DOCSLIB.ORG

Microsoft Private Cloud Fast Track on Dell Vstart for Enterprise Virtualization

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft Private Cloud Fast Track on Dell Vstart for Enterprise Virtualization Microsoft Private Cloud Fast Track on Dell vStart for Enterprise Virtualization The Dell vStart for Enterprise Virtualization as a foundation for the Microsoft Private Cloud Fast Track solution based on System Center 2012. Dell Enterprise Product Group Global Solutions Engineering A00 Microsoft Private Cloud Fast Track on Dell vStart for Enterprise Virtualization This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind. © 2012 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. Dell, the Dell logo, PowerEdge, Compellent, and Force 10 are trademarks of Dell Inc. Intel and Xeon are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft, Windows, Windows Server, Hyper-V, SQL Server, Active Directory, and Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Intel and Xeon are registered trademarks of Intel Corporation in the U.S. and other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others. June 2012| Rev A00 ii Microsoft Private Cloud Fast Track on Dell vStart for Enterprise Virtualization Contents Executive summary ....................................................................................................... 5 Private Cloud Fast Track Program Description .................................................................... 5 Business Value ........................................................................................................... 5 Technical Benefits ...................................................................................................... 5 Reference Architecture .................................................................................................. 6 Logical Architecture .................................................................................................... 8 Server Architecture ................................................................................................ 10 SAN Design .......................................................................................................... 17 Network Architecture ............................................................................................. 27 Virtualization Architecture ....................................................................................... 31 Fabric Management .................................................................................................. 42 Fabric Management Hosts ........................................................................................ 42 Management Logical Architecture .............................................................................. 44 Service Management .............................................................................................. 60 Backup and Disaster Recovery ................................................................................... 61 Security .............................................................................................................. 62 Service Delivery ....................................................................................................... 66 Operations ............................................................................................................. 67 Tables Table 1 Server Configurations ......................................................................................... 12 Table 2 Traffic Descriptions ........................................................................................... 15 Table 3 Sample VLAN and subnet configuration ................................................................... 16 Table 4 CSV Limits ...................................................................................................... 18 Table 5 Guest Template Specs ........................................................................................ 38 Table 6 Supported Guest Server OS .................................................................................. 40 Table 7 Supported Guest Client OS .................................................................................. 41 Table 8 SQL Data Location and Size Examples ..................................................................... 47 Table 9 SQL Databases and Instances ................................................................................ 48 Table 10 Backup types and capabilities ............................................................................. 61 iii Microsoft Private Cloud Fast Track on Dell vStart for Enterprise Virtualization Figures Figure 1 vStart 1000m Logical Architecture .......................................................................... 7 Figure 2 Key Hardware Components in Dell vStart 1000m ......................................................... 9 Figure 3 Dell vStart Blade LAN Connectivity Overview ........................................................... 13 Figure 4 NPAR and VLAN Configuration on a M620 Server ........................................................ 14 Figure 5 NPAR and VLAN Configuration on a R620 Server ........................................................ 15 Figure 6 vStart SAN Connectivity Overview ......................................................................... 18 Figure 7 Fault Domain Configuration in vStart SAN ............................................................... 23 Figure 8 SAN FC network and zoning ................................................................................. 24 Figure 9 Compellent Snapshot Consistency ......................................................................... 26 Figure 10 Design Pattern ............................................................................................... 43 Figure 11 Management Architecture ................................................................................. 45 iv Microsoft Private Cloud Fast Track on Dell vStart for Enterprise Virtualization Executive summary Private Cloud Fast Track Program Description The Microsoft® Private Cloud Fast Track Program is a joint reference architecture for building private clouds that combines Microsoft software, consolidated guidance, and validated configurations with Dell™ technology—including computing power, network and storage architectures, and value-added software components. Microsoft Private Cloud Fast Track utilizes the core capabilities of Windows Server®, Hyper-V® and System Center to deliver a Private Cloud - Infrastructure as a Service offering. The key software components of every Reference Implementation are Windows Server 2008 R2 SP1, Hyper-V, and System Center 2012. Business Value The Microsoft Private Cloud Fast Track Program provides a reference architecture for building private clouds on each organization’s unique terms. Each Fast-Track solution helps organizations implement private clouds with increased ease and confidence. Among the benefits of the Microsoft Private Cloud Fast Track Program are faster deployment, reduced risk, and a lower cost of ownership. Reduced risk: Tested, end-to-end interoperability of compute, storage, and network Predefined, out-of-box solutions based on a common cloud architecture that has already been tested and validated High degree of service availability through automated load balancing Lower cost of ownership: A cost-optimized, platform and software-independent solution for rack system integration High performance and scalability with Windows Server 2008 R2 operating system advanced platform editions of Hyper-V technology Minimized backup times and fulfilled recovery time objectives for each business critical environment Technical Benefits The Dell vStart architecture and Microsoft Private Cloud Fast Track Program integrate best-in-class hardware implementations with Microsoft’s software to create a Reference Implementation. This solution has been co-developed by Dell and Microsoft and has gone through a validation process. As a Reference Implementation, Dell and Microsoft have taken on the work of building a private cloud that is ready to meet a customer’s needs. Faster deployment: End-to-end architectural and deployment guidance 5 Microsoft Private Cloud Fast Track on Dell vStart for Enterprise Virtualization Streamlined infrastructure planning due to predefined capacity Enhanced functionality and automation through deep knowledge of infrastructure Integrated management for virtual machine (VM) and infrastructure deployment Self-service portal for rapid and simplified provisioning of resources Reference Architecture The Logical Architecture is comprised of two parts. The first is the ―Fabric‖ which is the physical infrastructure (Servers, Storage, Network) that will host and run all customer/consumer virtual machines. In the vStart solution, the Fabric consists of between 8 and 32 Hyper-V host servers in one or more clusters, a highly scalable SAN, and an Ethernet LAN. The second is ―Fabric Management‖ which is a set of virtual machines comprising the SQL and System Center management infrastructure. The vStart solution utilizes two Hyper-V host servers in a dedicated cluster for the Fabric Management along with the SAN and Ethernet LAN. The
Load more

Recommended publications
  • Feature Description
    NTLM Feature Description UPDATED: 19 March 2021 NTLM Copyright Notices Copyright © 2002-2021 Kemp Technologies, Inc. All rights reserved. Kemp Technologies and the Kemp Technologies logo are registered trademarks of Kemp Technologies, Inc. Kemp Technologies, Inc. reserves all ownership rights for the LoadMaster and Kemp 360 product line including software and documentation. Used, under license, U.S. Patent Nos. 6,473,802, 6,374,300, 8,392,563, 8,103,770, 7,831,712, 7,606,912, 7,346,695, 7,287,084 and 6,970,933 kemp.ax 2 Copyright 2002-2021, Kemp Technologies, All Rights Reserved NTLM Table of Contents 1 Introduction 4 1.1 Document Purpose 6 1.2 Intended Audience 6 1.3 Related Firmware Version 6 2 Configure NTLM Authentication 7 2.1 Configure Internet Options on the Client Machine 7 2.2 Configure the LoadMaster 11 2.2.1 Enable NTLM Proxy Mode 13 2.2.2 Configure the Server Side SSO Domain 13 2.2.3 Configure the Client Side SSO Domain 15 2.2.4 Configure the Virtual Service 15 2.3 Configure Firefox to Allow NTLM (if needed) 17 2.4 Troubleshooting 18 References 19 Last Updated Date 20 kemp.ax 3 Copyright 2002-2021, Kemp Technologies, All Rights Reserved NTLM 1 Introduction 1 Introduction NT LAN Manager (NTLM) is a Windows Challenge/Response authentication protocol that is often used on networks that include systems running the Windows operating system and Active Directory. Kerberos authentication adds greater security than NTLM systems on a network and provides Windows-based systems with an integrated single sign-on (SSO) mechanism.
    [Show full text]
  • Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability
    Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Hernan Ochoa Agustin Azubel [email protected] [email protected] Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Presentation goals: ‣ Describe the vulnerability in detail ‣ Explain & demonstrate exploitation • Three different exploitation methods ‣ Clear up misconceptions ‣ Determine vulnerability scope, severity and impact ‣ Share Conclusions BlackHat USA 2010 Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Vulnerability Information ‣ Flaws in Windows’ implementation of NTLM - attackers can access SMB service as authorized user - leads to read/write access to files, SMB shared resources in general and remote code execution ‣ Published February 2010 ‣ CVE-2010-0231, BID 38085 ‣ Advisory with Exploit Code: • http://www.hexale.org/advisories/OCHOA-2010-0209.txt ‣ Addressed by MS10-012 BlackHat USA 2010 Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Why talk about this vulnerability? ‣ Major 14-year old vulnerability affecting Windows Authentication Mechanism! - Basically, all Windows versions were affected (NT4, 2000, XP, 2003, Vista, 2008, 7) - Windows NT 4 released in ∼1996 - Windows NT 3.1 released in ∼1993 (∼17 years ago) - All this time, we assumed it was working correctly.. but it wasn’t... - Flew under the radar... BlackHat USA 2010 Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Why talk about this vulnerability? ‣ Interesting vulnerability, not your common buffer overflow - Issues in the Pseudo-Random Number Generator (PRNG) - Challenge-response protocol implementation issues - Replay attacks - Attack to predict challenges is interesting BlackHat USA 2010 Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Why talk about this vulnerability? ‣ There’s a lesson to be learned..
    [Show full text]
  • Chapter 15-70-411FINAL[1]
    Lesson 15: Configuring Service Authentication MOAC 70-411: Administering Windows Server 2012 Overview • Exam Objective 5.1: Configure Service Authentication • Configuring Service Authentication • Managing Service Accounts © 2013 John Wiley & Sons, Inc. 2 Configuring Service Authentication Lesson 15: Configuring Service Authentication © 2013 John Wiley & Sons, Inc. 3 Authentication • Authentication is the act of confirming the identity of a user or system and is an essential part used in authorization when the user or system tries to access a server or network resource. • Two types of authentication that Windows supports are NT LAN Manager (NTLM) and Kerberos. • Kerberos is the default authentication protocol for domain computers. • NTLM is the default authentication protocol for Windows NT, standalone computers that are not part of a domain, and situations in which you authenticate to a server using an IP address. © 2013 John Wiley & Sons, Inc. 4 Understanding NTLM Authentication • NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. • NTLM is an integrated single sign-on mechanism. • NTLM uses a challenge-response mechanism for authentication in which clients are able to prove their identities without sending a password to the server. © 2013 John Wiley & Sons, Inc. 5 Managing Kerberos Kerberos: • Is a computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner. • Can provide mutual authentication
    [Show full text]
  • Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5
    Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5 Copyright 2003, The Center for Internet Security www.cisecurity.org Page 2 of 32 Terms of Use Agreement Background. CIS provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere (“Products”) as a public service to Internet users worldwide. Recommendations contained in the Products (“Recommendations”) result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a “quick fix” for anyone’s information security needs. No representations, warranties and covenants. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the Products or the Recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any Product or Recommendation. CIS is providing the Products and the Recommendations “as is” and “as available” without representations, warranties or covenants of any kind. User agreements. By using the Products and/or the Recommendations, I and/or my organization (“we”) agree and acknowledge that: 1. No network, system, device, hardware, software or component can be made fully secure; 2.
    [Show full text]
  • In Windows Server 2008 R2 and Windows Server 2008 (The Former Containing the Later Release of Hyper-V)
    Hyper-V Microsoft Hyper-V Developer(s) Microsoft Initial release July 26, 2008 (KB950050)[1][2] R2 Service Pack 1 Stable release (KB976932)[3][4] / March 15, 2011; 15 months ago Windows 8 (both its server and client versions) (future) and Operating system Windows Server 2008 or standalone Type Virtual machine License Proprietary Hyper V Slide 1 of 21 Microsoft Hyper-V ■ Microsoft Hyper-V, ✦ codenamed Viridian ✦ and formerly known as Windows Server Virtualization, ✦ is a hypervisor-based virtualization system for x86-64 systems ■ A beta version of Hyper-V was shipped with certain x86-64 editions of Windows Server 2008, and the finalized version (automatically updated through Windows Update) was released on June 26, 2008 ■ Hyper-V has since been released in a free stand-alone version, and has been upgraded to Release 2 (R2) status Hyper V Slide 2 of 21 Versions and variants ■ Hyper-V exists in two variants: ✦ as a stand-alone product called Microsoft Hyper-V Server 2008 (Hyper-V Server 2008 R2 for the second release), ✦ and as an installable role in Windows Server 2008 R2 and Windows Server 2008 (the former containing the later release of Hyper-V). ■ The stand-alone version of Hyper-V is free, and was released on October 1, 2008. ■ It is a variant of the core installation of Windows Server 2008 that includes full Hyper-V functionality; other Windows Server 2008 roles are disabled, and there are limited Windows Services. ■ The free Hyper-V Server 2008 variant is limited to a command line interface (CLI), where configuration of the "Host" or "Parent" (Hyper-V Server 2008) OS, physical hardware and software is done using shell commands.
    [Show full text]
  • Windows Poster 20-12-2013 V3
    Microsoft® Discover the Open Specifications technical documents you need for your interoperability solutions. To obtain these technical documents, go to the Open Specifications Interactive Tiles: open specifications poster © 2012-2014 Microsoft Corporation. All rights reserved. http://msdn.microsoft.com/openspecifications/jj128107 Component Object Model (COM+) Technical Documentation Technical Documentation Presentation Layer Services Technical Documentation Component Object Model Plus (COM+) Event System Protocol Active Directory Protocols Overview Open Data Protocol (OData) Transport Layer Security (TLS) Profile Windows System Overview Component Object Model Plus (COM+) Protocol Active Directory Lightweight Directory Services Schema WCF-Based Encrypted Server Administration and Notification Protocol Session Layer Services Windows Protocols Overview Component Object Model Plus (COM+) Queued Components Protocol Active Directory Schema Attributes A-L Distributed Component Object Model (DCOM) Remote Protocol Windows Overview Application Component Object Model Plus (COM+) Remote Administration Protocol Directory Active Directory Schema Attributes M General HomeGroup Protocol Supplemental Shared Abstract Data Model Elements Component Object Model Plus (COM+) Tracker Service Protocol Active Directory Schema Attributes N-Z Peer Name Resolution Protocol (PNRP) Version 4.0 Windows Data Types Services General Application Services Services Active Directory Schema Classes Services Peer-to-Peer Graphing Protocol Documents Windows Error Codes ASP.NET
    [Show full text]
  • Polycom Unified Communications Deployment
    SOLUTION DEPLOYMENT GUIDE November 2016 | 3725-06675-008A Polycom® Unified Communications for Microsoft® Environments Polycom, Inc. 1 Copyright© 2016, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc. 6001 America Center Drive San Jose, CA 95002 USA Trademarks Polycom®, the Polycom logo and the names and marks associated with Polycom products are trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in the United States and various other countries. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Polycom. End User License Agreement By installing, copying, or otherwise using this product, you acknowledge that you have read, understand and agree to be bound by the terms and conditions of the End User License Agreement for this product. Patent Information The accompanying product may be protected by one or more U.S. and foreign patents and/or pending patent applications held by Polycom, Inc. Open Source Software Used in this Product This product may contain open source software. You may receive the open source software from Polycom up to three (3) years after the distribution date of the applicable product or software at a charge not greater than the cost to Polycom of shipping or distributing the software to you.
    [Show full text]
  • IT Security Principles: Windows Exploitation
    IT Security Principles: Windows Exploitation IT 444 – Network Security Understanding LLMNR and NBNS • Windows systems go through several different steps to resolve a hostname to an IP address for us. • Windows will search the hosts or LMHosts file on the system to see if there’s an entry in that file. • If there isn’t, then the next step is to query DNS. Windows will send a DNS query to the default nameserver to see if it can find an entry. • In most cases, this will return an answer, and we’ll see the web page or target host we’re trying to connect to. • In situations where DNS fails, modern Windows systems use two protocols to try to resolve. LLMNR and NetBios Understanding LLMNR and NBNS o LLMNR: this protocol uses multicast in order to try to find the host on the network. Other Windows systems will subscribe to this multicast address, and when a request is sent out by a host, if anyone listening owns that name and can turn it into an IP address, a response is generated. Once the response is received, the system will take us to the host o If the host can’t be found using LLMNR, Windows use the NetBIOS protocol to try to discover the IP. It does this by sending out a broadcast request for the host to the local subnet, and then it waits for someone to respond to that request. If a host exists with that name, it can respond directly, and then our system knows that to get to that resource, it needs to go to that location Understanding LLMNR and NBNS o Both LLMNR and NBNS rely on trust o As a malicious actor, though, we can respond to any request sent out to LLMNR or NBNS and say that the host being searched for is owned by us.
    [Show full text]
  • Installing and Configuring Windows Server 2012 R2
    spine = .75” Exam Ref 70-410 70-410 Exam Ref Prepare for Microsoft Exam 70-410—and help demonstrate your Installing and Configuring real-world mastery installing and configuring Windows Server Windows Server 2012 R2 2012 R2. Designed for experienced IT professionals ready to Installing and advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSA About the Exam or MCSE level. Exam 70-410 validates your ability to install and configure Windows Server Windows Server 2012 R2 Installing and Configuring 2012 R2 core services. Passing this exam Focus on the expertise measured by these counts as credit toward MCSA: Windows Configuring objectives: Server 2012 R2 certification, as well as three MCSE certifications. • Install and Configure Servers • Configure Server Roles and Features About Microsoft • Configure Hyper-V Windows Server Certification • Deploy and Configure Core Network Services Microsoft Certified Solutions Associate • Install and Administer Active Directory (MCSA) certifications validate the core • Create and Manage Group Policy technical skills required to build a sustainable career in IT. The MCSA certification for Windows 2012 R2 This Microsoft Exam Ref: Server 2012 R2 requires three • Is fully updated for Windows Server 2012 R2. exams—70-410, 70-411, and 70-412— • Organizes its coverage by exam objectives. and can also be applied toward earning Microsoft Certified Solutions Expert • Features strategic, what-if scenarios to challenge you. (MCSE) certification for the Server • Assumes you have experience implementing Windows Server 2012 Infrastructure, Desktop Infrastructure, R2 core services in an enterprise environment. and Private Cloud specialties. See full details at: microsoft.com/learning/certification About the Author Craig Zacker is an educator and editor Exam Ref 70 410 who has written or contributed to dozens of books on operating systems, Zacker networking, and PC hardware.
    [Show full text]
  • Acronis True Image 2021
    Acronis True Image 2021 USER GUIDE Table of contents 1 Introduction ....................................................................................................................7 1.1 What is Acronis® True Image™? ................................................................................................ 7 1.2 New in this version .................................................................................................................... 7 1.3 Backups created in Acronis True Image 2020 or later ............................................................... 8 1.4 System requirements and supported media ............................................................................. 9 1.4.1 Minimum system requirements .................................................................................................................... 9 1.4.2 Supported operating systems ...................................................................................................................... 10 1.4.3 Supported file systems .................................................................................................................................. 10 1.4.4 Supported Internet connection types ......................................................................................................... 11 1.4.5 Supported storage media ............................................................................................................................. 11 1.5 Installing Acronis True Image 2021 ..........................................................................................12
    [Show full text]
  • Content Gateway Manager Help, V8.0.X
    Content Gateway Manager Help Websense® Content Gateway v8.0.x ©1996–2014, Websense Inc. All rights reserved. 10900 Stonelake Blvd, 3rd Floor, Austin, TX 78759, USA Websense Content Gateway Online Help November 2014 R050914800 This document contains proprietary and confidential information of Yahoo, Inc and Websense, Inc. The contents of this document may not be disclosed to third parties, copied, or duplicated in any form, in whole or in part, without prior written permission of Websense, Inc. Every effort has been made to ensure the accuracy of this manual. However, Websense Inc., and Yahoo, Inc. make no warranties with respect to this documentation and disclaim any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice. Use, duplication, or disclosure of the technical data contained in this document by the Government is subject to restrictions as set forth in subdivision (c) (1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 52.227-7013 and/or in similar or successor clauses in the FAR, or in the DOD or NASA FAR Supplement. Unpublished rights reserved under the Copyright Laws of the United States. Contractor/manufacturer is Websense, Inc, 10900 Stonelake Blvd, 3rd Floor, Austin, TX 78759, USA. Trademarks Websense, the Websense Logo, ThreatSeeker, and TRITON are registered trademarks of Websense, Inc. in the United States and/or other countries.
    [Show full text]
  • [MS-MSSO]: Media Streaming Server System Overview
    [MS-MSSO]: Media Streaming Server System Overview Intellectual Property Rights Notice for Protocol Documentation . Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected].
    [Show full text]