Agentless Security for Windows Server 2012, Windows Server 2012 R2, System Center VMM, Hyper-V and Windows 8 Product Description Cost Primary Capability: Security for Windows Server 2012, Windows Server 2012 R2, Hyper-V and Windows 8 Licensing: $24.99 per Virtual Server (1 year subscription) Additional Capability: Delivers Anti-Virus, Virtual Firewall and Intrusion Detection in a single Software License Product Description: 5nine Security Plugin for System Center VMM The first and only agentless security solution for Windows Server, Hyper-V and Windows 8. Provides complete security for small business to the largest enterprise deployments. System Center Integration: Fully integrated through SC VMM http://www.5nine.com/system-center-5nine-security-managerextensions-plugins.aspx Support: Support Type No Cost Availability Self-Help (Web, Forums) X None 6AM – 6PM PT Assisted: Web/Mail X None 6AM – 6PM PT Assisted: Phone X None 6AM – 6PM PT N/A N/A Assisted: On-site Next Steps Yes X Website: www.5nine.com Global Sales Contact: [email protected] 2 - Architecture Architecture Overview Management Server and Management Applications Management Application is a set of components along with a corresponding centralized repository (database) that can be deployed on a dedicated machine/VM to provide the following functionality: • Define / manage a set of network traffic rules/policies (collection of rules and such) that can be applied to the managed entities based on certain criteria or manually. • Apply, monitor and enforce the rules/policies on managed VMs and Hosts. • Collect the audit events/logs from the managed entities. • Control Agentless Anti-Virus and Anti-Malware • Management functions for IDS Host Management Agent The host management consists of the user mode service effectively implementing/installing WFP provider on the host machine as well as kernel mode drivers implementing vSwitch WPF callout filtering and vSwitch filtering extension driver implementing virtual Firewalling, QoS functionality such as throttling/deep packet inspection, IDS, etc. Resources White paper 1: http://www.5nine. com/Docs/5nine_ Security_Manager _White_Paper.pdf White Paper 2: http://www.5nine. com/Docs/Why_A gentless_Security_ Is_the_Best_Choic e.pdf Anti-Malware host based agent utilizes proprietary Library providing access to VHD(x) and host file system, memory and boot sectors using CBT (change block tracking) driver for fast incremental full scans. 3 - Deployment Deployment Overview 1. 5nine Security Plugin for SC VMM installs on each Physical Host 2. All Virtual Machines connected to the Physical host are secured 3. Installation and Setup takes only Minutes Helpful Resources: 5nine Security Plugin for SC VMM http://www.5nine.com/system-center5nine-security-manager-extensionsplugins.aspx Getting Started Guide http://www.5nine.com/Docs/59Security_V MM_Plugin_QSG.pdf Resources White paper 1: http://www.5nine. com/Docs/5nine_ Security_Manager _White_Paper.pdf White Paper 2: http://www.5nine. com/Docs/Why_A gentless_Security_ Is_the_Best_Choic e.pdf 4 SCALE AND PERFORMANCE MAXIMUM NUMBER System Resource Windows 2008 R2 Windows Server 2012 Improvement factor Host Logical processors on hardware 64 320 5× Physical memory 1 TB 4 TB 4× Virtual processors per host 512 2,048 4× Virtual processors per virtual machine 4 64 16× Memory per virtual machine 64 GB 1 TB 16× Active virtual machines 384 1,024 2.7× Nodes 16 64 4× Virtual machines 1,000 8,000 8× Virtual machine Cluster Industry Leading IO Performance • VM storage performance on par with native • Performance scales linearly with increase in virtual processors • Windows Server 2012 Hyper-V can virtualize over 99% of the world’s SQL Server. Windows Server 2008 R2 Windows Server 2012 250,000 IOPs 1,000,000+ IOPs http://www.youtube.com/watch?v=PS_wa0-xwFU SCALE AND PERFORMANCE New apps/services Device proliferation Data explosion Cloud computing Traditional Storage Windows File Server Cluster with FC/iSCSI Storage Array with Storage Spaces • • • • • • • • • • • • • • • • (new with R2) (enhanced with R2) (enhanced with R2) (new with R2) Can “ Cold data Hard Disk Drives Online VHDX Resize provides VM storage flexibility Expand Virtual SCSI Disks 1. Grow VHD & VHDX files whilst attached to a running virtual machine 2. Then expand volume within the guest Shrink Virtual SCSI Disks 1. Reduce volume size inside the guest 2. Shrink the size of the VHD or VHDX file while the VM is running 10 GB Unallocated 30 GB Primary Partition40GB Primary Partition Expanded Virtual Disk & Volume without Downtime SCALE AND PERFORMANCE Access Fibre Channel SAN data from a virtual machine Hyper-V host 1 Hyper-V host 2 • Unmediated access to a storage area network (SAN) • Hardware-based I/O path to virtual hard disk stack Worldwide Name Set A Worldwide Name Set B Worldwide Name Set A Worldwide Name Set B • N_Port ID Virtualization (NPIV) support • Single Hyper-V host connected to different SANs • Up to four Virtual Fibre Channel adapters on a virtual machine • Multipath I/O (MPIO) functionality • Live migration Live migration maintaining Fibre Channel connectivity Duplication of a Virtual Machine while Running Export a clone of a running VM • Point-time image of running VM exported to an alternate location • Useful for troubleshooting VM without downtime for primary VM Export from an existing checkpoint VM1 VM2 1 • Export a full cloned virtual machine from a point-in-time, existing checkpoint of a virtual machine 2 • Checkpoints automatically merged into single virtual disk 3 4 User Initiates an export of a running VM Hyper-V performs a live, point-in-time export of the VM, which remains running, creating the new files in the target location Admin imports new, powered-off VM on the target host, finalizes configuration and starts VM With Virtual Machine Manager, Admin can select host as part of the clone wizard Comprehensive feature support for virtualized Linux Significant Improvements in Interoperability • Multiple supported Linux distributions and versions on Hyper-V. • Includes Red Hat, SUSE, OpenSUSE, CentOS, Ubuntu, Oracle Linux 6.4 Comprehensive Feature Support • 64 vCPU SMP • Virtual SCSI, Hot-Add & Online Resize • Full Dynamic Memory Support • Live Backup • Deeper Integration Services Support Configuration Store Worker Processes WMI Provider Management Service Windows Kernel Virtual Service Provider Independent Hardware Vendor Drivers http://blogs.technet.com/b/virtualization/archive/2013/07/24/enabling-linux-support-on-windows-server-2012-r2-hyper-v.aspx Hyper-V Server Hardware Guest operating system (server) CentOS 5.7 and 5.8 CentOS 5.9 CentOS 6.0 – 6.3 CentOS 6.4 Red Hat Enterprise Linux 5.7 and 5.8 Red Hat Enterprise Linux 5.9 Maximum number Notes of virtual processors Download and install Linux Integration Services Version 3.4 for Hyper-V. 64 64 Integration services do not require a separate installation because they are built-in. 64 Download and install Linux Integration Services Version 3.4 for Hyper-V. 64 Integration services do not require a separate installation because they are built-in. 64 Download and install Linux Integration Services Version 3.4 for Hyper-V. 64 Integration services do not require a separate installation because they are built-in. Important Red Hat certified on Windows Server 2012. Red Hat Enterprise Linux 6.0 – 6.3 Red Hat Enterprise Linux 6.4 64 64 Download and install Linux Integration Services Version 3.4 for Hyper-V. Integration services do not require a separate installation because they are built-in. Important Red Hat certified on Windows Server 2012. SUSE Linux Enterprise Server 11 SP2 and SP3 Open SUSE 12.1 Ubuntu 12.04 and 12.10 Ubuntu 13.04 and 13.10 Oracle Linux 6.4 64 Integration services do not require a separate installation because they are built-in. 64 64 64 64 Integration services do not require a separate installation because they are built-in. Integration services do not require a separate installation because they are built-in. Integration services do not require a separate installation because they are built-in. Integration services do not require a separate installation because they are built-in. Note Oracle Linux is only supported when running the Red Hat Compatible Kernel. http://technet.microsoft.com/en-us/library/hh831531.aspx VIRTUAL MACHINE MOBILITY Benefits Source Hyper-V Virtual machine MEMORY Shared-nothing live migration with compression Disk Reads Disk contents writes and writes are arecopied mirrored; go totothe new Live Live Migration Migration Completes Continues outstanding source VHD. destination source changes Live Migration VHD VHD are replicated Begins • Increase flexibility of virtual machine placement Live Migration with Compression Configuration data Modified memory pages Memory content IP connection • Increase administrator efficiency • Reduce downtime for migrations across cluster boundaries • Utilizes available CPU resources on the host to perform compression • Compressed memory sent across the network faster • Operates on networks with less than 10 gigabit bandwidth available • Enables a 2X improvement in Live Migration performance Source device Target device Destination Hyper-V Virtual machine VIRTUAL MACHINE MOBILITY Primary site New feature Replicate Hyper-V virtual machines from a primary site to a replica site Benefits • Affordable in-box business continuity and disaster recovery • Failure recovery in minutes • Replica Frequency (30sec, 5min, 15min) • More secure replication across network • No need for storage arrays • No need for other software replication technologies • Automatic handling of live migration • Simpler configuration and management Replica site Exchange virtual machine IIS virtual machine CRM virtual machine SQL virtual machine SharePoint virtual machine Exchange replica virtual machine CRM replica virtual machine R2 P1 P2 Replicate over WAN link R3 R1 SMB file share SAN Hyper-V role and tools Hyper-V role and tools Hyper-V cmdlets Hyper-V PS integrated UI Hyper-V cmdlets Hyper-V PS integrated UI Send/receive replica traffic Hyper-V Management Module tracks and replicates changes for each virtual machine Hyper-V Management Module receives and applies the changes to the replica virtual machine Fail VM replication with Hyper-V Replica New: Configurable syncs down to 30 seconds New: Tertiary site support Seamless integration with Hyper-V and clustering Recovery orchestration with Windows Azure Hyper-V Recovery Manager At-scale disaster recovery with Windows Azure-enabled process automation • Simple • Single Console for recovery across different clouds Primary VMM Server • Automation Primary site Windows Azure Hyper-V Recovery Manager Data Channel (Hyper-V Replica) Recovery VMM Server Recovery site http://msdn.microsoft.com/en-us/library/windowsazure/dn168841.aspx http://www.windowsazure.com/en-us/manage/services/recovery-services/configure-a-backup-vault/ CONTINUOUS SERVICES • Reduces server downtime and user disruption by orchestration of cluster node updates • Maintains service availability without impacting cluster quorum U Third-party plug-in for updates • Detects required updates and moves workloads off nodes for updates • Uses Windows Update Agent or extensible plug-in Windows Server Cluster Current Workload CONTINUOUS SERVICES Health detection of applications inside a virtual machine CONTINUOUS SERVICES Simplify host patching and repairs Draining a node • Node is paused preventing new groups from moving to that node • All groups are issued a move • VMs are queued up and live migrated off based on priority Resuming a node •Resume-ClusterNode –Failback invokes failback policies to return groups to that node when it is brought out of Maintenance Mode CONTINUOUS SERVICES Improvements for Hyper-V Dynamic Memory • Introduced in Windows Server 2008 R2 SP1 • Reallocates memory automatically among running virtual machines Maximum memory Maximum memory Memory in use Memory in use Minimum memory Administrator can increase maximum memory without a restart VM1 Windows Server 2012 improvements • Minimum memory • Hyper-V smart paging • Memory ballooning • Runtime configuration Hyper-V Physical memory pool CONTINUOUS SERVICES • Multiple modes: switch dependent and independent • Hashing modes: port and 4-tuple • Active/active and active/standby Virtual adapters Team network adapter Team network adapter Use partner extensions or create your own to support security and management needs Use existing management tools to handle your multiserver virtualization environment Hyper-V Extensible Switch Hardware offloading Windows PowerShell Integration with Microsoft System Center Extending the Hyper-V Extensible Switch For new capabilities Virtual Machine Two platforms for extensions • Network Device Interface Specification (NDIS) filter drivers • Windows Filtering Platform (WFP) callout drivers You can extend or replace • • • • • NDIS filter drivers WFP callout drivers Ingress filtering Destination lookup and forwarding Egress filtering Other features OPEN AND EXTENSIBLE Virtual Machine Parent Partition VM NIC Host NIC Extension monitoring Extension uniqueness Extensions that learn virtual machine life cycle Extensions that can veto state changes Multiple extensions on same switch Virtual Switch Extension Protocol Capture Extensions Extension A Filtering Extensions Extension C Forwarding Extension Extension D Extension Miniport Physical NIC Hyper-V Extensible Switch architecture VM NIC Private Service Provider Web Service Sites App Plans sVM Service Users s Admin Windows Azure Web Sites Databases Self-Service VMs Subscriber Portal Self-Service Portal Self Service Portal Moves On-Premises Web App Sites Apps sVM Database s VMs Self-Service Subscriber Self-Service Portal Portal Common Mgt. Experience Web Sites VMs SQL Shared Cloud Services Service Bus, etc. SP1 w/ Service Provider Foundation Cloud-Enabled Services Move On-Premises Worker Role Workload Portability Consistent Dev. Experience Web Sites VM Role SQL Other Service Caching Services CDN. Bus Media,, etc. http://www.microsoft.com/hosting/en/us/services.aspx#savvis
© Copyright 2024 ExpyDoc
