Virtualization in a mobile environment

Last week a colleague was taking the opportunity to revisit his development environment. In light of the availability of Windows Server 2008 R2, Win7, and Beta 1 of Visual Studio 2010, Eric was interested in pursuing a heavily virtualized setup. As he knew I am a proponent of doing all development (including the IDEs) in virtuals and that I had converted to a Hyper-V-based development environment, we started discussing what approach he might take. Eric travels a lot, so he’s opted to work entirely on mobile devices. His primary notebook is a beast: Core 2 Quad, 8GB RAM, 17″ 1920×1200 display, 1GB nVidia Quadro FX 3700m, all in a svelte 11 pound package (including power supply). You’d think it’d be great for the developer who wants to virtualize, or the conference presenter who wants to demonstrate the latest and greatest to a crowd.

Unfortunately, Microsoft’s professional-level offerings for virtualization on notebooks are nonexistent.

At first, Eric wanted to go the Hyper-V R2 route. He installed Server 2K8 R2, installed VS2010 in the host partition, and TFS2010/SQL2K8/MOSS2007 in virtuals. He had heard me complain about the graphics performance problems with Hyper-V in the past, but wanted to see for himself. Sure enough, Visual Studio ran quite slowly. However, as it was his first time using the beta, he didn’t know if the lack of speed was just because it was a beta, or if Hyper-V was the cause. Temporarily disabling the Hyper-V role caused a severalfold speedup in the application, going from painful to pleasant. Permanently fixing this would require running XP-level (or, ugh, VGA) drivers for his top-end video card. On top of this, Hyper-V completely disables all forms of sleep in Windows. This was not an acceptable solution to a mobile user.

Frustrated, he decided to resort to Virtual PC. It’s free and easy to use, but that idea was shot down when he realized that not only does Virtual PC not support multiprocessor guests (annoying, but something he could cope with), but it won’t run 64-bit guests either. Given that many of the latest Microsoft server releases (including Windows Server 2008 R2 itself) are 64-bit only, this was a dealbreaker.

What’s left? I suggested VMware Workstation 6.5. It supports multicore guests, 64bit guests, and letting the host computer sleep, all without painful graphics performance. It’s not free, but if you’re looking to get the job done, it’s the best solution. If you want free, VirtualBox is a good option, although not quite as polished as VMWare Workstation. If you want Microsoft, you’re out of luck.

Eric went with VMware Workstation.

Finally, I should note that Intel is releasing the next round of mobile cpus in 1Q2010. As they’ll be Nehalem chips, many of them should have improved hardware virtualization support that matches what we can get on the desktop today. While it won’t fix the Hyper-V sleep mode problem, it will at least alleviate the Hyper-V graphics performance problem.


How to mount ISO files from a share in Hyper-V

I’m a huge fan of Windows Home Server.  I love the easy-to-set-up image- and file-based backup system, and I love the ability to just slap in another 2TB drive if I start getting low on space.  In addition to music, movies, photos, and personal documents, I keep all the software install packages and ISOs I’ve downloaded on my server.  Further, with the user account synchronization built into WHS, I’ve been able to simplify my home network and no longer maintain any (permanent) Active Directory domains.

This setup has worked pretty well up to now.  In VMWare Workstation, when I want to build a new VM, I just mount the appropriate OS .ISO from \\server\Software\ and boot to the DVD.  Hyper-V, though, doesn’t like to mount ISOs over the network.  On a fresh Hyper-V R2 install, when I tried to mount a Win7 iso for a new guest, I was greeted with the following error:

The server encountered an error while configuring devices on testvm.  Failed to add device 'Microsoft Virtual CD/DVD Disk'.  The Machine Account 'Hyper-V Virtual Machine Management service' does not have read access to file share '\\server\soft...\en_windows_7_ultimate_x64_dvd_x15-65922.iso'.

In an Active Directory environment, there is a documented solution for this; when one is also managing the Hyper-V host remotely, additional configuration is required that involves constrained delegation.

In an environment without Active Directory (like my home network), or when the machines in question are in domains that don’t talk with each other, we need something else.  One option is to enable anonymous access to the share where the ISOs are stored.  This solution is fine for my home network, and may be feasible for other small networks where security isn’t as much of an issue.  While the instructions below are for Windows Home Server specifically, they are easily adapted to a bog-standard (non-WHS) file server.

  1. First, go to Administrative Tools->Local Security Policy.

    In Security Settings/Local Policies/Security Options, make the following changes:

    Network Access: Do not allow anonymous enumeration of SAM accounts and sharesDisabled
    Network Access: Let Everyone permissions apply to anonymous usersEnabled
    Network Access: Restrict anonymous access to Named Pipes and SharesDisabled
    Network Access: Shares that can be accessed anonymously – Add SOFTWARE (or the appropriate share) to the existing list

    In Security Settings/Local Policies/User Rights Assignment:

    Access this computer from a network – Add ANONYMOUS LOGON and Everyone if they’re not already there

  2. After closing the Local Security Settings window you’ll need to reboot the server or force application of security policy via gpupdate.
  3. Then, open up Computer Management and go to System Tools->Local Users and Groups->Groups.
    Windows Home Server creates several security groups that provide read-only and read/write access to the shares it manages.  Find which group offers Read-Only access to the share and add Everyone to this group.  On my computer, the Software share is managed by RO_8 and RW_8, so I added Everyone to the RO_8 group.
  4. While you’re in Computer Management, go to System Tools->Shared Folders->Shares.  In the properties for the appropriate share, add Everyone to the Share Permissions.

After following these steps, I was able to mount ISOs from the share successfully in the Hyper-V Manager.

Unfortunately, this solution has a caveat beyond just the security implications.  Windows Home Server likes you to manage everything through its interface.  If you’ve made changes out of band, WHS is happy to ‘fix’ them for you.  After every reboot, WHS removes the Everyone token from both the security group and from the share permissions.  This means that every time I reboot, I have to perform steps 3 and 4 again. This is frustrating enough that I’ve considered writing a script for this, but I reboot the server so rarely that I haven’t bothered.

Posted in Uncategorized. Tags: , , . Comments Off on How to mount ISO files from a share in Hyper-V

Can I mount IMG files in Hyper-V?

The vast majority of the software I use on a regular basis is packaged as either standalone executables, MSIs, or ISO images. However, the Team Foundation Server client for Visual Studio 2005 (yes, I still have to use 2K5 regularly) is in an IMG file. With VMWare Workstation, this wasn’t a problem; IMG images could be mounted just as easily as ISO images. Hyper-V (and R2), unfortunately, is limited to mounting ISOs. So how do I get the VSTF client installed on my Hyper-V guest?

Given the rarity of IMG files nowadays, I decided to settle for a one-off workaround, and convert my IMG to an ISO that would be broadly compatible with any image mounting software, including Hyper-V.  Several options are available for this; I used MagicISO to do the conversion.  The entire process, from download to new ISO, took only a few minutes, and I was able to successfully mount what had originally been an IMG image.

Which virtualization platform is right for me?

As a developer working primarily with Microsoft technologies, I would love for Microsoft to provide a proper desktop virtualization solution, i.e. a virtualization platform that can be used directly on a desktop computer.  I started with various versions of Virtual PC and Virtual Server, but they have all had significant shortcomings.  Even the latest Virtual PC is still essentially useless for developers, as it still doesn’t support 64-bit guests, much less several other desirable features such as multiple CPUs per guest.  Thus, I’ve been using VMWare Workstation for my primary virtualization solution for a while now.  It supports 64-bit and multiple cpus per guest, and sports a reasonably slick interface.  I don’t really have any complaints about it other than the two-CPU-max-per-guest limitation.

However, a lot of my recent work has involved writing code that scales well to 4 or 8 threads.  That’s hard to test properly in an environment that supports only 2 threads.  Plus, I work around mostly Microsofties, so I would like some reason to get off a VMWare platform, or at least be able to explain why the Microsoft solutions were all inferior.  So, now that Windows 7 and Server 2008 R2 are RTM, it’s time to try using Hyper-V for my desktop virtualization platform.  I’ve already run into (and solved) several problems; I’ll detail those and any future problems that pop up here.

Posted in Uncategorized. Tags: , , . Comments Off on Which virtualization platform is right for me?

Hyper-V and slow graphics?

When I first switched to Hyper-V for desktop VM use, I discovered horrible graphics performance.  The reason boils down to how the new WDDM driver model used in Vista and later interacts with the hypervisor.  Apparently, many people have reported this problem, and some have complained that this hasn’t been fixed in Hyper-V R2.  However, that’s not exactly true.

Windows Server 2008 R2 has added support for Second Level Address Translation (SLAT); Intel calls this feature Extended Page Tables (EPT), while AMD calls it Nested Page Tables (NPT) or Rapid Virtualization Indexing (RVI).  On hardware that supports this, and with Server 2008 R2 Hyper-V for your VM solution, modern graphics cards (and their associated WDDM 1.0/1.1 drivers) work fine.  The catch is that you need an Intel i7 (Nehalem) processor or a recent AMD processor to have that support — Intel Core 2 Duos and Quads don’t support EPT.  This prompted me to switch from my C2D E8400 to an i7 920 for my desktop VM machine while keeping the same nVidia 9600GT for video; with 2008 R2, Hyper-V no longer suffers from the horrible slowdown despite using the latest 190.62 drivers. Hooray!