HP releases drivers for Emulex 10 GbE nic solving virtual machine disconnect when VMQ is enabled

Update September 15:

Someone reported that after installing this update on a HP Gen7 the problem still exists. 

Hyper-V virtual machines running on servers with Emulex network interface cards can randomly disconnect from the network when VMQ has been enabled. This is experienced by many. The issue both occurs on Emulex cards as well as on OEM Emulex cards. HP servers and some others use those Emulex 10 GbE cards.

See my earlier post for more info.

Today HP released a new driver  which solves this issue.  The driver is included in the  Service Pack for Proliant 2014.09.

However Emulex advised odd ping may still drop but no disconnects.  In the near future Emulex will do a complete rewrite of the driver to also fix the dropped pings.

Tim Johnson was so kind to keep me informed about this update. He  told me after installing this driver update he did not experience disconnects for the last 7 days.

HP-emulex-driver

5nine Cloud Security 4.0 for Hyper-V released

5nine Cloud Security for Hyper-V is the first and only agentless anti-malware and virtual firewall solution for the Windows Server Hyper-V, utilizing the flexibility of Hyper-V Extensible Switch. It offers some unique features like support for NVGRE. The solution is interesting for service providers who like to protect their customer virtual machines but do not have access to the guest operating system.

5nine

Cloud Security for Hyper-V   is the new name of 5nine’s Security Datacenter for Windows Server Hyper-V. See the datasheet for detailed info.

Cloud Security is available as a free edition (with limitations) and a paid edition.
Download the free edition here.

Enterprises and cloud providers can:

  • Secure multi-tenant Hyper-V environments and provide VM isolation
  • Protect Hyper-V with light-speed agentless antivirus
  • Enforce PCI-DSS, HIPAA and Sarbanes-Oxley compliance

 

5nine Cloud Security 4.0 for Hyper-V features:

  • Secure multi-tenancy and VM isolation
  • Virtual Machine security groups and cloud tenant security
  • User/roles access that allows users or user groups to manage only objects associated with them
  • Agentless antivirus for Hyper-V hosts and real-time protection for VMs
  • NVGRE support
  • New LWF R2 vSwitch extension
  • Enhanced API and advanced event logging

Licensing options

  • Standard license is available for fewer than or equal to 10 VMs per 2 CPU.
  • Datacenter license is available for unlimited number of VMs per 2 CPU.
  • SPLA license is available for hosting providers upon request.

Thomas Maurer has written a comprehensive blogpost about 5nine here.

How to create a site-to-site VPN connection using ADSL to Windows Azure

For research on my to be released book on Windows Azure I had to create a site-to-site VPN connection from my home to Windows Azure. Untill recently I was under the impression I needed a VPN device or Windows RRAS server configured with a public facing IP-address to be able to have such a site-to-site VPN.

However, that is not the case. Using a common ADSL modem, Hyper-V manager and a virtual machine running Windows Server 2012 with RRAS I was able to setup the VPN connection.

Thanks to Christopher Keyaert  who blogs at vnext.be who helped me. Read his blog which describes how to update Azure networking if your ADSL connection has a dynamic IP. 

My ADSL modem is a Fritz!Box 7270. I did not have to modify the configuration of the modem. You might want to add a route in your modem pointing to your RRAS server if other servers need access to Azure VMs.

The site-to-site can be setup using a physical server with RRAS installed as well. No need for the RRAS server to have a public IP.

In my book I will publish a step by step instruction how to configure this. In this post I will provide the basic steps. There are many other posts explaining how to setup a site-to-site VPN connection. For example this one. 

1. In the Azure Management Portal create a virtual network. First create a new local network. In here you configure the public IP-address which is assigned to your ADSL modem. You also specify the IP-subnet used in your home location. Mine is 192.168.178.0/24.

2. Enable ‘configure site-to-site VPN’.

3. Then create a gateway in the portal. Select dynamic routing. Creation of the gateway will take about 5 to 10 minutes.

4. After the creation has finished, select ‘Download VPN device script. Choose Windows Server RRAS and store the .cfg file on your RRAS server.

5. Rename the .cfg file to PS1. Start PowerShell and execute the .PS1 file. You might have to change the execute policy .

The PowerShell script adds a Network interface to the RRAS server. This connects to the IP-address of the Azure gateway. When the script has finished open Routing and Remote Access console. Select Network Interfaces-> then select the demand dial connection named as IP-address of the Azure gateway. Right click and select Connect.

If all goes well a VPN connection is enabled.

Make sure the Ethernet network interface of the RRAS server which connects to your internal (home) network does not have a gateway filled in for the IP-properties. Otherwise ip-traffic will not flow to and from Windows Azure.

Also make sure the firewall on the RRAS server does not block VPN-traffic.

In Windows Azure create a virtual machine and make sure it is added to the virtual network you created in the first step. After creation has finished, open an RDP connection. Then make sure the Windows Server firewall does not block VPN traffic.

That is it. You now should be able to ping or use any other connection from your home server (RRAS) to a virtual machine in Azure.

Please let me know if you have issues in setting up the S2S VPN (mvdb22 at gmail dot com )

Guide: How to sync on-premise Active Directory to Windows Azure Active Directory

Microsoft released a Test Lab Guide which explains in detail how to synchronize an organization Active Directory with Windows Azure Active Directory.

Organizations moving to a hybrid cloud want to be able to provide identity management for services running on Windows Azure whil not depending on their on-premise Active Directory.

By using Windows Active Directory Synchronization Tool (DirSync) on-premise AD can be synchronized to Windows Azure Active Directory.

This 48-pages documents explains step by step how to sign up for a free trial of Azure, how to enable WAAD and how to setup and configure DirSync.

 

Since November 2013 DirSync can be installed on a server with Active Directory installed. So only a single DC is needed to be able to use this Lab Guide.

More information and download of the guide here.

New Hyper-V + System Center exam plus voucher for free exam

Microsoft released in November 2013  a new exam named “74-409 Server Virtualization with Windows Server Hyper-V and System Center“.

The exam requires knowledge of Windows Server 2012 R2 Hyper-V. Also some basic knowledge of Windows Azure, System Center and monitoring is required.

Questions are multiple choice with some drag-and-drop.

The exam details can be found here.

To prepare for the exam a 5 day classroom course is available: 20409A: Server Virtualization with Windows Server Hyper-V and System Center (5 Days)

Alternatively Microsoft Virtual Academy has a free 15 modules on-line course available.

There is a voucher for a free exam. Register using this link

The MVA course is available here,

Channel 9 has 13 videos online which explains this subject.

The number of free exams is limited, so be sure to schedule your appointment to lock-in your free exam. Vouchers expire and all exams must be taken by June 30, 2014.

Marius Sandbu wrote a blog titled Study resources 74-409 Server Virtualization with Windows Server Hyper-V and System Center with links to more information to prepare for this exam.