication between the Network Controller and the network components is done using the Southbound API, figura 1, where is made the discovery of network equipment and detected configuring services. Also through the same interface the required network information is collected and transmitted to the changes made.

Northbound interface API you can communicate with your Network Controller to consult network information and use them to make monitoring and troubleshooting. The same API is used to make changes to the network configuration and to deploy new devices.

2015_ 12_27_WS16NC_01
Figure 1 – Communication Scheme

Manage and monitor your network through Network Controller, figura 2, can be performed directly using PowerShell (Network Controller Cmdlets) or by using management applications such as System Center Virtual Machine Manager (SCVMM) and System Center Operations Manager (SCOM).

2015_ 12_27_WS16NC_02

Figure 2 – Management Network Controller

Via the Network Controller you can manage the following physical and virtual network infrastructure components:

  • Hyper-V VMs and virtual switches
  • Switch
  • Router
  • Software firewall
  • Vpn Gateway (including Multitenant RRAS Gateway)
  • Load Balancer

Virtualized Network Functions

The spread of virtualization has also involved the field network and there is more and more interest in virtual appliances and cloud services that provide network services with an emerging market growing fast. We see more and more frequently in software defined datacenter using virtual appliances to deliver networking features that typically were paid solely by physical devices (such as load balancers, Firewall, router, switch, etc.).

In Windows Server 2016 Technical Preview includes the following virtual appliance:

Software Load Balancer

This is a load balancer software layer-4, similar to the load balancer already widely used on the Azure platform. For more information about Microsoft Azure Load Balancing Services, I invite you to consult Microsoft Azure Load Balancing Services.

Multi-tenant Firewall

Datacenter Firewall, figura 3, is a new service introduced in Windows Server 2016. This firewall can protect the network layer virtual network and is thought to be multitenant. When implemented can be offered as a service by the service provider and the tenant administrator can install and configure the firewall policy to secure their virtual networks from potential attacks that originate from the internet or from Interne.

2015_ 12_27_WS16NC_03

Figure 3 – Firewall Policy

Managing the Datacentre Firewall can be made using the network controller. Datacenter Firewall provides the following benefits for cloud service providers:

  • A scalable and maintainable software firewall service that can be offered as a service to its tenants
  • Provides protection for tenants, regardless of the operating system running on the virtual machine
  • Freedom to move virtual machines hosted tenants of different fabrics without breaking the firewall functionality provided in that:
  • Agent firewall is deployed as a vSwitch;
  • The virtual machines of the tenant shall take the policy assigned to their vSwitch;
  • Firewall rules are configured in each port of the vSwitch, regardless of the physical host that holds the virtual machine

As regards tenants instead the Datacenter Firewall provides the following benefits:

  • Ability to define rules on the firewall to help protect workloads in virtual network to the Internet
  • Ability to create rules on the firewall for protection between virtual machines on the same subnet layer 2 or on different subnet L2
  • Ability to define firewall rules to help protect and isolate network traffic between the on-premise and virtual network tenants present at the service provider

RAS Gateway

RAS Gateway is used to route network traffic between the virtual and physical networks networks. There are many areas of use:

Site-to-Site Gateway

Multi-tenant gateway solution, figura 4, that allows tenants to access their resources and manage them using a site-to-site VPN connection. Thanks to this gateway you can connect virtual resources in the cloud with the physical network of the tenant.

2015_ 12_27_WS16NC_04

Figure 4 – S2S Gateway

Forwarding Gateway

Used to route network traffic between virtual networks and the physical network hosting provider (in the same geographical location) – Figure 5.

2015_ 12_27_WS16NC_05

Figure 5 – Forwarding Gateway

GRE Tunnel Gateway

Gateways are able to create tunnels based on the GRE protocol that provide connectivity between virtual network of tenants and external networks. The GRE protocol is supported on many network devices, Therefore it is an ideal choice when not prompted to channel encryption. For more information on the GRE tunnel I invite you to consult GRE Tunneling on Windows Server Technical Preview.

Hyper-V Network Virtualization

The Network Virtualization with Hyper-V (HNV) is a key component of Software Defined Networking solution (SDN) by Microsoft and as such there are many new features in Windows Server 2016 to make it more functional and integrated stack SDN.

An important aspect to consider when it comes to SDN is that stack itself is consistent with Microsoft Azure and would therefore bring the same potentials used in public cloud Azure at its reality.

Programmable Hyper-V Switch

With the Network Controller you can make policy push HNV, figura 6, towards the agent running on each host that uses the Open vSwitch Database Management Protocol (OVSDB – RFC 7047). The Host Agent stores these policies using a schema customization VTEP and is able to program complex rules within the powerful engine of Hyper-V virtual switch.

2015_ 12_27_WS16NC_06

Figure 6 – Push Policies

VXLAN Encapsulation support

EXtensible Protocol Virtual Local Area Network (VXLAN – RFC 7348) has been widely adopted in the market with the support of leading vendors like Cisco, Brocade, Dell, HP and others. The HNV now supports this encapsulation scheme, using Microsoft MAC distribution mode through the Network Controller, which allows you to program the association between the IP addresses of the tenant (Customer Address – CA) physical network IPS and (Provider Address – PA). Generic Routing Encapsulation the encapsulation protocol Network Virtualization (NVGRE) continues to be supported on Windows Server 2016.

Interoperability with Software Load Balancer (SLB)

The software load balancer (SLB) presented above is fully supported in the virtual networks. The SLB is done through the virtual switch engine performance and controlled by network controller regarding the mapping Virtual IP (VIP) – Dynamic IP (DIP).

IEEE Compliant

To ensure full interoperability with physical and virtual network equipment we guarantee that all packets transmitted when using HNV is in all its fields compliant with standards dictated by the IEEE. This aspect has been heavily edited and improved in Windows Server 2016.

New Elements Introduced (Cloud Stairs Fundamentals)

In Windows Server 2016 the following features have been introduced to allow you to configure your environment more effectively, making the best use of available hardware resources:

Converged Network Interface Card (NIC): This feature allows you to use a single network adapter to handle different types of traffic: the management, storage access (RDMA) and the traffic of the tenant. In this way it is possible to decrease the number of network adapters are required for each physical host.

Switch Embedded Teaming (SET): Set is a new integrated Virtual Switch NIC Teaming solution for Hyper-V. SET allows you to have up to eight compounds teaming physical network adapters in a single SET team. This teaming mode, being integrated into virtual switch, can only be used on physical hosts and not inside the virtual machines, where you can still configure teaming in the traditional way (NIC Teaming Virtual Machines). This teaming mode does not expose team interfaces, but the configurations are made through Virtual Switch port.

2015_ 12_27_WS16NC_07

Packet Direct: Packet Direct allows to achieve a high throughput and low latency for network traffic.

Enhancements to existing services

DHCP
The Network Access Protection feature (NAP) is already in the State "deprecated" in Windows Server 2012 R2. In Windows Server 2016 the DHCP Server role will no longer support NAP DHCP scopes and functionality will no longer be NAP-enabled.

DNS Server
Now let's dig into those that are on Windows Servers 2016 the various innovations introduced on DNS servers to improve the efficacy and safety:

DNS Policy: You can configure DNS policy to define how the DNS server answers queries DNS. DNS responses can be based on many parameters, such as the client's IP address (location) or the time of day. DNS policies open their doors to different scenarios like location-aware DNS configuration, traffic management, load balancing and DNS split-brain.

Response Rate Limiting (RRL): You can configure the DNS server limits on response rate. This configuration allows us to avoid the use of DNS by malicious systems to perform DOS attacks (denial of service).

DNS-based Authentication of Named Entities (DANE): You can use the TLSA records (Transport Layer Security Authentication) to provide information to the Client regarding DNS which CA is waiting for a specific domain name. This mechanism is useful to prevent attacks man-in-the-middle type you.

Support for Unknown Records: This feature allows you to add records that are not explicitly supported by Windows DNS servers.

IPv6 root hints: You can use the IPV6 root servers for Internet name resolution.

Windows PowerShell Support: introducing new PowerShell cmdlets support is improved for the DNS Server.

DNS and IPAM: better integration between DNS and IPAM.

I invite you to study and evaluate the field the new features introduced in the field of networking downloading Windows Server 2016.