In-Depth

System Center 1801 Is Here

A look at what's new in Virtual Machine Manager (VMM), Data Protection Manager (DPM) and Operations Manager (SCOM), for your virtualized infrastructure, either Hyper-V or VMware.

The first release of what Microsoft is planning as a twice-a-year release cycle for System Center Semi-Annual Channel (SAC) was just released. This cadence matches the twice a year new release of Windows Server.

In this article I'm going to look at what's new in Virtual Machine Manager (VMM), Data Protection Manager (DPM) and Operations Manager (SCOM), for your virtualized infrastructure, either Hyper-V or VMware.

Just like with Windows Server, there's a Long Term Servicing Channel (LTSC) with a five-year mainstream support cycle (bug fixes, new features and security fixes), followed by another five years of extended support (bug and security fixes only). The new SAC flavor is an alternative to LTSC and you need to look very carefully at your company's business needs before going down this track, as each release is only supported for 18 months, so you're going to be upgrading much more frequently. Note that the LTSC branch will keep getting updates in the form of Update Releases (URs) but that new features will mainly be targeted at the SAC branch.

Virtual Machine Manager
VMM 1801 supports both Windows Server 2016 and the SAC version 1709 as is to be expected, along with some new features in the OS that didn't make it into VMM 2016.

Nested Virtualization is one of those features, so you can now create a VM in VMM (or set it up in templates) with this turned on, allowing the VM in turn to be a virtualization host (see Figure 1). Unless you're running a training center (where Nested Virtualization is incredibly useful) I suspect the main reason for this would be to create Windows container hosts through VMM.

[Click on image for larger view.] Figure 1. Nested Virtualization in Virtual Machine Manager.

Storage Quality of Service (QoS) was expanded massively in Windows Server 2016, unfortunately VMM 2016 only supported it for VHD/VHDX files on Storage Spaces Direct (S2D) and Scale out File Server (SOFS) clusters, not SANs. QoS policies also could only be scoped on a per-array basis. VMM 1801 can apply storage QoS on all storage and the policies can also be included in templates and be applied to VMM clouds.

Remoting to VMs can now be done over Enhanced Session mode in Hyper-V. Refreshing properties of hosts in VMM can be up to 10x faster.

Much of the work done in Windows Server 2016 Hyper-V was focused on the Software-Defined Networking (SDN) stack and a lot of that made it into VMM 2016. This new release adds some polish such as the ability to define Virtual IPs (VIPs) for the Software Load Balancer (SLB) in templates instead of only through PowerShell. The SLB now also supports internal load balancing (just like in Azure) and for guest clustering support it incorporates floating IPs where the SLB knows which node is active and routes traffic from the external VIP to the that node. HTTP or TCP health monitoring is now also built into the SLB (see Figure 2).

[Click on image for larger view.] Figure 2. HTTP and TCP health monitoring are built-in to the Software Load Balancer.

Encryption of all network traffic on a VM network is just a tickbox away (see Figure 3). The only prerequisite is to distribute a certificate (internal CA or self-signed) to each host. This protects the network against network sniffing but not against fabric admins. Apparently network protection against fabric admins is coming, which would bring network protection in line with the host protection offered through Shielded VMs.

[Click on image for larger view.] Figure 3. Easy network protection is only a tickbox away.

Speaking of Shielded VMs, this is now extended to Linux VMs (running on Windows Server 1709) and VMs can be defined with a Host Guardian Service (HGS) failback in case the primary cluster is offline. Shielded VMs is a big topic, if you're interested I presented on VMM 2016 at Ignite, with additional resources here.

The current plug-in for VMM to manage Azure VMs only supported the old flavor (ASM-based) whereas 1801 now provides the ability to manage your Azure Resource Manager (ARM)-based VMs, too.

There's a little bit of love for VMware, too, with the ability to convert an EFI VM to a Hyper-V generation 2 VM from vSphere (ESXi) 4.1, 5.0, 5.1, 5.5 and 6.0.

The main thing still missing from VMM is a rewrite of the services deployment engine. Public Azure and Azure Stack build on ARM, which is becoming a critical skill for IT professionals, whereas VMM still has its own, graphical service template designer. If this was rewritten to support ARM, the same skills would be applicable across all three environments.

System Center Operations Manager (SCOM)
The headline feature in this release of SCOM is the new HTML5 Web console. Microsoft has been moving this console to HTML5 for some time, but the dashboards were still relying on Silverlight in SCOM 2016. This version finally sheds that baggage (although you can still get to the old dashboards if you really want to at http://server/Dashboard); the new dashboards supports Alert, State, Performance, Topology, Tile and Custom widgets.

A nice touch is the ability to expand a dashboard to full screen -- useful if your NOC is plastered with large screens. You can export a custom dashboard by exporting the management pack (MP) in which it's stored. Dashboards can be customized, and a user accessing the Web console can also chose to personalize settings -- note that these are stored in that browser so if you open the Web console on another device your personalizations won't appear there.

The Custom widget type is interesting in that it allows you to create your own HTML and JavaScript code and this married with the new ability to fetch SCOM data through a REST-based API opens up the possibility for interesting solutions.

The Topology widget lets you import a diagram from Visio or other sources and drag your health state icons on top of the diagram to create network/geographical diagrams with health information.

The new widgets also support drilling down from the overview to a more focused view. For instance,  from an Alert view you can drill down to a specific alert and then to the rule that generated the alert.

Adding custom knowledge for your company no longer requires Word and access to the Operations Console, you can simply use the built-in editor in the widgets. More information on these new dashboards can be found on the SCOM Team Blog.

With Microsoft claiming back the responsibility for the catalog of first- and third-party Management Packs (MPs) in SCOM 2016 and providing an Updates (did you know there's a new version of your MP release?) and Recommendations (we see you're running this, perhaps you'd like to download this MP?) feature, in 1801 this extends to third-party MPs, as well.

SCOM 1801 continues the integration with Operations Management Suite (OMS), this time extending to Service Map. This is a technology (originally acquired from BlueStripe software) which essentially automates the discovery of dependencies in distributed applications and creates the diagrams automatically, something you had to do manually in earlier SCOM versions.

Monitoring of Linux and Unix is improved with the ability to use FluentD community plug-ins, as well as support for Kerberos for authentication. In the past you had to use basic authentication for WinRM so the WS-Management protocol could talk to Linux machines, now you can use Kerberos instead.

Data Protection Manager
DPM 2016 added Modern Backup Storage for Hyper-V backups (yeah, I know, Microsoft's got to have a marketing name for everything), in this case though the 50 percent space savings and 3x performance increase for backups are pretty impressive. The new version of DPM brings Modern Storage to VMware backups. For vCenter/ESXi 5.5 or 6.0, DPM now offers agentless backup (all you need is the IP address or FQDN of your server and login credentials). If you're organizing your VMs in vCenter using folders, DPM will automatically detect new VMs created in these and back them up.

Restores can be made to local disk, NFS shares or cluster storage. If the VM is running Windows, you can use Item-Level Recovery (ILR) to recover individual files or folders without having to restore the whole VM.

What's new in Orchestrator and Service Manager, you ask? Nothing except for bug fixes and support for TLS 1.2, which shows Microsoft's priorities quite clearly.

Is it worth jumping on the SAC train for System Center? It really depends on your business needs, but the improvements in VMM, SCOM and DPM are compelling, although overall it does seem like Microsoft has put System Center on a slimming diet (except for Configuration Manager, which is really playing in a different league than the rest of System Center these days).

Featured

Subscribe on YouTube