Virtualization can bring many benefits for businesses,
including increased agility, greater flexibility, and improved cost
efficiency. Combining virtualization with the infrastructure and tools
needed to provision cloud applications and services brings even greater
benefits for organizations that need to adapt and scale their
infrastructure to meet the changing demands of today’s business
environment. With its numerous improvements, Hyper-V in Windows Server
2012 provide the foundation for building private clouds that can use
the benefits of
cloud computing across the business units and geographical locations
that typically make up today’s enterprises. By using Windows Server
2012, you can begin transitioning your organization’s datacenter
environment toward an infrastructure as a service (IaaS) private cloud
that can provide your business units with the “server instances on
demand” capability that they need to be able to grow and respond to
changing market conditions.
Hosting providers
also can use Windows Server 2012 to build multi-tenant cloud
infrastructures (both public and shared private clouds) that they can
use to deliver cloud-based applications and services to customers.
Features and tools included in Windows Server 2012 enable hosting
providers to fully isolate customer networks from one another, deliver
support for service level agreements (SLAs), and enable chargebacks for
implementing usage-based customer billing.
Let’s dig into these features and capabilities in more detail. We’ll
also get some insider perspective from experts working at Microsoft who
have developed, tested, deployed, and supported Windows Server 2012
during the early stages of the product release cycle.
The new Hyper-V extensible
switch in Windows Server 2012 is key to enabling the creation of secure
cloud environments that support the isolation of multiple tenants. The
Hyper-V extensible switch in Windows Server 2012 introduces a number of
new and enhanced capabilities for tenant isolation, traffic shaping,
protection against malicious virtual machines, and hassle-free troubleshooting. The extensible switch allows third parties to develop plug-in extensions
to emulate the full capabilities of hardware-based switches and support
more complex virtual environments and solutions.
Previous versions of Hyper-V allowed you to implement complex
virtual network environments by creating virtual network switches that
worked like physical layer-2 Ethernet switches. You could create
external virtual networks to provide VMs with connectivity with
externally located servers and clients, internal networks to allow VMs
on the same host to communicate with each other as well as the host, or
private virtual networks (PVLANs)
that you can use to completely isolate all VMs on the same host from
each other and allow them to communicate only via external networks.
The Hyper-V extensible switch facilitates the creation of virtual
networks that can be implemented in various ways to provide great
flexibility in how you can design your virtualized infrastructure. For
example, you can configure a guest
operating system within a VM to have a single virtual network adapter
associated with a specific extensible switch or multiple virtual
network adapters (each associated with a different switch), but you
can’t connect the same switch to multiple network adapters.
What’s new however is that the Hyper-V virtual switch is now
extensible in a couple of different ways. First, you can now install
custom Network Driver Interface Specification (NDIS) filter drivers (called extensions)
into the driver stack of the virtual switch. For example, you could
create an extension that captures, filters, or forwards packets to extensible switch ports. Specifically, the extensible switch allows for using the following kinds of extensions:
-
Capturing extensions, which can capture packets to monitor network traffic but cannot modify or drop packets
-
Filtering extensions, which are like capturing extensions but also can inspect and drop packets
-
Forwarding extensions, which allow you to modify packet routing and enable integration with your physical network infrastructure
Second, you can use the capabilities of the Windows Filtering Platform (WFP)
by using the built-in Wfplwfs.sys filtering extension to intercept
packets as they travel along the data path of the extensible switch.
You might use this approach, for example, to perform packet inspection
within your virtualized environment.
These different extensibility capabilities of the Hyper-V extensible switch are intended primarily for Microsoft partners and independent software
vendors (ISVs) so they can update their existing network monitoring,
management, and security software products so they can work not just
with physical hosts, but also with VMs deployed within any kind of virtual networking
environment that you might possibly create using Hyper-V in Windows
Server 2012. In addition, being able to extend the functionality of the
Hyper-V networking by adding extensions makes it easier to add new
networking functionality to Hyper-V without needing to replace or
upgrade the switch. You’ll also be able to use the same tools for
managing these extensions that you use for managing other aspects of
Hyper-V networking, namely the Hyper-V Manager console, PowerShell, and
Windows Management Instrumentation (WMI). And because these extensions
integrate into the existing framework of Hyper-V networking, they
automatically work with other capabilities, like Live Migration.
Table 1 summarizes some of the benefits of the Hyper-V extensible switch from both the IT professional and ISV perspective.
Table 1. Benefits of the Hyper-V extensible switch
|
Key Tenets |
Benefit to ISVS |
Benefit to IT Professionals |
|---|
|
Open platform w/public API |
Write only the functionalities desired |
Minimal footprint for errors |
|
First-class citizen of system |
Free system services (e.g., Live Migration) |
Extensions from various ISVs work together |
|
Existing API model |
Faster development |
Larger pool of extension implementers |
|
Logo certification and rich framework |
Higher customer satisfaction |
Higher extension quality |
|
Unified Tracing thru virtual switch |
Lower support costs |
Shorter downtimes |
1.1 Configuring virtual switches
Figure 1 shows the Windows Filtering Platform (WPF) extension selected in the Virtual
Switch Manager of the Hyper-V Console in the beta version of Windows
Server 2012. Note that once extensions are installed on the host, they
can be enabled or disabled and also have their order rearranged by
moving them up or down in the list of switch extensions.
You can also use PowerShell to create, delete, and configure extensible switches on Hyper-V hosts. For example, Figure 2 shows how to use the Get-VMSwitchExtension cmdlet to display details concerning the extensions installed on a specific switch.
You also can display the full list of PowerShell cmdlets for managing the extensible switch, as Figure 3 illustrates.
