Category Archives: Hyper-V

Let’s start to know Microsoft and Amazon Public Cloud solutions

1 Reply

Since the beginning of my career I used virtualization. As a Microsoft employee I used for my projects Virtual Server 2005, 2005 R2, Hyper-V 2008,

2008 R2, 2012 and now 2012 R2. I also know and respect very much the VMware products/solutions.

Now that the next “big thing” seems to be the cloud computing, I found that I’m a Private

Cloud expert! (thanks to my knowledge of System Center suite that completes the

Microsoft/VMware virtualization platform and achieve the Private Cloud solution) and I also

found that I was not aware about “the other side”: the Public Cloud.

So I started to learn the Microsoft Azure offering that is very interesting due to the tight

integration with the Microsoft On Premise/Private Cloud solution (aka Hyper-V + System Center

+ Azure Pack)

Now it’s turn to take a look to the competitors and due the fact that VMware is still

considering how to enter in the Public Cloud market, the best choice is to learn what Amazon

is doing with Amazon Web Services (that it’s the actual leader for Public Cloud solutions).

I recommend to start reading this short PDF (14 pages) published in 2008.

http://media.amazonwebservices.com/AWS_Cloud_Architectures.pdf The value of this doc is that shows in a really clear manner an example of how to use cloud

computing to create a reliable, scalable and efficient solution.

I love the fact that this document presents a real example and uses it to talk about every

single component of this solution and leads the reader to think about the technology used and

the best practices taken.

I think that the “GrapTheWeb” solution can also be created with Microsoft Azure with the

following architecture:

Image

Microsoft offers an Hadoop clustered distribution service called Windows Azure HDInsight:

http://blogs.technet.com/b/microsoft_blog/archive/2013/10/28/announcing-windows-azure-hdinsight-where-big-data-meets-the-cloud.aspx

The AWS Hadoop offering is named Amazon Elastic MapReduce:

http://aws.amazon.com/elasticmapreduce/

To have an overview about the Microsoft Azure offering, take a look at this site:

http://www.windowsazure.com/en-us/develop/net/fundamentals/intro-to-windows-azure/

The Amazon Web Service overview can be found at this link:

http://aws.amazon.com/products-solutions/

Hyper-V Antivirus Exclusions

1 Reply

Every Windows Server (Virtualized or not) needs to be protected by an Antivirus program.

It’s also important to protect the Hyper-V servers where the virtualized workloads are placed.

Before activate the Hyper-V role, I suggest to install an Antivirus program on each Server that will become part of the virtualization host environment.

Hyper-V Antivirus Exclusions

Anti-virus software should exclude Hyper-V specific files using the Hyper-V: Antivirus Exclusions for Hyper-V Hosts article, namely:

  • All folders containing VHD, VHDX, AVHD, VSV and ISO files
  • Default virtual machine configuration directory, if used (C:\ProgramData\Microsoft\Windows\Hyper-V)
  • Default snapshot files directory, if used (%systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots)
  • Custom virtual machine configuration directories, if applicable
  • Default virtual hard disk drive directory
  • Custom virtual hard disk drive directories
  • Snapshot directories
  • Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)
  • Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)

Additionally, when you use Cluster Shared Volumes, exclude the CSV path “C:\ClusterStorage” and all its subdirectories.

For more information: http://social.technet.microsoft.com/wiki/contents/articles/2179.hyper-v-anti-virus-exclusions-for-hyper-v-hosts.aspx.

NOTES:

  • In the virtual machines no Hyper-V specific exclusions are needed. Add only the exclusions related to the installed services (SQL, IIS, …)
  • As far as I know, today is not possible to protect Hyper-V workloads using a technology similar to VMware vShield Endpoint so every Virtual Machine needs to take care of its own scanning activity. http://www.vmware.com/products/vsphere/features/endpoint.html. You must consider this as you plan antivirus policies. You must avoid every virtual machine to start scanning activity at the same time (you will prevent bad performance issues).