John Joyner MVP-Operations Manager Senior Architect, ClearPointe VIR306 Complete an evaluation on CommNet and enter to win! Required Slide Agenda Virtualization as a managed service Provisioning the service provider framework Demo: Certificates and Domain Preparation Virtual machine management architectures Demo: Un-trusted agents and gateways Walkthrough: Scoping customer roles Customer-facing management deliverables Demo: Web Console and Self Service Portal Virtualization as a Managed Service Who provides managed services? Hosting and managed service providers (MSP) Internal service level agreement (SLA) Anyone who needs to measure the delivery of a service used by someone else Whats special about managing virtualization? Virtual machines suddenly everywhere High risk exposure, high customer expectations Over fifty percent of servers sold worldwide in 2008 were to be involved in a virtualization role (IDC). Characteristics of Service Provider Roles Service Provider: Obligated to deliver a service to the customer in accordance with the terms of a service agreement Service Provider has: Resources the customer does not, or cannot practically have Multiple independent customers that share common services Security model: Small number of highly trusted (NOC) users with similar roles Customer: Expects to receive a service they have paid for and/or are responsible for monitoring the delivery of Customer Needs: Trust but verify their service provider is meeting the terms of the service agreement Absolute confidence in data privacy and security Security model: Large number of un-trusted users with very diverse roles Risk Management Considerations All your eggs in one basket, and other risks Presentation of the virtualization layer needs to achieve parity with well established IT disciplines Acceleration of change rate as IT is more dynamic Backup and recovery of VMs and VHDs have special considerations Customer expectations about virtualization It should save a lot of money It should be easy and safe Who isnt a virtual machine admin these days? Customer Considerations Transparent, utility-like delivery of their service Customer understands what they are paying for Provide a way to assess (measure) delivery Think like a business person, not IT Pro Virtualization components Clear host, guest, and storage dependencies Expect virtualization-aware value-adds The customer doesnt care how easy it is for you to manage their service. Service Provider Considerations Reliable, scalable monitoring instrumentation Repeatable, predictable customer SLA lifecycles Reduce burden to manage the management system Allow for customer unique and ad hoc monitoring Cross-platform, cross-vendor, multi-application Show the value-add of the service provider Virtualization components Integration of virtualization health with existing consoles Identify VM management burdens and opportunities Provisioning the Service Provider Framework Best effort vs. Guaranteed service levels Back-end monitoring facility Firewalls and Internet publishing Customer endpoint and attach scenarios Licensing and Legal 'Best Effort' vs. 'Guaranteed' Services Best Effort: Entry-level solution for the service provider Focus on convenience and achieving one view of customer health Next day is OK, pager, IM notifications of alerts to staff evenings/weekends Remote access optional Guaranteed: Service providers assumes mission-critical risk Network Operations Center (NOC) with 24x7 staffing and tiered escalation SLA is king, goal is 100% uptime during service hours, requires remote access Continuous event prosecution, minutes count Back-end Monitoring Facility Minimum and High-Value Hosting models Must not share resources with service provider corporate networks VPN vs. No-VPN scenarios Certificate Authority (CA) requires commitment to maintain indefinitely, public DNS critical Virtualization consideration: Include VMM 2008 Virtualization opportunity: Common images Network Operations Center (NOC) Photo courtesy of Certificates and Domain Preparation Sample Minimum Service Provider Architecture Operations Manager 2007 High-Value Hosting Model for Service Providers: Core components Firewalls and Internet Publishing Your service is delivered across un-trusted domains, usually over the Internet Customer firewalls require configuration: Publish Remote Web Workplace (RWW) Publish hardware remote control (HP ILO, Dell DRAC, Intel RMM2, others) Publish VMM Self Service Portal Special advantages to publishing Operations Manager 2007 Web Console with ISA/TMG Deploy Multi-WAN type Internet endpoints Multiple ISPs for Internet-managed customers is the only way to achieve high availability with DSL, Cable connections Customer Endpoint and Attach Scenarios: Operations Manager 2007 Essentials 2007 Server One certificate per customer installed with Enable Service Provider mode wizard Operations Manager 2007 Gateway component One or two gateways per customer, only a gateway needs a certificate Operations Manager 2007 Agent component Individual certificate for each agent Sample Customer Firewall Setup Outbound: TCP 5723 (minimum requirement) Inbound: 443 (RWW) Inbound (Windows 2003 RWW only): 4125 Inbound: Access to hardware remote control (optional) Customer Endpoint and Attach Scenarios: Virtual Machine Manager 2008 Virtual Machine Manager 2008 Server Subset of features work when installed on the service provider network Install VMM server also at the customer and leverage features in both locations: hybrid model Virtual Machine Manager 2008 Agents When managed by service provider instance of VMM server: Use DMZ manual agent install Managed by local VMM server: Use the normal domain-trust based discovery and install mode Test-Dev Environment Overview Un-trusted Agents and Gateways Licensing for Managed Computers Essentials Licensing Purchase Essentials Server license, and server and client add-on license packs as needed by size Service Provider pays monthly SAL via SPLA per computer that is remotely managed Operations Manager Licensing Purchase one-time OML (Standard or Enterprise), or lease OML via monthly SPLA Software Assurance (SA) on OML critical to keep pace Virtual Machine Manager Licensing Purchase VMM Workgroup, Enterprise, Enterprise on SPLA, or via SMSE bundle Remember to suggest the Microsoft Open Value with SA package for SMB customers Legal Preparedness Auditing, controls, access logs (SAS 70) Regulatory Compliance (HIPAA, SOX, PCI) Accreditation (more atService Level Agreements (SLA) Clear, metric-based agreements on service terms Alignment with SLA and technical instrumentation Hosting best practices to isolate each customer No shared credentials across customers No customer names in management pack names Virtual machine management architectures VMM 2008 Server location: Service provider and/or customer/hosting site VMM client attach mode: Full-featured domain or limited DMZ mode VMM Operations Manager integrations Virtualization Reports Performance and Resource Optimization (PRO) Multiple Management Group VMM model VMM 2008 server location and mode affects the VM remote desktop and VMM Library features in the Self Service Portal Virtual Machine Manager Server Server ConnectorConnector Self Service Web Portal Administrators Console Management Interfaces SAN Storage Operators Console Web Console Windows PowerShell Operations Manager Server Server Virtual Server Host VM VM VMM Library Server Server VM VHD VMware VI3 Virtual Center Server ESX Host VMVMVMVM VMVMVMVM VMVMVMVM Windows PowerShell Template ISOScript VMM 2008 / OpsMgr 2007 Integration Multiple Management Group Model Customer Network Service Provider Network Walkthrough: Scoping Customer Roles Customer-Facing Management Deliverables Operations Manager 2007 R2 Web Console New in R2: AJAX-based Health Explorer Stage on-demand reports in My Workspace Virtual Machine Manager 2008 (VMM) Self Service Portal Windows Server Updating Service 3.0 (WSUS) Essentials Daily Reports, included with EBS 08 SBS 08 Daily Summary and Weekly Detailed Reports Service Provider: Show off your value Essentials 2007 Daily Health Report SBS 2008 Detailed Network Report Web Console and Self-Service Portal Sessions On-Demand & CommunityResources for IT ProfessionalsResources for DevelopersMicrosoft Certification and Training ResourcesMicrosoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Related Content MGT404 - Developing Custom Reports and Operational Dashboards with Microsoft System Center Operations Manager 2007 VIR312 - Microsoft System Center Virtual Machine Manager 2008: Advanced Features MGT310 - Microsoft System Center Virtual Machine Manager 2008: Performance and Resource Optimization (PRO) and Management Integration MGT206 - What's Next for Microsoft System Center Essentials Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Store Virtual Machine in Library Using Self Service Portal Over the Web VMM Agent Traffic in DMZ Mode 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Required Slide